Skip to main content

Over a billion medical images leaked online

(Image credit: Shutterstock)

Each day millions of new medical images, which contain the personal health information of patients, are uploaded to the internet but a new report from TechCrunch has revealed that over 1bn of these medical images are easily accessible online.

The reason these medical images are so easy to access is due to the fact that hundreds of hospitals, medical offices and imaging centers are running insecure storage systems. To make matters worse, anyone with an internet connection and free-to-download software can access over 1bn medical images of patients around the world.

The exposed images include X-rays, ultrasounds and CT scans and almost half of them belong to patients in the US. Security researchers have spent weeks alerting hospitals and doctors' offices to this problem, though many have ignored these warnings and continue to expose their patients' private health information online.

Back in September, the security firm Greenbone Networks discovered 24m patient exams that contained over 720m medical images online. Just two months after the firm reported its initial findings, the number of exposed servers increased by more than half to 35m patient exams that exposed 1.19bn scans online.

DICOM images

According to researchers, the problem is caused by a common weakness that exists on the servers used by hospitals, doctors' offices and radiology centers which store patient medical images.

The DICOM file format was designed to make it easier for medical practitioners to store multiple medical images in a single file and share them easily with other medical practices. These images can also be viewed using a number of free-to-use apps.

DICOM images are usually stored in a picture archiving and communications system called a PACS server that allows for easy storage and sharing. However, many doctors' offices are not following security best practices and have connected their PACS servers directly to the internet without a password to protect them.

These unprotected servers not only expose patients' medical images online but also their personal health information as many scans include cover sheets which contain patient's names, dates of birth and other sensitive information about their diagnoses. Some hospitals even use a patient's Social Security number to identify them in their systems.

Greenbone Networks recently contacted over a hundred organizations about their exposed servers. While many smaller organizations secured their systems following the security firm's advice, the 10 largest organizations, which account for one in five of all exposed medical images, did not reply at all.

Via TechCrunch