An analysis of medical image storage systems exposed to the public web reveals that almost 600 servers in 52 countries are completely unprotected against unauthorized access.
Audited systems were unpatched against thousands of vulnerabilities, more than 500 of them having the highest severity score.
Huge, worrying numbers
Greenbone Networks, a German-based vulnerability analysis and management company, looked at about 2,300 Picture Archiving and Communication System (PACS) systems connected to the public internet and found significant issues that expose confidential information.
PACS are used in the healthcare sector to store and serve medical information retrieved from imaging devices such as X-Ray, CT, or MRI machines. They use the DICOM (Digital Imaging and Communications in Medicine) standard to transmit, store, retrieve, print, process, and display medical imaging data.
Using public device discovery engines between mid-July and early September, Greenbone Networks identified 590 PACS servers that could be reached over the internet and allowed retrieving about 24.3 million patient records…