Senator demands answers after ‘outrageous’ online exposure of medical images

U.S. Sen. Mark Warner, D-Va., is demanding answers from the federal government after millions of medical images were left vulnerable to online hackers.

Warner recently spelled out his concerns in a sharply worded letter to the Defense Health Agency. The Virginia lawmaker is irked by one recent report from a Germany cybersecurity firm, which found that more than 1 billion images remain exposed online due to vulnerabilities in picture archiving and communications systems.

He’s particularly concerned about the imaging records of U.S. service members treated at the Ft. Belvoir Medical Center, Ireland Army Health Clinic and the Womack Army Medical Center.

“The exposure of this information is an outrageous violation of privacy and represents a grave national security vulnerability that could be exploited by state actors or others,” Warner, who co-chairs the Senate Cybersecurity Caucus, wrote in his Jan. 16 letter. “We owe an enormous debt to our armed forces, and at the very least, we ought to ensure that their private medical information is protected from being viewed by anyone without their express consent.”

Warner first raised issue with PACS security in September after an initial investigation from German-based Greenbone Networks. That included reports that MobileXUSA, which services left an unencrypted server on the web.

Since last fall’s furor over the vulnerabilities, Warner said some 31 million images have been yanked off the internet. However, he’s concerned that service members’ records remain vulnerable and wants the Defense Health Agency to take immediate action.

“I ask that you immediately remediate this situation, and remove the vulnerable PACS from open access to the internet,” he wrote, also posing several questions on the issue with a two-week due date for responses.