Hospitals and medical centers all over the world have been leaking patients’ medical records online after storing them on unsecured servers and storage devices. Cybersecurity company CybelAngel discovered the breach following a six-month-long investigation into medical device security. It also highlighted that third-parties and threat actors could easily access sensitive medical data.
That includes X-rays, MRI scans, CT scans, and the accompanying information that could identify the people in the images. Should cybercriminals obtain such sensitive data, they can either sell it on the dark web, blackmail and extort identified patients, or exploit the exposed servers to launch ransomware attacks on hospital networks.
CybelAngel researchers found over 45 million medical imaging files, along with PII (personally identifiable information) like name, address, date of birth, height, weight, diagnosis, etc. What’s more worrying is that some of the data could be accessed without usernames or passwords.
Poor Medical Device Security
Senior cybersecurity analyst at CybelAngel and author of the report David Sygula said they did not have to use any hacking tools to access the medical files. He added that hospitals and healthcare facilities must adopt safer security processes and devices to protect patient data. Many medical devices are vulnerable to cyberattacks because their technology is often outdated.
Meanwhile, CybelAngel’s Chief Information Security Officer Todd Carroll said that medical centers work with plenty of third-party providers as the cloud is crucial for storing and sharing data. The problem is that these services come with security gaps that could expose confidential patient medical records, which is damaging to individuals and healthcare institutions.
The cybersecurity firm also found malicious scripts on several servers, including cryptojacking malware. That means someone also gained access to unsecured devices.
Online security and privacy are of paramount importance. That is why a lot of users now connect to a VPN when they browse the web. This tool hides their actual IP address, encrypts their traffic, and deletes their activity logs. Each VPN offers different features, though, with premium providers being the best option.