45M medical images found exposed online on unsecured servers
Cybersecurity researchers have discovered more than 45 million medical images exposed online that include personally identifiable information.
Detailed today by researchers at CybelAngel, the images were found as part of a six-month investigation of data storage systems used by healthcare organizations including scanning 4.3 billion IP addresses for insecure services. The investigation specifically targeted network-attached storage and Digital Imaging and Communications in Medicine, the latter a de facto standard used by healthcare professionals to send and receive medical data.
The more than 45 million medical images were found on 2,140 unprotected servers across 67 countries including the U.S., the U.K. and Germany. The images typically included 200 lines of metadata per record, and involved personally identifiable information such as name, address and birthdate along with protected health i
Share
Other leaked data included a range of personal information such as names, addresses and personal healthcare information.
Over 45 million medical imaging files including X-rays and CT scans have been found sitting unprotected on internet-facing servers and accessible for anyone to view.
The discovery of the leaked data from hospitals and medical centers from around the world was the result of a six-month-long investigation by CybelAngel’s research team into Network Attached Storage (NAS) and Digital Imaging and Communications in Medicine (DICOM). The investigation uncovered millions of unique images stored on more than 2,140 unprotected servers located across 67 countries including the United States, the United Kingdom and Germany.
Millions of medical images openly available online
The analyst team at digital risk protection firm CybelAngel has discovered that more than 45 million medical imaging files, including X-rays and CT scans, are freely accessible on unprotected servers.
The findings are the result of a six-month investigation into Network Attached Storage (NAS) and Digital Imaging and Communications in Medicine (DICOM), the de facto standard used by healthcare professionals to send and receive medical data.
Analysts have discovered millions of sensitive images, including personal healthcare information (PHI), available unencrypted and without password protection. Openly available medical images, with up to 200 lines of metadata per record which included PII (personally identifiable information; name, birth date, address, etc.) and PHI (height, weight, diagnosis, etc.), could be accessed without the need for a username or password. In some instances login portals accepted blank usernames and password
CybelAngel: More Than 45 Million Medical Images Openly Accessible Online
CybelAngel identifies medical devices and web portals leaking unprotected images including X-rays and CT Scans
The analyst team at CybelAngel, a global leader in digital risk protection, has discovered that more than 45 million medical imaging files including X-rays and CT scans are freely accessible on unprotected servers, in a new research report released today. The report Full Body Exposure is the result of a six-month investigation into Network Attached Storage (NAS) and Digital Imaging and Communications in Medicine (DICOM), the de facto standard used by healthcare professionals to send and receive medical data. The analysts discovered millions of sensitive images, including personal healthcare information (PHI), were available unencrypted and without password protection.
minute read
Share this article:
A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes.
More than 45 million medical images and the personally identifiable information (PII) and personal healthcare information (PHI) associated with them–have been left exposed online due to unsecured technology that’s typically used to store, send and receive medical data, new research has found.
A team from CybelAngel Analyst Team uncovered sensitive medical records and images–including X-rays CT scans and MRI images that anyone can access online in a six-month investigation researchers conducted into network attached storage (NAS) and Digital Imaging and Communications in Medicine (DICOM).