Just one day after a report revealed that medical images and health data for millions of patients in the U.S. and abroad sit unprotected on the internet, another probe found accessible medical data online for 24.3 million patients in 52 countries.
Among the information linked to the medical records, uncovered by Greenbone Networks, are 737 million images – with 400 million accessible or downloadable from the internet. “All identified systems disclosed the patient’s name, date of birth, date of examination and some medical information about the reason for examination,” the Greenbone report said of 590 medical image archiving systems out of the 2,300 systems it analyzed. “In addition, there are 39 systems that allow access to patient data via an unencrypted HTTP Web Viewer, without any protection.”
Researchers spotted myriad vulnerabilities, many of them several years old, on audited systems. “These CVSS 10.0 vulnerabilities most often include vulnerable web applications and databases, which are also common targets for hackers,” the report said, noting that individual systems also showed indicators of compromise.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.