Personal details of approximately 5 million U.S. residents that include security information, X-rays and MRIs, and in some cases even SSNs are sitting readily available for anyone “armed” with a browser and access to the internet. In a collaboration between ProPublica and the German broadcaster Bayerischer Rundfunk, the media organizations identified 187 unprotected servers across the U.S. used by medical offices, mobile X-ray service providers, and medical imaging centers that hold the information of millions of U.S. residents. According to the report, there are 10+ millions more people from all around the world with exposed health data information.
10+ millions more people from all around the world with exposed health data information
Some of the latest cybersecurity breaches that made the headlines are about companies whose cybersecurity defense have been somehow overtaken. This is not the case with the medical servers found by the investigators – unlike the regulated businesses and companies, those medical offices did not have any protection at all. According to cybersecurity researchers, you do not have to be a hacker to access those files – virtually anyone can get access by typing an URL or typing a single data entry in a search box. Cybersecurity researches compare the process of walking through an open door.
The investigators have notified the owners of the servers and reported that some of them have already begun implementing better security practices. However, others remain in a blatant HIPAA violation as their servers continue to be open for intrusion by virtually anyone with access to the internet
One of the vulnerable servers found by the researches is said to contain the records of more than a million U.S. residents. The names of the patients were readily available by simply typing data entry, and people’s DOB, physicians names, and doctors procedures were also part of the freely accessible data. According to the report, the total number of servers from all around the globe contain records of 16 million people.
According to the report published by ProPublica, a spokesperson for the U.S. Department of Health and Human Services’ Office for Civil Rights, responsible for penalizing HIPAA violations, has rejected to comment as the agency’s policy is not to discuss current or potential HIPAA violations.
Sen. Mark Warner encouraged companies to start outlining cybersecurity practices and is actively trying to support healthcare providers to enforce cybersecurity practices. The senator publicly demanded an imaging firm caught exposing more than 1 million records to share its cybersecurity practices after the breach.
Tens of millions of millions of medical records of people from all over the world are stored on unencrypted servers, and the chances that your personal information lays completely unprotected somewhere are high. However, if all your connected devices are backed by reliable antivirus software, you are one step ahead of the hackers who might decide to take advantage of cyber leaks and unprotected information they stumble upon online.