NEW

Canon Medical’s AI-Powered, Premium Large Bore CT Receives FDA Clearance

Canon Medical Systems USA, Inc. has received FDA clearance for the Aquilion Exceed LB CT system, giving clinicians the opportunity to see more during radiation therapy planning for accuracy, precision and speed.

FDA Clears MULTIX Impact C Ceiling-Mounted DR System

Siemens Healthineers has announced the Food and Drug Administration (FDA) clearance of the MULTIX Impact C ceiling-mounted digital radiography (DR) system as well as the MULTIX Impact VA20, a new version of the established floor-mounted parent DR system.

FDA Approves Seno Medical’s Breast Cancer Diagnostic Technology

The Center for Devices and Radiological Health (CDRH) of the U.S. Food & Drug Administration (FDA) has granted Texas-based Seno Medical Instruments Inc.

Philips to Acquire Capsule Technologies Inc.

Royal Philips has signed an agreement to acquire Capsule Technologies Inc., a provider of medical device integration and data technologies for hospitals and healthcare organizations.

CybelAngel Identifies Medical Devices, Web Portals Leaking Unprotected Images

CybelAngel

The analyst team at CybelAngel, a global leader in digital risk protection, has discovered that more than 45 million medical imaging files – including X-rays and CT scans – are freely accessible on unprotected servers, in a new research report released in December. The report “Full Body Exposure” is the result of a six-month investigation into Network Attached Storage (NAS) and Digital Imaging and Communications in Medicine (DICOM), the de facto standard used by healthcare professionals to send and receive medical data. The analysts discovered millions of sensitive images, including personal healthcare information (PHI), were available unencrypted and without password protection.

CybelAngel tools scanned approximately 4.3 billion IP addresses and detected more than 45 million unique medical images left exposed on over 2,140 unprotected servers across 67 countries including the US, UK and Germany.

The analysts found that openly available medical images, including up to 200 lines of metadata per record which included PII (personally identifiable information; name, birth date, address, etc.) and PHI (height, weight, diagnosis, etc.), could be accessed without the need for a username or password. In some instances login portals accepted blank usernames and passwords.

“The fact that we did not use any hacking tools throughout our research highlights the ease with which we were able to discover and access these files,” says David Sygula, Senior Cybersecurity Analyst at CybelAngel and author of the report. “This is a concerning discovery and proves that more stringent security processes must be put in place to protect how sensitive medical data is shared and stored by healthcare professionals. A balance between security and accessibility is imperative to prevent leaks from becoming a major data breach.”

Todd Carroll, CybelAngel CISO further commented, “Medical centers work with a vast, interconnected web of third-party providers and the cloud is an essential platform for sharing and storing data. However, gaps in security, such as this, present a huge risk, both for the individuals whose data is compromised and the healthcare institutions that are governed by regulations to protect patients’ data. The health sector has faced unprecedented challenges this year, however the security and privacy of their patients’ most personal records must be protected, to prevent highly confidential data falling into the wrong hands.”

The report highlights the security risks of publicly accessible images containing highly personal information including ransomware and blackmail. Fraud is a particular risk, as this type of imagery fetches a premium on the dark web.

From a compliance standpoint, healthcare providers are also liable to sanctions under regulations such as GDPR in Europe, and HIPAA in the US, for breaches of sensitive patient information.

CybelAngel advises there are simple steps that healthcare facilities can take to safeguard the way they share and store data including to:

  • Determine if pandemic response exceeds your security policies: Ad hoc NAS devices, file-sharing apps and contractors may take data beyond your ability to enforce access controls
  • Ensure proper network segmentation of connected medical imaging equipment: Minimize any exposure critical diagnostic equipment and supporting systems have to wider business or public networks
  • Conduct real-world audit of third-party partners: Assess which parties may be unmanaged or not in compliance with required policies and protocols.
  • CybelAngel provides a complimentary, comprehensive 30-day data exposure assessment healthcare and other organizations use to measure their risk and uncover priority issues.

The full report can be found here: https://cybelangel.com/medical-data-breaches/?utm_source=press_release&utm_medium=media&utm_campaign=full_body_exposure

Previous

Next

Submit a Comment

Your email address will not be published. Required fields are marked *