According to ProPublica, the medical images with health care data of approximately 5 million Americans are freely available to view online if one only knows where to look. ProPublica worked with German broadcaster Bayerischer Rundfunk on this investigation finding not only the American patient files but millions more from around the world.
The report says typing only a few lines of code, and in some cases just with a web browser, anyone could access up to 187 servers hosting private medical information. Many of these servers were not password protected and lacked basic encryption. One of the companies, MobilexUSA had names, dates of birth, doctors, and procedures available online in this unsecure form.
“All told, medical data from more than 16 million scans worldwide was available online, including names, birthdates and, in some cases, Social Security numbers” the report states.
Increased reports of medical data hacking as of late may tempt some readers to brush this revelation off as just another day in health-tech news. However, in those hacking instances, the companies involved at least appeared to be trying to comply with HIPPA. In contrast, the 187 patient-information containing servers this report uncovered had been given arguably less stringent security measures than the Little Rascals clubhouse.
“The insecure servers we uncovered add to a growing list of medical records systems that have been compromised in recent years. Unlike some of the more infamous recent security breaches, in which hackers circumvented a company’s cyber defenses, these records were often stored on servers that lacked the security precautions that long ago became standard for businesses and government agencies.” Said the ProPublica report.
The investigation expands on work from German security firm Greenbone Networks, which identified problems in at least 52 countries on every inhabited continent. Greenbone Networks partnered with some German journalists who then teamed up with ProPublica to explore the extent of the breach in the U.S.
Massachusetts General last month lost 9,900 patient records due to a data breach. This is, however, isn’t a breach, it’s unsecured data with names (and many times even social security numbers) from X-rays CT scans MRIs, ultrasounds and more stored recklessly.
The ProPublica investigation found that some servers ran outdated operating systems with known vulnerabilities. Their reporters also put together a helpful link with suggested next steps any concerned patient, medical imaging provider or doctors office can take which may be worth pursuing if you fall into one of those categories.
Header Image by NIH-NCATS