Over 1 Billion Medical Records Exposed Online – Experts Comments

TechCrunch broke news of research last Friday that A billion medical images are exposed online, as doctors ignore warnings.  Discovered by German cybersecurity firm Greenbone Networks, the exposure follows a similar report from the company in September that detailed 24 million medical records on 590 online medical image archive systems. Two months later, the firm detailed the number of exposed servers had increased by more than half, to 35 million patient exams, exposing 1.19 billion scans and representing a considerable violation of patient privacy. Researchers pointed to a decades-old Picture Archiving and Communication System (PACS) and DICOM, a file format industry standard.


EXPERTS COMMENTS
James McQuiggan, Security Awareness Advocate,  KnowBe4
January 14, 2020
Organizations need to embrace and embed a security culture mindset.
It's unfortunate that in today's environment with HIPAA, that researchers are discovering these medical images are openly available on internet-connected servers. Having these images exposed on a server directly connected to the internet without any authentication is just like organizations leaving the images in a filing cabinet outside the front door of their practice readily available for anyone ....
[Read More >>]
Erich Kron, Security Awareness Advocate,  KnowBe4
January 14, 2020
This exposure is full of very sensitive information.
What we are seeing here is a breakdown between the desire for privacy and the ease of access to the data. On one hand, there is a push to make medical information more easily available between providers, on the other is a failure to secure this information. While we can expect doctors and nurses to be excellent caregivers, we cannot always expect them to be experts in securing customer informatio ....
[Read More >>]
Josh Bohls, Founder,  Inkscreen
January 14, 2020
This should serve as a wake-up call for providers.
This astonishing disclosure shows how toothless the United States HIPAA regulations are, and how lax healthcare providers have become when storing patient data. This should serve as a wake-up call for providers to take a fresh look at how they process, maintain, and safeguard patient-identifiable photos. ....
[Read More >>]
Mounir Hahad, Head ,  Juniper Threat Labs, Juniper Networks
January 14, 2020
Those applications and databases may not have the adequate security considerations to guarantee confidentiality of data.
Generally speaking, in this kind of situation, it’s the configuration of the network which is at fault before anything else. No system handling sensitive data should be accessible from the internet without the need for a VPN or some strong authentication method. The DICOM protocol itself was developed a long time ago and did not take into consideration the implications of cybersecurity. It is o ....
[Read More >>]
Felix Rosbach, Product Manager,  comforte AG
January 14, 2020
The massive amount of data sets combined with the number of freely accessible PACS systems.
The massive amount of data sets combined with the number of freely accessible PACS systems that were configured in similar ways shows that protecting data still is a major challenge for organizations in all verticals. While it is not always possible to prevent malicious access, sophisticated data protection is a must when processing and storing sensitive information – especially PII and healthca ....
[Read More >>]
Colin Bastable, CEO ,  Lucy Security
January 14, 2020
It’s no wonder healthcare tops the charts every year as the number one at-risk sector for cyber-criminals.
Unfortunately most of the medical world thinks it exists in isolation, in its own private cloud, which is clearly unrealistic. It often appears that most medical professionals don’t understand that so much information is globally accessible. Often, security compliance is managed as a subset of medical compliance, and therefore cybersecurity take a back seat. Insecurity is compounded by the h ....
[Read More >>]

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :




In this article