Your X-ray may be exposed on the internet
Confidential x-ray scan of chest, lungs, and leg along with patient details.
Let’s imagine this: You’ve just had an X-ray done and you’re waiting for the results. Naturally, you assume that the results will remain confidential and protected; only you and your doctor can see them. What if I told you strangers on the open internet may see your X-ray result? Maybe before you even see it yourself.
Research by European cybersecurity firm Modat has uncovered that more than 1.2 million medical devices and systems, including MRI, X-ray machines, DICOM viewers, blood test platforms, and hospital management systems, are openly accessible on the open internet due to misconfiguration and poor security practices.
Of the 1.2 million exposed systems, over 174,000 are in the United States and include 70+ different device types. Some devices have no authentication, while others use default or weak passwords. Researchers accessed highly sensitive data such as brain scan images with patients’ names and scan dates, eye exams, dental X-rays, blood test results, and detailed lung MRIs for cancer patients. These sensitive data, stored together with protected health information and personally identifiable information (PII), potentially violate patient confidentiality and privacy.
These vulnerabilities enable fraud, blackmail, extortion, identity theft, and phishing scams impersonating healthcare providers.
Why did this happen? Devices are often misconfigured, connected to the internet without proper security. Weak or default passwords remain a major problem, enabling access to unauthorized users. Many systems run outdated software, and legacy devices are still in use without the manufacturer’s support and no proper security defense measures.
Regular security assessments and full inventory of internet-connected devices are recommended measures to reduce the likelihood of sensitive information exposure to the internet. An in-depth security assessment or penetration testing check for strong authentication mechanisms, unpatched software, and detect misconfigurations and/or vulnerabilities.
Robust security protocols and vigilant oversight are urgently needed to safeguard patients’ data and safety.
Want to check your cybersecurity posture?
Reach out to Dani Security at [email protected] or visit our website: https://danisec.com