Over 1 billion medical images are exposed on the internet due to poorly secured servers

[ad_1]

Millions of new medical images are spreading online every day, reports TechCrunch in an article published on January 10, 2020. And the explanation is not complicated: hospitals, medical and imaging centers do not secure their servers. As a result, more than a billion medical images of patients are freely available on the internet.

The United States are the first concerned

We mainly find X-ray, MRI and ultrasound images from 52 countries. The United States leads the way with 13.7 million datasets and 45.8 million freely accessible images. In Europe, five German servers would be affected and 5,000 images in the United Kingdom. No information was given on the situation in France.

 TechCrunch bases its investigation on a report from Greenbone Networks, a German online security company, which found 720 million medical images online in September 2019. Two months later, in November 2019, Greenbone says the situation has worsened. The number of exposed servers had increased by half to reach more than a billion data.

Following this discovery, the German specialist alerted a hundred hospitals and medical centers. And their reaction is quite disturbing. The smallest structures have generally taken the remarks into account and have secured their system. Conversely, the biggest players – who account for 20% of the images exhibited – had no reaction.

The cause: poorly secured servers

"It seems to get worse every day. The amount of data exposed continues to increase even if we consider those put offline because of our discoveries"said concerned Dirk Schrader, director of research at Greenbone. If the medical staff does not act, he believes that the number could reach very quickly"peaks".

The only solution: secure the servers that store medical images. Indeed, the problem comes from a security flaw related to the format of the files, "Digital imaging and communications in medicine" (DICOM). It is an international standard for the IT management of data from medical imaging. When it was created in 1985, the American College of Radiology and the National Electric Manufacturers Association wanted to simplify the storage of medical images and sharing between medical offices.

DICOM data is generally stored in an image server called "Picture Archiving and Communication Systems" (PACS) which facilitates storage. But many doctors' offices do not respect basic security rules and connect their PACS directly to the internet without a password or VPN. These poorly protected servers expose not only the medical images of many patients but also their name, first name, date of birth, diagnosis … In short, extremely sensitive data whose fraudulent use could have serious consequences.

Extremely sensitive data

Indeed, this data could be misused to blackmail their owners, but not only. What would happen if banks put their noses in this information to refuse the granting of a loan? Based on information from TechCrunch, no legal action has been taken yet. Patients should already be aware of this situation.

[ad_2]