Security News > 2020 > October > EXCLUSIVE: Medical Records of 3.5 Million U.S. Patients Can be Accessed and Manipulated by Anyone
The results of 13 million medical examinations relating to around 3.5 million U.S. patients are unprotected and available to anyone on the internet, SecurityWeek has learned.
Schrader examined a range of radiology systems that include an image archive system - PACS, or picture archiving and communication system.
Schrader simply used Shodan to locate systems using the DICOM medical protocol.
Having obtained the IP addresses from Shodan, Schrader went on to run vulnerability checks against the U.S. institutions, and found, he told SecurityWeek, "Around 600 high severity vulnerabilities in around 170 U.S. systems connected to the internet;" suggesting that the systems are not just unprotected, but also unmanaged.
In the meantime, many millions of sensitive medical records can be accessed by anyone at any time.