brain scan

More Than One Billion Medical Images Remain Unprotected On The Web

Some security experts and lawmakers have criticized the Department of Health and Human Services for failing to enforce privacy laws and fine organizations that did not protect patient records.

Over a billion medical images remain exposed due to hospitals, medical offices and imaging centers running insecure storage systems, according to a TechCrunch report.

The storage systems allow anyone with an internet connection and free software to access the sensitive images, about half of which belong to patients in the U.S. The number of exposed images has only increased since the issue was first revealed in September by ProPublica.

At first, a security firm found that the number of images was 720 million. Now, the problem has grown to 1.19 billion scans, and medical offices have not taken action to secure their servers since being notified by security researchers who discovered the issues.

“The amount of data exposed is still rising, even considering the amount of data taken offline due to our disclosures,” Dirk Schrader, who led research at the security firm Greenbone Networks, told TechCrunch, adding: “It seems to get worse every day.”

Patients are largely unaware of the fact that their medical images are being stored online for nearly anyone to see, and that the exposed information puts them at a higher risk of being targeted for insurance fraud and identity theft, according to TechCrunch.

Nearly 600 million images could be secured if all remaining medical offices removed their accessible servers from the internet. But even after being contacted by the news outlet about the status of their servers, many did not take action.

Lawmakers and former Department of Health and Human Services officials say that more must be done to address the lack of privacy and security standards for health organizations. While medical records are protected by HIPAA, the main privacy law for medical patients, HHS has not done enough to enforce penalties for security lapses, according to Sen. Mark Warner (D-Va.).

“To my knowledge, Health and Human Services has done nothing about it,” Warner told TechCrunch. “As Health and Human Services aggressively pushes to permit a wider range of parties to have access to the sensitive health information of American patients without traditional privacy protections attached to that information, HHS’s inattention to this particular incident becomes even more troubling.”

Last year, one Tennessee medical imaging company was fined $3 million for accidentally exposing a server containing 300,000 records. Former government officials said that there needs to be more security assistance available to smaller health organizations so that HHS would have more resources to dedicate to enforcing security violations.

“It may be too big of a problem for any single law enforcement agency to truly put a dent in,” said Deven McGraw, a former top privacy official in HHS’ Office of Civil Rights, which enforces the law.

In response to the criticism, the Office of Civil Rights defended its past actions to enforce HIPAA security violations.

“OCR has taken enforcement action in the past to address violations concerning unprotected storage servers, and continues robust enforcement of the HIPAA rules,” a spokesperson told TechCrunch.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Cloud Adoption Gives Way to Hybrid Deployments

    Cloud adoption is growing at an astonishing rate, with Gartner forecasting that worldwide public cloud end-user spending will approach $600 billion by the end of this year—an increase of more than 21% over 2022. McKinsey believes that number could eclipse $1 trillion by the end of the decade, further underscoring the industry’s exponential growth. Read Now

  • AI on the Edge

    Discussions about the merits (or misgivings) around AI (artificial intelligence) are everywhere. In fact, you’d be hard-pressed to find an article or product literature without mention of it in our industry. If you’re not using AI by now in some capacity, congratulations may be in order since most people are using it in some form daily even without realizing it. Read Now

  • Securing the Future

    In an increasingly turbulent world, chief security officers (CSOs) are facing a multitude of challenges that threaten the stability of businesses worldwide. Read Now

    • Guard Services
  • Security Entrances Move to Center Stage

    Most organizations want to show a friendly face to the public. In today’s world, however, the need to keep people safe and secure has become a prime directive when designing and building facilities of all kinds. Fortunately, there is no need to construct a fortress-like entry that provides that high level of security. Today’s secured entry solutions make it possible to create a welcoming, attractive look and feel at the entry without compromising security. It is for this reason that security entrances have moved to the mainstream. Read Now

Featured Cybersecurity

Webinars

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3