More than two billion files—including approximately 4.4 million medical imaging files—have been exposed online across various storage technologies, according to a new report from Digital Shadows. Approximately 4.7 million healthcare-related files overall were exposed.
“As with all of the cases we discuss in this paper, not every single one of the exposed files is going to contain something sensitive,” according to the report. “However, the sheer amount of information exposed illustrates the extend of individuals’ privacy violations, and or regulations like HIPAA in the United States.”
The 4.4 million files represents an increase of more than 50 percent compared to a similar report released just one year ago. Digital Shadows noted that “many companies” are likely in breach of the European Union’s General Data Protection Regulation (GPDR) laws.
The Server Message Block protocol was found to be the most common technology associated with exposed files, with issues also reported involving FTP services, rsync, Amazon S3 buckets and Network Attached Storage devices.
“Not only are the ramifications of data privacy laws like GDPR significant, the exposed data gives attackers everything they need to launch personalized attacks targeting their customers, employees, and third parties,” according to a news release from Digital Shadows. “For example, Digital Shadows observed over 17 million exposed files have been encrypted by ransomware, 2 million of which by the recently discovered ‘NamPoHyu’ variant. Businesses have likely been impacted by these ransomware attacks and may not be aware.”
Of course, there are also significant risks for individuals impacted by these data breaches. Consumers do have “more power than ever” to act against these organizations, according to Digital Shadows.
“Our research shows that in a GDPR world, the implications of inadvertently exposed data are even more significant,” Harrison Van Riper, an analyst for Digital Shadows, said in the news release. “Countries within the European Union are collectively exposing over one billion files—nearly 50% of the total we looked at globally—some 262 million more than when we looked at last year. We urge all organizations to regularly audit the configuration of their public facing services.”