Thanks to unsafe servers, medical information on nearly 24 million patients has found its way towards the internet, being accessible to everyone.
Greenbone Networks, a German vuln-hunting company, discovered the presence of 590 medical image archives on the internet. These archives consisted of a shocking 737 million pictures, of which nearly 400 million could be downloaded.
The Picture Archiving and Communication System servers are powered by a 1980s procedure, Digital Imaging and Communications in Medicine. Among its uses, is storage and transmittance of medical scan pictures, for instance X-rays.
A cyber-resilience architect based at Greenbone Networks who headed the study, Dirk Schrader, stated how a substantial number of these servers are not protected by any means. They aren’t protected by passwords nor encryptions. He added how everyday internet users could admit themselves to these servers with little to no efforts. Gaining access to them does not require writing any code or deploying any specialist hacking tools.
Schrader’s researchers discovered medical records from 22 different nations, such as the United Kingdom, Canada, France, the United States, Russia, etc., without having to try too hard.
They came across 13.7 million individual’s medical records in the United States alone. These consisted of 303 medical pictures. In the United Kingdom, about 1,500 records got released, which contained 13,000 medical images. Furthermore, the medical records also contained people’s personally identifiable data, for instance their names, the type of scan/medical procedure they underwent, the name of their medical examiner, etc.
It is no surprise that leaking of an individual’s private information makes them vulnerable to all types of crimes including blackmailing, identity theft, etc. What it also does, is make the firms, who were originally in possession of these reports and images, subject to different kinds of legal liabilities.