Reported by TechCrunch, due to poor security protocols many medical facilities are allowing medical images and patient sensitive information to be exposed online. The security systems are sufficiently weak to enable allowing anyone with an internet connection and free-to-download software to access over billions of medical images relating to different patients from across the world.
The released data includes X-rays, MRIs and CT scans. In addition, due to the failure to operate digital security protection, many of the images include additional identifying information such as name, date of birth and sometimes social security number.
The weakness was detected by Dirk Schrader, who led the research at Germany-based security firm Greenbone Networks. In the U.S. alone, the research group found 187 servers used to store and retrieve medical data which were unprotected by passwords or basic security precautions.
According to the website The Mighty, health data advocates are demanding that governments step in to enforce better security protocols upon medical facilities.
Commenting on the issue for Digital Journal, Anurag Kahol, CTO, Bitglass says that “leaving a database publicly accessible filled with confidential files, images, and personally identifiable information is inexcusable in today’s advanced threat landscape.”
He adds that: “Companies handling medical records are heavily targeted by cybercriminals, therefore, they must take every precaution necessary to protect patient data. Hundreds of hospitals, medical offices, and imaging centers have contributed to over a billion exposed records.”
The issue is likely to lead to sanctions and fine, as Kahol explains: “Consequently, they will likely face penalties for violating compliance regulations which may include hefty fines. Healthcare organizations must take the proper cloud security steps in 2020, including leveraging single sign-on, data loss prevention, along with visibility and control over sharing permissions, in order to secure their databases, maintain compliance with regulations, and protect the sensitive data that they have been entrusted with.”
