No Comments

45 million medical examinations of patients worldwide were unprotected on the web


Data leaks, by nature, are already worrying incidents. When we speak specifically of medical data, we enter an even more sensitive branch. So it’s shocking to know that, according to CyberAngel researchers, about 45 million imaging tests – including diagnostics by radiography and tomography – were unprotected on the web, stored on two thousand different servers.

The archives did not belong to a single hospital: they came from the most diverse laboratories and medical centers around the globe, which means that the victims are also of different nationalities. In the UK alone, for example, there were 23,000 documents. In addition to the results of the diagnoses themselves, the images contained information such as name, age, address, height, weight and so on.

“The fact that we did not use any hacking tools in our research highlights the ease with which we were able to discover and access these files,” comments David Sygula, senior cybersecurity analyst at CyberAngel. According to the expert, the servers have been exposed for at least twelve months and there are indications that malicious agents have accessed the documents, in addition to deploying malware in certain cases.

Contrary to what you can imagine, the problem this time was not a bad configuration in cloud infrastructures, but a combination of an unsafe and unsafe NAS storage system. use of the retrograde DICOM protocol (Digital Imaging and Communications in Medicine or Digital Image Communication in Medicine), a set of norms and standards for the transmission of medical information created in the 90s.

The funny thing is that the protocol itself warns that it, by itself, is not safe, stating that its use assumes that its users are “implementing appropriate security policies, including, but not limited to, access control, audit trails, physical protection, maintaining confidentiality and data integrity and mechanisms for identifying users and their rights for access data. ”

CyberAngel did not name or identify the person responsible for such a historical exhibition.

Source: The Register

See the original post at:

You might also like
News, Tips
News, Tips

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.