The discovery was made by the security company CybelAngel during a six-monthly survey on the safety of medical devices. Exposed medical data has been leaked by hospitals and medical centers around the world and according to researchers, an unauthorized user can very easily obtain access in these.
Cybercriminals could steal sensitive medical information to sell at Dark web, to blackmail the people to whom the data belongs (the data is enough to connect with specific people) or even use exposed servers to distribute ransomware on hospital networks.
Researchers have discovered more than 45 million unique medical digital images, which were accessible without the use of hacking tools or password. The images were simply available at Internet.
"The 45 million files are on unprotected servers. What we found was that all this data was available to anyoneSaid David Sygula, senior cybersecurity analyst at CybelAngel.
In some cases, they were responsible for the leak of medical data unsafe . Appliances used by hospitals. Also, the use of FTP or SMB protocols and the exploitation of uncorrected vulnerabilities could provide criminals, access in machinery and in data stored inside.
CybelAngel researchers also found malicious scripts, including cryptocurrency miners, on some of the servers they tested. This means that there were already people who had discovered the unsafe devices and had broken them.
Monitoring sensitive medical information such as X-rays and other medical images is quite annoying, but the worst part is that criminals could link these data with the people to whom they belong, since there is also personal information in these leaked images. These details could even include the doctor's name, the medical center, the body part depicted, and the patient's name or date of birth. All this information could possibly be used for other scams.
The researchers identified insecure servers around the world and said they could not contact all hospitals and medical centers to inform them. For this reason, published a report with statistics. All healthcare providers should take this as a warning and check the safety their networks and systems.
"This is a worrying finding and demonstrates that stricter security procedures need to be put in place to protect the way in which sensitive medical data is communicated and stored by health professionals. A balance between security and accessibility is necessary to avoid a significant one infringement dataSaid Sygula.