Millions of images containing sensitive patient information leaked online, but hospitals around the world still refuse to secure their servers.

Tram Ho

Every day, millions of medical images containing the health information of individual patients are leaked all over the Internet. Hundreds of hospitals, health facilities and image processing centers are using insecure storage systems, opening a hole that allows anyone with an Internet connection to access it. The database containing billions of photos containing sensitive information is being shrouded in cover.

About half of those images – including X-rays, ultrasound and tomography – belong to patients in the United States. The remaining images belong to patients around the world.

Hàng triệu hình ảnh chứa thông tin nhạy cảm của người bệnh rò rỉ trên mạng, nhưng bệnh viện trên khắp thế giới vẫn không chịu bảo mật server của mình - Ảnh 1.

Although security researchers have urged hospitals and health centers to pay more attention to this issue, most of them still ignore, continue to let sensitive information of patients play with the Internet. .

The situation is getting worse, ” said Dirk Schrader of Germany’s Greenbone Networks, who led the research on the vulnerability . Over the past year, Shrader and the security research team have been monitoring many photo servers and recording unnecessary holes.

Greenbone Networks has many documents confirming the existence of this painful problem. Specific figures include: 24 million tests and medical documents containing a total of 720 million images leaked in September. Two months after that time, the number of leaked pictures has increased by one and a half – about 35 million tests have leaked, revealing a total of 1.19 billion images taken related to the patient.

But the millions and billions do not wake up the insiders. ” The amount of data exposed is increasing day by day, which is how we calculated the amount of new data that was disconnected from the Internet because of a leak, ” said security researcher Schrader.

If the doctors refuse to take the necessary security measures, then the numbers just mentioned will soon reach a new high, a record unclaimed by anyone.

Hàng triệu hình ảnh chứa thông tin nhạy cảm của người bệnh rò rỉ trên mạng, nhưng bệnh viện trên khắp thế giới vẫn không chịu bảo mật server của mình - Ảnh 2.

The researchers say the source of the problem lies in the weaknesses still found on storage servers, which are used by hospitals, doctors’ offices, and medical imaging data centers. Most medical facilities save patient data in a decades-old (and also industry-standard) file format called DICOM, the purpose of which is to save a medical image within a file and easily sharing between health facilities.

One person can view archived images in DICOM format with any free application. DICOM images are stored in a backup and communication system, called a PACS server, which makes it easy to save and share. However, most health facilities skip the password setting process for PACS servers, thus connecting it to the Internet.

Servers malfunction in the eyes of anyone, the sensitive information of patients can fall into the hands of anyone with an Internet connection. The photographs also include the name, the date of birth of the patient along with the diagnosis (sometimes sensitive). There are some American hospitals that also use social security numbers to identify patients easily.

Lucas Lundgren, a Swedish security researcher, spends a lot of time in 2019 monitoring hospital data security issues. In November, he showed a TechCrunch reporter how easy it is to access hospital data: in just a few minutes, Lundgren had access to patient data from a few years ago, to malfunction on a server of a in the largest hospitals in Los Angeles. Shortly after this point, hospital management has taken the necessary security steps.

Hàng triệu hình ảnh chứa thông tin nhạy cảm của người bệnh rò rỉ trên mạng, nhưng bệnh viện trên khắp thế giới vẫn không chịu bảo mật server của mình - Ảnh 3.

In the US, some of the nation’s largest hospitals and many image processing facilities are where the most loopholes exist. Researcher Schrader fears that these unprotected sources of information will turn patients into ” perfect victims of health insurance fraud.

But the victim – patients who have been and have been treated – are unaware of his or her confidential information on the Internet. These gaps will erode the trust between the patient and the doctor, causing the patient to retain the vital information necessary for accurate diagnosis.

In an effort to help fix security holes, Greenbone contacted more than a hundred organizations that owned unsafe servers. Many small facilities quickly correct their mistakes, but when the cybersecurity company contacted the 10 largest organizations on the long list – which accounts for a fifth of the leaked data, ” there was no response.” both.

Greenbone gives TechCrunch a list of organizations so that TechCrunch can contact you directly to clarify the issue. Of the three hospitals in New York, an X-ray company in Florida and a large hospital in California, only the Northeast Florida Radiological Company takes measures to ensure the safety of its server. .

Based on Greenbone data, the Northeast X-ray Company owns the largest leak in the United States, with more than 61 million images of 1.2 million patients. After receiving a wake-up call from TechCrunch, they realized the problem was serious.

Hàng triệu hình ảnh chứa thông tin nhạy cảm của người bệnh rò rỉ trên mạng, nhưng bệnh viện trên khắp thế giới vẫn không chịu bảo mật server của mình - Ảnh 4.

According to Schrader, if the rest of the US organizations disconnect the Internet of their storage servers, nearly 600 million sensitive images will “disappear” from cyberspace. This responsibility rests on both sides: health facilities in all relevant departments; Health facilities need to be aware of the importance of the sensitive data they have on hand, and at the same time responsible ministries and agencies need to pay more attention to small facilities, where capital is scarce. protect your data.

We will try our best to improve the general situation of the world, involving systems with many vulnerabilities, ” said security expert Schrader. But he added that he could not do more than that, he could only stop as much as possible to warn the parties.

This is a problem for legal departments.

Share the news now

Source : Genk