US: 786 million medical images identified. HIPAA has been in effect in the U.S. since the mid-1990s. Despite these serious issues remain most probably due to legacy systems and/or poor implementation of cybersecurity. Some of this may be due to financial limitations.
That’s a 60% increase from the finding between July and September 2019 and includes details of patient names, the reason for examination, date of birth, and ID cards in some cases.
Amongst the 786 million medical images identified in the US, which had the largest increase in new data sets discovered, Social Security Numbers were included on some of the images, as well as some sets which listed details pertaining to military personnel IDs from the Department of Defense.
Overall, 129 new easily accessible archiving systems and data from nine additional countries have been discovered. Also, the number of images freely available on the internet had increased most significantly in the US, India, South Africa, Brazil and Ecuador.
Missing controls
Proper controls, such as HIPAA in the US, were largely missing. In total, the number of data records which are accessible online without any level of protection has doubled, from 4.4 million to 9 million, and the number of images now accessible or easily downloadable via the internet is 370 million.
Conversely, 172 PACS servers, including all systems from 11 countries including the UK, Germany, Thailand and Venezuela, had in fact been taken completely offline and the patient data was no longer accessible via the internet.
Addressing the situation
Dirk Schrader, cyber resilience architect at Greenbone Networks said: “Whilst some countries have taken swift action to address the situation and have removed all accessible data from the internet, the problem of unprotected PACS systems across the globe only seems to be getting worse. In the US especially, sensitive patient information appears to be free-flowing and is a data privacy disaster waiting to happen.
“When we carried out this second review, we didn’t expect to see more data than before and certainly not to have continued access to the ones we had already identified. There certainly is some hope in the fact that a number of countries have managed to get their systems off the internet so quickly, but there is much more work to be done.”
Hospitals and providers should review their PAC systems as they may not be part of their current electronic health record and lie outside of the boundary of the electronic health record.
1.19 billion confidential medical images available on the internet - Help Net Security:
No comments:
Post a Comment