Hospitals and other healthcare organisations are among the most popular targets for cybercriminals, as they look to steal valuable personally identifiable information from hospital servers.
However, a new detailed report suggests that hospitals and their administrators are making it even easier for criminals, storing data in an unsecure manner and ignoring expert warnings.
A TechCrunch report claims that millions of new medical images, containing the personal health information of patients, get uploaded daily, in a manner which allows pretty much anyone with an internet connection and absolutely free and easily obtainable software to read them.
X-rays, ultrasounds and CT scans are just some of the images that contain information like names, dates of birth and diagnoses. In some cases, TechCrunch says, hospitals use a patient’s Social Security number to identify patients in their systems, as well.
The biggest problem allegedly lies in the fact that hospitals use decades-old file format and industry standard – DICOM. This file type, readable by a bunch of free-to-download image readers, gets stored on a PAC server which, more often than not, does not have a password or any other means of protection.
“It seems to get worse every day,” said Dirk Schrader, project lead from Greenbone Networks. “The amount of data exposed is still rising, even considering the amount of data taken offline due to our disclosures.”
The report argues that hospitals are ignoring the warnings, further complicating matters. However, the readers were quick to point out that it’s not the doctors and other healthcare practitioners who should be fixing these issues, rather administrators and CEOs.
You can read the full report here.