More than 5 million U.S. patients, and millions more globally, currently have their medical data, ranging from X-rays, MRIs and CT scans to birthdates, physicians and procedures, and in some cases, Social Security numbers, sitting unprotected online, according to an investigation by ProPublica.
The investigation identified 187 servers in the U.S. alone unprotected by passwords and in some cases only requiring the use of a typical web browser to view images and private data. “It’s not even hacking. It’s walking into an open door,” said Jackie Singh, a cybersecurity researcher and chief executive of the consulting firm Spyglass Security, according to the report.
ProPublica reports that data from more than 13.7 million U.S. medical tests were readily available online, along with more than 400,000 X-rays and other images freely downloadable. Many cases of these security issues were largely due to the medical facilities’ failure to update operating systems that were outdated.
The review found that the extent of the exposure varies, depending on the health provider and what software they use. For instance, the server of U.S. company MobilexUSA displayed the names of more than a million patients — all by typing in a simple data query. Their dates of birth, doctors and procedures were also included.
Another imaging system, tied to a physician in Los Angeles, allowed anyone on the internet to see his patients’ echocardiograms, according to ProPublica. (The doctor did not respond to inquiries from ProPublica.)
While most large hospitals, health systems and academic medical centers took proper security protocols, the majority of the data that was left unprotected came from radiologists, medical imaging centers and archiving services.
Read the full investigation Here.