Image archive systems which hospitals around the world use to store X-rays, CT, MRI scans and other patient data are often unprotected, leaving millions of users' private data freely available online.
This is according to a new report by Greenbone Networks, which says it had found 24.3 million data records from patients located in 52 different countries. It analysed 2,300 medical image archive systems all over the world, and found 590 that were completely unprotected.
The data that was found includes patient names, dates of birth, dates of examination, as well as the reasons for the examinations. For US patients, 13.7 million of them, social security numbers were also found.
More than 700 million images could be linked to patient data, and some 400 million were easy to download from the internet. The report says that 39 imaging servers allowed access to patient data via unencrypted HTTP web viewer.
“The data pertaining to millions of patients is there for anyone to access simply because of the careless configuration of these medical archiving servers,” commented Dirk Schrader, cyber resilience architect at Greenbone Networks, and the research's lead man.
“A significant number of these servers have no protection at all, they aren’t password protected and have no encryption. Indeed, everyday internet users could gain access to these servers with very little effort – there’s no need to write any code or deploy any specialist hacking tools.”