[{"innerBlocks":[],"name":"core\/freeform","postId":118,"blockType":{"name":"core\/freeform","keywords":[],"attributes":{"content":{"type":"string","source":"raw"},"lock":{"type":"object"}},"providesContext":[],"usesContext":[],"selectors":[],"supports":{"className":false,"customClassName":false,"reusable":false},"styles":[],"variations":[],"apiVersion":3,"title":"Classic","description":"Use the classic WordPress editor.","category":"text"},"originalContent":"The problem of unfettered access to medical images and data on unprotected servers appears to be getting worse.An estimated 1.19 billion images associated with unprotected medical studies were found to be available on medical archives connected to the Internet, according to ongoing research on healthcare organization servers that contain unprotected images and other personal health information.The latest estimate was revealed in a blog on Monday by Greenbone Networks, a German company that offers an open-source solution for vulnerability analysis and management.In an updated report, Greenbone found that the number of images associated with unprotected medical studies is up 60 percent from the 737 million images it found last fall. The 1.19 billion images were related to 35 million studies, up 40 percent from 24.5 million studies of patients from around the world last fall.Greenbone\u2019s earlier research was detailed in September in ProPublica, and it had hoped to see progress in protecting medical images.\u201cTo find even more studies, with more images related to them, isn\u2019t what we expected to see,\u201d Greenbone noted in the blog. \u201cFor most of the systems we scrutinized we had\u2014and still have\u2014continued access to the personal health information\u201d associated with the images.Greenbone\u2019s research has found that hundreds of hospitals, medical office and imaging centers are using insecure storage systems\u2014the lack of security enables anyone with an Internet connection and easily downloadable software to access medical images of patients. About half of the exposed images\u2014including X-rays, ultrasound and CT scans\u2014are from patients in the U.S.

The images are in DICOM standards, typically stored on a server linked to a picture archiving and communications system (PACS) to permit easy storage and sharing. Many providers leave these servers connected to the Internet, without a password, to facilitate sharing. Greenbone contends that unprotected servers also expose patients\u2019 personal health information that\u2019s associated with the images, available on digital \u201ccover sheets\u201d connected to the DICOM files.In the U.S., \u201cnot only did the aggregated numbers rise to a disturbing level, we also found some alarming data sets stored in unprotected PACS systems,\u201d the Greenbone blog noted. \u201cOne very large archive allows full access to PHI, including all images related to the 1.2 million examinations, in addition\u2014for about 75 percent of the individual names stored\u2014it also discloses the Social Security numbers.\u201dAnother archive appears to hold data from military personnel, including their DoD ID, when the names of the institutions are used as an indicator.Greenbone\u2019s report can be accessed here<\/a>.Healthcare organizations need to step up efforts to protect images, says Mounir Hahad, head of Juniper Threat Labs at Juniper Networks.\u201cGenerally speaking, in this kind of situation, it\u2019s the configuration of the network which is at fault before anything else,\u201d Hahad says. \u201cNo system handling sensitive data should be accessible from the internet without \u2026 a VPN or some strong authentication method. The DICOM protocol itself was developed a long time ago and did not take into consideration the implications of cybersecurity."It is often the case when legacy applications are moved from fortified data centers into cloud environments that data leaks occur,\u201d he adds. \u201cThose applications and databases may not have the adequate security considerations to guarantee confidentiality of data.\u201dTo both successfully protect images and data, and yet provide access to those digital assets as needed, requires granular protection for information systems that is difficult for most organizations to manage, according to Appsian CEO Piyush Pandey.\u201cHealth data has increased 878 percent since 2016 with no signs of slowing down and no easy answers,\u201d he says. \u201cA critical component to ensuring data integrity is implementing features that place granular security challenges on specific data elements (inside systems and applications) along with features that enhance the organization\u2019s ability to see who is accessing sensitive data\u2014from where and on what device.\u201dSecurity measures should enable users to access only the information that they need, Pandey adds.\u201cHealthcare organizations can establish strong business policies that are \u2018data-centric\u2019 and can adapt accordingly to various contexts of access,\u201d he adds. \u201cUsers only (can) gain access to the data they are authorized to view and modify. Thus, providing maximum security and compliance; all without limiting user productivity.\u201d","saveContent":"The problem of unfettered access to medical images and data on unprotected servers appears to be getting worse.An estimated 1.19 billion images associated with unprotected medical studies were found to be available on medical archives connected to the Internet, according to ongoing research on healthcare organization servers that contain unprotected images and other personal health information.The latest estimate was revealed in a blog on Monday by Greenbone Networks, a German company that offers an open-source solution for vulnerability analysis and management.In an updated report, Greenbone found that the number of images associated with unprotected medical studies is up 60 percent from the 737 million images it found last fall. The 1.19 billion images were related to 35 million studies, up 40 percent from 24.5 million studies of patients from around the world last fall.Greenbone\u2019s earlier research was detailed in September in ProPublica, and it had hoped to see progress in protecting medical images.\u201cTo find even more studies, with more images related to them, isn\u2019t what we expected to see,\u201d Greenbone noted in the blog. \u201cFor most of the systems we scrutinized we had\u2014and still have\u2014continued access to the personal health information\u201d associated with the images.Greenbone\u2019s research has found that hundreds of hospitals, medical office and imaging centers are using insecure storage systems\u2014the lack of security enables anyone with an Internet connection and easily downloadable software to access medical images of patients. About half of the exposed images\u2014including X-rays, ultrasound and CT scans\u2014are from patients in the U.S.

Research: More than 1B images, patient data are unprotected

More for you