Nearly 200 unprotected computer servers full of medical data have been identified throughout the United States. The discovery, part of a new report from ProPublica and Bayerischer Rundfunk, covers the data of more than 5 million Americans.
“It’s not even hacking,” Jackie Singh, an executive at Spyglass Security, said in the report. “It’s walking into an open door.”
ProPublica and Bayerischer Rundfunk found that some servers display the names of patients. Others, meanwhile, allowed “anyone on the internet” to see echocardiogram findings. Social Security numbers of some patients were even exposed.
Cooper Quintin, a researcher and senior staff technologist with the Electronic Frontier Foundation, called the discoveries “utterly irresponsible” in the report.
“Medical records are one of the most important areas for privacy because they’re so sensitive,” Quintin said.
ProPublica and Bayerischer Rundfunk noted that their work has already made an impact on the security of patients in the United States. MobilexUSA, a company that provides imaging services to nursing homes, prisons and other clients, was alerted by investigators that its server was displaying the names, birthdays and medical information of more than a million patients for anyone to see. MobilexUSA updated its security after the notification.
Recent Radiology Business coverage of cybersecurity issues in medical imaging can be read here.