Security News > 2020 > December > 45 Million Medical Images Left Exposed Online

More than 45 million medical images-and the personally identifiable information and personal healthcare information associated with them-have been left exposed online due to unsecured technology that's typically used to store, send and receive medical data, new research has found.

NAS is an inexpensive storage solution used mainly by small companies or individuals to store data rather than paying for more expensive dedicated servers or virtual cloud servers, while DICOM is a global standard used by healthcare professionals to transmit medical images.

"CybelAngel Analyst Team detected medical devices leaking more than 45 million unique imaging files on unprotected connected storage devices with ties to hospitals and medical centers worldwide," David Sygula, senior cybersecurity analyst at CybelAngel, said in the report Full Body Exposure, adding that leaks were found in data across 67 countries.

Images typically included up to 200 lines of metadata per record which included the name, birth date and address of the patient as well as his or her height, weight, diagnosis and other PHI. Anyone could access the images and data without the need for a username or password; in fact, in some cases, login portals to the systems storing the info accepted blank usernames and passwords, researchers said.

Researchers investigated the route medical images and data take from devices such as MRI, CT scanners and X-rays using DICOM through to a centralized Picture Archiving and Communication System, which stores and distributes the images.

News URL

https://threatpost.com/million-medical-images-online/162284/