Millions of patient scans and health records spilling online thanks to decades-old protocol bug
Reading Time: 2 minutesThousands of exposed servers are spilling the medical records and personal health information of millions of patients due to security weaknesses in a decades-old industry standard designed for storing and sharing medical images, researchers have warned.
This standard, known as Digital Imaging and Communications in Medicine, or DICOM for short, is the internationally recognized format for medical imaging. DICOM is used as the file format for CT scans and X-ray images to ensure interoperability between different imaging systems and software. DICOM images are typically stored in a picture storage and sharing system, or PACS server, allowing medical practitioners to store patient images in a single file and share records with other medical practices.
But as discovered by Aplite, a Germany-based cybersecurity consultancy specializing in digital healthcare, security shortcomings in DICOM mean many medical facilities have unintentionally made the private data and medical histories of millions of patients accessible to the open internet.
The research, which scanned the internet for DICOM servers for more than six months, found that these servers are also exposing more than 43 million health records, which can include the results of an examination, when the examination took place and the referring physicians’ details.
Most of the exposed servers — more than 8 million records — are based in the United States, followed by 9.6 million records in India and 7.3 million found in South Africa. Aplite said many of the U.S.-based servers are hosting data from medical practices located outside the United States.
Yazdanmehr said that fewer than 1% of DICOM servers on the internet are using effective security measures.
A legacy problem
Now, almost four years later, the problem shows no sign of abating. Worse, Aplite said it has discovered a new attack vector that could allow hackers to tamper with data within existing medical images, which the company will demonstrate at Black Hat on Wednesday.
‘When we analyzed the servers, we found that 39 million of the health records are at risk of tampering,’ Yazdanmehr said. ‘Because of the nature of medical records, you cannot change them unless it goes through a whole process of manual verification.’
‘If an attacker tampers with that data, these records are likely useless,’ said Yazdanmehr. ‘They can even inject the false sign of illnesses.’
Reference: https://techcrunch.com/2023/12/06/medical-scans-health-records-dicom-pacs-security/
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG