Security News > 2020 > December > 45 million medical scans from hospitals all over the world left exposed online for anyone to view – some servers were laced with malware

45 million medical scans from hospitals all over the world left exposed online for anyone to view – some servers were laced with malware
2020-12-15 11:40

Two thousand servers containing 45 million images of X-rays and other medical scans were left online during the course of the past twelve months, freely accessible by anyone, with no security protections at all.

Among the data - drawn from unprotected online storage devices with ties to hospitals and medical centres all over the planet - were 23,000 images of UK patients, left exposed to the public internet on 90 separate servers.

X-rays and CT scans were accessible online thanks to what CybelAngel said was a combination of unsecured NAS storage and the 1980s-vintage DICOM medical data transmission protocol.

Although Cybelangel said it had used many tools to poke around online and find exposed DICOM data, its report featured screenshots from Shodan and frank findings by researchers who had simply typed common DICOM ports into the insecure kit search engine to see what devices responded.

Last year Greenbone Networks carried out similar research, popping likely search terms and port numbers through Shodan to discover 24 million people's medical information had been exposed online as 737 million items of DICOM data.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/12/15/dicom_45_million_medical_scans_unsecured/