SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Millions of Americans’ Medical Images and Data are Available on the Internet. Anyone Can Take a Peek
Date    Thursday September 19 2019, @02:58AM
Author    martyb
Topic   
from the failure-to-NOT-communicate dept.
https://soylentnews.org/article.pl?sid=19/09/19/003210

upstart writes in with a story inspired by a submission, via IRC, for Fnord666.

Millions of Americans' Medical Images and Data Are Available on the Internet. Anyone Can Take a Peek.:

Hundreds of computer servers worldwide that store patient X-rays and MRIs are so insecure that anyone with a web browser or a few lines of computer code can view patient records. One expert warned about it for years.

This story was co-reported with the German public broadcaster Bayerischer Rundfunk.

Medical images and health data belonging to millions of Americans, including X-rays, MRIs and CT scans, are sitting unprotected on the internet and available to anyone with basic computer expertise.

The records cover more than 5 million patients in the U.S. and millions more around the world. In some cases, a snoop could use free software programs — or just a typical web browser — to view the images and private data, an investigation by ProPublica and the German broadcaster Bayerischer Rundfunk found.

We identified 187 servers — computers that are used to store and retrieve medical data — in the U.S. that were unprotected by passwords or basic security precautions. The computer systems, from Florida to California, are used in doctors' offices, medical-imaging centers and mobile X-ray services.

The insecure servers we uncovered add to a growing list of medical records systems that have been compromised in recent years. Unlike some of the more infamous recent security breaches, in which hackers circumvented a company's cyber defenses, these records were often stored on servers that lacked the security precautions that long ago became standard for businesses and government agencies.

"It's not even hacking. It's walking into an open door," said Jackie Singh, a cybersecurity researcher and chief executive of the consulting firm Spyglass Security. Some medical providers started locking down their systems after we told them of what we had found.

[...] The issue should not be a surprise to medical providers. For years, one expert has tried to warn about the casual handling of personal health data. Oleg Pianykh, the director of medical analytics at Massachusetts General Hospital's radiology department, said medical imaging software has traditionally been written with the assumption that patients' data would be secured by the customer's computer security systems.

But as those networks at hospitals and medical centers became more complex and connected to the internet, the responsibility for security shifted to network administrators who assumed safeguards were in place. "Suddenly, medical security has become a do-it-yourself project," Pianykh wrote in a 2016 research paper he published in a medical journal.


Original Submission

Links

  1. "upstart" - https://soylentnews.org/~upstart/
  2. "Millions of Americans' Medical Images and Data Are Available on the Internet. Anyone Can Take a Peek." - https://www.propublica.org/article/millions-of-americans-medical-images-and-data-are-available-on-the-internet
  3. "Bayerischer Rundfunk" - https://www.br.de/nachrichten/deutschland-welt/millionenfach-patientendaten-ungeschuetzt-im-netz,RcF09BW
  4. "growing list" - https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  5. "research paper" - https://www.ajronline.org/doi/pdf/10.2214/AJR.15.15283
  6. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=36322

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Millions of Americans’ Medical Images and Data are Available on the Internet. Anyone Can Take a Peek on 2024-03-28 17:29:30