Millions of Medical Records Stored on Unsecured Medical Devices and Servers

Hospitals and medical centers all over the world have been leaking patients’ medical records online after storing them on unsecured servers and storage devices. Cybersecurity company CybelAngel discovered the breach following a six-month-long investigation into medical device security. It also highlighted that third-parties and threat actors could easily access sensitive medical data.

That includes X-rays, MRI scans, CT scans, and the accompanying information that could identify the people in the images. Should cybercriminals obtain such sensitive data, they can either sell it on the dark web, blackmail and extort identified patients, or exploit the exposed servers to launch ransomware attacks on hospital networks.

CybelAngel researchers found over 45 million medical imaging files, along with PII (personally identifiable information) like name, address, date of birth, height, weight, diagnosis, etc. What’s more worrying is that some of the data could be accessed without usernames or passwords.

Poor Medical Device Security

Senior cybersecurity analyst at CybelAngel and author of the report David Sygula said they did not have to use any hacking tools to access the medical files. He added that hospitals and healthcare facilities must adopt safer security processes and devices to protect patient data. Many medical devices are vulnerable to cyberattacks because their technology is often outdated

Meanwhile, CybelAngel’s Chief Information Security Officer Todd Carroll said that medical centers work with plenty of third-party providers as the cloud is crucial for storing and sharing data. The problem is that these services come with security gaps that could expose confidential patient medical records, which is damaging to individuals and healthcare institutions.

The cybersecurity firm also found malicious scripts on several servers, including cryptojacking malware. That means someone also gained access to unsecured devices. 

Online security and privacy are of paramount importance. That is why a lot of users now connect to a VPN when they browse the web. This tool hides their actual IP address, encrypts their traffic, and deletes their activity logs. Each VPN offers different features, though, with premium providers being the best option.

Ralph Peterson

Ralph was bitten by the tech bug from an early age. Today, he is an expert cybersecurity geek with 13+ years of online privacy and streaming experience under his belt. Spoiler alert: He hates bottled TV show endings (Game of Thrones) and whenever his favorite teams lose.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Articles

Back to top button