Home Cyber Crime Medical records for 24.3 million left exposed

Medical records for 24.3 million left exposed

by ethhack

Just one day after a report revealed that medical images and health data for millions of patients in the U.S. and abroad sit unprotected on the internet, another probe found accessible medical data online for 24.3 million patients in 52 countries.

Among the information linked to the medical records, uncovered
by Greenbone Networks, are 737 million images – with 400 million accessible or
downloadable from the internet. “All identified systems disclosed the patient’s
name, date of birth, date of examination and some medical information about the
reason for examination,” the Greenbone report said of 590 medical image
archiving systems out of the 2,300 systems it analyzed.
“In addition, there are 39 systems that allow access to patient data via an
unencrypted HTTP Web Viewer, without any protection.”

Researchers spotted myriad vulnerabilities, many of them
several years old, on audited systems. “These CVSS 10.0 vulnerabilities most
often include vulnerable web applications and databases, which are also common
targets for hackers,” the report said, noting that individual systems also showed
indicators of compromise.

“The back-to-back reports should push medical organizations to take
more care with sensitive information and evaluate just what should be put
online. “Just because something can be connected to the internet, it doesn’t
necessarily mean it should be connected to the internet – especially where
there is personal sensitive information involved – and even more so when there
is apparently little to no investment in security controls to validate that the
data is secured properly,”said Javvad Malik, Security Awareness
Advocate at KnowBe4. “While it’s important to have medical information
of patients readily available to healthcare providers and hospitals,
particularly in times of an emergency, this shouldn’t translate to having all
information available at all times.”

Monitoring controls, he said, “should be in place to ensure that
any medical records viewed, even by medical staff should
only be done so if there is a valid clinical or administrative reason.”

While the records being publicly available in and of itself is cause for
concern, Malik said it was “worrying” that “it appears as if there is no internal
audit process in place to validate if access is warranted.”

Source link

Related Articles

Leave a Comment