The news that medical images are exposed online on unsecured servers and storage devices will be of concern to many. The exposed medical data leaking from hospitals and medical centres around the world has been discovered by cybersecurity company CybelAngel over the course of a six-month long investigation into medical device security, which also found that outsiders could easily access sensitive medical data. The researchers were able to uncover more than 45 million unique cases of Digital Imaging and Communications in Medicine (DICOM) files being accessible without the need for hacking tools or even a password, but simply left visible to the open web.
Healthcare is becoming an increasingly common target for hackers. Looking at the issue for Digital Journal is cybersecurity professional, Dr. Vinay Sridhara, CTO of Balbix.
According to Sridhara: “An unfortunate trend that we’re seeing lately and has resulted in a number of breaches is a company leaving their server and critical information unsecured without any protection. This breach illustrates the challenges of securing increasingly complex digital ecosystems, particularly in sensitive industries like healthcare.”
There are actions that can be taken, Sridhara explains: “To mitigate vulnerabilities across an organization’s entire IT infrastructure and safeguard databases, it is crucial that healthcare organizations achieve clear and comprehensive visibility over all assets, threats and risks across their networks.”
As examples, Sridhara says: “This includes paying special attention to password hygiene that is, the use of weak or missing credentials and password reuse across the enterprise. Effective security strategies that begin with an automatic and up-to-date asset inventory which is actively monitored across a broad range of attack vectors and analysis of these observations into a prioritized set of actions will enable companies to easily and quickly identify and mitigate cyber risk before it’s too late.”