Millions of medical images leaked online to be viewed by anyone

Data Breach
(Image credit: Shutterstock)

Security experts have discovered that more than 45 million medical images were freely accessible after being stored on unprotected servers. 

In a new report, the analyst team at risk management provider CybelAngel found millions of sensitive images that could be viewed by anyone, with no security credentials required.

As part of a six-month-long investigation, CybelAngel scanned around 4.3 billion IP addresses, detecting more than 45 million unique medical images left exposed on over 2,140 unprotected servers across 67 countries including the US, UK, and Germany. Often the images were accompanied by other sensitive information contained within associated metadata, including names, addresses, and medical diagnoses.

“Medical centers work with a vast, interconnected web of third-party providers and the cloud is an essential platform for sharing and storing data,” Todd Carroll, CybelAngel CISO, commented. 

“However, gaps in security, such as this, present a huge risk, both for the individuals whose data is compromised and the healthcare institutions that are governed by regulations to protect patients’ data. The health sector has faced unprecedented challenges this year, however, the security and privacy of their patients’ most personal records must be protected, to prevent highly confidential data falling into the wrong hands.”

Diagnosis: Data leak

The fact that no hacking tools were required in order to access the sensitive images is of particular concern. Although digital technologies have made it easier for healthcare organizations to collaborate, they have also introduced new security risks that have huge privacy implications for members of the public.

In order for healthcare firms to avoid embarrassing data leaks in the future, CybelAngel advises that they carry out real-world audits of all third-party partners, ensure proper network segmentation of medical equipment, and examine whether the coronavirus has introduced new vulnerabilities.

Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Close up of Leica M11-P viewfinder
I wince at the prospect of the rumored Leica M11-V – here's why
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time