Healthcare companies use PACs to store and server medical data from X-Rays, CT Scans, and MRIs. Twenty-three hundred Picture Archiving and Communication Systems (PACS) that are connected to the internet publicly were recently analyzed. Through that analysis it was found that almost 600 servers are unprotected, leaving nearly 2.5 million patient records exposed. Researchers were able to download 399.5 million images from an estimated 733.5 million. Information in those exposed patient records included names, dates of birth, dates of examination, type of imaging procedure, attending physicians, clinic names, and the number of generated images. What’s unsettling is that the PACs were found to have more than 10,000 security flaws, with nearly 20% being labeled with high-severity scores. These servers were located in 59 different countries, with the US having the largest number of exposed data sets (13.7 million).
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased