Nearly two thousand servers containing 45 million images of X-rays and other medical scans were left exposed on online platforms within the past twelve months. These scans and medical reports could be freely accessed by anyone, without any security protections. As reported by CybelAngel (a Digital Risk Protection Platform), these sensitive personal information were not only exposed to the public but also accessed by malicious folk.
The company also added that they did not use any hacking tools throughout our research which highlights the ease with which the researchers were able to discover and access these files. The research did not name any care providers or medical institutions that were found to fall short of running secure systems.
Among the data detected from unprotected online storage devices with ties to hospitals and medical centres all over the world were 23,000 images of UK patients, left exposed to the public internet on 90 separate servers. X-rays and CT scans were accessible online thanks to what CybelAngel said was a combination of unsecured NAS storage and the 1980s-vintage DICOM medical data transmission protocol.
The firm recommended that medical organizations should ensure proper network segmentation of connected medical imaging equipment as one means of preventing malicious people from accessing things they shouldn’t.