Hacked Hospitals Show Internet Patient Exams

More than 45 million medical images have been leaked, including X-rays, MRIs and CT scans, with data indicating who they belong to, all of them posted online on insecure servers.

It has been the cybersecurity company CybelAngel that has raised the problem, exposing how exposed medical data leaked from hospitals and medical centers around the world. As the information was found, outsiders could easily access sensitive medical data.

The problem here is that medical devices are often vulnerable to cyberattacks or data exposure, because technology is often outdated and healthcare IT and security budgets are overstretched.

How the data can be accessed

The filtered data can be accessed without the need for hacker tools or even a password, since they are on the open web, being only necessary to type the url of the files.

What they found were 45 million files on unprotected servers, often with FTP or SMB protocols and unpatched security flaws. Other times they were servers and storage units (NAS) connected to other network devices to satisfy a functional need, such as printing files, but the way they had been configured meant that they had become back doors to networks.

The example is easy to understand:

Let’s say you have a NAS and you need to share a printer, you create guest access to the printer, and all your security breaks down because when the printer accesses your NAS, it leaves the door open.

Malicious scripts, including cryptocurrency miners, were also found on the examined servers, suggesting that researchers were not the first to identify and access unsafe devices.

The danger of information leaking

The problem is that all this information could potentially be exploited for fraud and other malicious purposes. It is possible that they were sold on the dark web, it is not known where the data may have circulated. If someone accesses a confidential medical report on a patient, they could call you over the phone impersonating a medical facility and carry out any kind of fraud.

Researchers have managed to communicate the problem to many of the problem centers, but with hundreds of them, they have not been able to communicate, which is why all the statistics on this investigation have been published. anonymously, as a warning to verify the security of your networks and storage.

At ZDNET they have spoken with those responsible, who indicate that to prevent data from being exposed, it is recommended that the networks are correctly segmented so that critical diagnostic equipment, such as X-ray machines and support systems, are not connected. to the broader commercial or public networks.

Back to top button

Ad blocker detected

You must remove the AD BLOCKER to continue using our website THANK YOU