Researchers at CybelAngel have found hundreds of servers and systems leaking patientsโ medical data for a long. The research has identified over 45 million images of MRI scans, X-rays, and CT scans along with PII of patients from several medical centers and hospitals, which could be exploited, warned researchers.
Freely Accessible From Surface Web
A cybersecurity firm called CybelAngel has investigated medical device security for over six months and shared a report calling it utterly poor. Their researchers have discovered over 45 million medical images classified as X-rays, MRI, and CT scans exposed to everyone.
The medical data is also accompanied by personally identifiable information like the patientโs name, date of birth, physicianโs name, type of body part photographed, and the medical center heโs been treated. All these were obtained from hundreds of hospitals and medical centers across the world.
Also Read- COVID-19 Patient Data of About 16 Million Brazilians Exposed Online
Researchers warned that exposing this type of data can lead to various exploitations. Hackers stealing this data can sell them on the dark web or blackmail patients with medical proofs for money, extortion, etc. If not, they can use the exposed servers and systems to inject ransomware.
As if this isnโt worse, researchers have identified scripts and cryptocurrency miners in some of the devices in their investigation. This confirms that researchers at CybelAngel arenโt the first ones to discover these exposed machines. They blamed poor security practices like connected devices and not setting passwords.
The Digital Imaging and Communications in Medicine (DICOM) files are accessible to everyone from the surface web, with simple browsing. Usage of FTP or SMB protocols and unpatched security flaws are the cause. Since contacting every single institution isnโt possible, they left the investigationโs statistics to warn about potential attacks.
Also Read- Hackers Launch Ransomware Disguised As Coronavirus Tracker App