45 Million Medical Files Leaked

From Privacy Wiki
Revision as of 10:51, 23 December 2020 by Upwork (talk | contribs) (Created page with "{{Event |Short Title=Leaky Databases Expose over 45 Million Medical Images and Patient Data |Location=Global |Date=December 2020 |Taxonomy=Insecurity |Personal Information=Med...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
45 Million Medical Files Leaked
Short Title Leaky Databases Expose over 45 Million Medical Images and Patient Data
Location Global
Date December 2020

Solove Harm Insecurity
Information Medical and Health
Threat Actors Helthcare providers

Individuals
Affected Patients
High Risk Groups Medical Patient
Tangible Harms

More than 45 million unique medical images were detected exposed on over 2,140 unprotected servers across 67 countries including the US, UK and Germany.

Description

The analyst team from a global digital risk protection company, has discovered that more than 45 million medical imaging files – including X-rays and CT scans – are freely accessible on unprotected servers.

A six-month investigation into Network Attached Storage (NAS) and Digital Imaging and Communications in Medicine (DICOM) - the de facto standard used by healthcare professionals to send and receive medical data - conducted by the analyst team at CybelAngel has found millions of sensitive medical records and images, including X-rays, CT scans and MRI images, left unencrypted on unsecure servers. Insecurity</sup.

The analysts found that openly available medical images, including up to 200 lines of metadata per record which included name, birth date, address, height, weight, diagnosis, etc., could be accessed without the need for a username or password.

During their investigation, the researchers scanned 4.3 billion IP addresses, which led to the discovery of over 2,140 unprotected servers across 67 countries including the United States, UK, France and Germany.

Breakdown

Threat: Healthcare providers storing medical information unencrypted on unprotected servers
At-Risk group: Medical patients all over the world
Harm: Insecurity
Secondary Consequences: not known