45 million images of various medical scans were freely accessible online by anyone, with absolutely no protection, security company claims.
The security research company CybelAngel reported that besides leaving sensitive personal information unsecured, hospital servers are full of malware. The security is so bad, that the researchers could easily access private files without using any hacking tools.
Exposed data includes:
- X-rays and CT scans
- Personal identifiable information (name, birth date, address)
- Personal health information (height, weight, diagnosis)
Hospitals use outdated protocols (the 1980s DICOM medical data transmission protocol) and unsecured NAS storage, making all data accessible and exposed to the public internet. Even if the DICOM protocol is quite old, it demans security protocols, but they’re only optional.
This Standard assumes that the Application Entities involved in a DICOM interchange are implementing appropriate security policies, including, but not limited to access control, audit trails, physical protection, maintaining the confidentiality and integrity of data, and mechanisms to identify users and their rights to access data. Essentially, each Application Entity must insure that their own local environment is secure before even attempting secure communications with other Application Entities.
Last year, Greenbone Networks previously discovered that the medical information of over 24 million people has been exposed online.
Check the source.
- Massive $59M Facebook Phishing Campaign Steals Nearly 400M CredentialsThreat actors have managed to net a staggering $59 million and steal hundreds of millions of credentials in a […]
- Human Error is a Top Security Risk in 2022, New Report ShowsA new report from Verizon warns about the human error as being one of the most frequent causes of […]
- Paying The Ransom – An Open Invitation For A Second Attack, 2022 Report WarnsWhether the unlucky victim of a ransomware attack ends up paying the ransom or not, they are still susceptible […]
- FBI: Business Email Compromise – a $43B ScamA new FBI report warns of a staggering spike in hacking activities using the Business Email Compromise technique (BEC), […]
- NVIDIA Confirms Employee Credentials And Proprietary Data Stolen During CyberattackNVIDIA confirmed the Lapsus$ cyberattack and the data leak that followed, saying it first became aware of the security […]