Threat Intel Flash: Sisense Data Compromise: ARC Labs Intelligence Flash

Get the Latest


Nearly 600 PACS Servers Holding a Multitude of X-Rays and MRIs Found Publicly Available

Healthcare companies use PACs to store and server medical data from X-Rays, CT Scans, and MRIs. Twenty-three hundred Picture Archiving and Communication Systems (PACS) that are connected to the internet publicly were recently analyzed. Through that analysis it was found that almost 600 servers are unprotected, leaving nearly 2.5 million patient records exposed. Researchers were able to download 399.5 million images from an estimated 733.5 million. Information in those exposed patient records included names, dates of birth, dates of examination, type of imaging procedure, attending physicians, clinic names, and the number of generated images. What’s unsettling is that the PACs were found to have more than 10,000 security flaws, with nearly 20% being labeled with high-severity scores. These servers were located in 59 different countries, with the US having the largest number of exposed data sets (13.7 million).

Analyst Notes

If information is being stored online, it should always be protected by encryption and a strong firewall. Software updates should be running regularly, and an anti-malware protection software should be used as well. File and media sharing should also be disabled if it is not necessary.