The experts at Greenbone Networks vulnerability analysis and management company discovered 600 unprotected servers exposed online that contained medical radiological images. The research was conducted between mid-July 2019 and early September 2019.
The unprotected medical image storage systems were located in 52 countries, the experts discovered that they were affected by 10,000 vulnerabilities, more than 500 of them rated with the
PACS servers are used in the healthcare industry to archive images created by radiological processes and to make them available to medical staff for analysis and diagnosis. These systems use the DICOM (Digital Imaging and Communications in Medicine) standard to manage medical imaging data.
The experts discovered 590 PACS servers that allowed them to retrieve about 24.3 million patient records.
“Of the 2,300 archive systems worldwide that were analyzed, 590 of them have been identified as accessible on the internet; together they contain over 24 million data records
Most of the exposed records included the following personal and medical details:
The researchers used a RadiAnt DICOM Viewer to analyze data from open PACS servers exposed online, they were able to download and view 399.5 million images out of 733.5.
Giving a look at the geographic distribution of the PACS servers that were leaking the images, most of unprotected PACS servers is in North America is in the U.S.
“In the US, the number is orders of magnitude higher with 13.7 million data sets and 45.8 million images freely accessible on the internet.” continues the report.
Experts discovered that Italy has the highest number of affected systems (10) in Europe and it is also the country with the largest number of leaked medical information.
Most of the open servers in Asia are in India (100), while most of the number of data records (4.9 million) is in Turkey.
Apart from these problems, the audit discovered that 45 PACS provided data over an insecure protocol such as HTTP or FTP, instead of DICOM. Thus, data stored on them could be accessed without authentication.
One of these had the files of the DICOM archive available in a directory listing, allowing access to anyone via a web browser.
Researchers estimated that the value of leaked data on the Darknet would probably be in excess of one billion US dollars.
“This data could be exploited by attackers for various purposes. These include publishing individual names and images to the detriment of a person’s reputation; connecting the data with other Darknet sources to make phishing social engineering even more effective; reading and automatically processing the data to search for valuable identity information, such as Social Security Numbers, in preparation for identity theft.” concludes the report.
(SecurityAffairs – PACS servers, data leak)