Skip to main content

Millions of patient data exposed

(Image credit: Image source: Shutterstock/Wichy)

Image archive systems which hospitals around the world use to store X-rays, CT, MRI scans and other patient data are often unprotected, leaving millions of users' private data freely available online.

This is according to a new report by Greenbone Networks, which says it had found 24.3 million data records from patients (opens in new tab) located in 52 different countries. It analysed 2,300 medical image archive systems all over the world, and found 590 that were completely unprotected.

The data that was found includes patient names, dates of birth, dates of examination, as well as the reasons for the examinations. For US patients, 13.7 million of them, social security numbers were also found.

More than 700 million images could be linked to patient data (opens in new tab), and some 400 million were easy to download from the internet. The report says that 39 imaging servers allowed access to patient data via unencrypted HTTP web viewer.

“The data pertaining to millions of patients is there for anyone to access simply because of the careless configuration of these medical archiving servers,” commented Dirk Schrader, cyber resilience architect at Greenbone Networks, and the research's lead man.

“A significant number of these servers have no protection at all, they aren’t password protected and have no encryption. Indeed, everyday internet users could gain access to these servers with very little effort – there’s no need to write any code or deploy any specialist hacking tools.”

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.