FRANKFURT, Germany – Millions of records belonging to patients worldwide, including X-Rays, mammograms and MRI scans, were long freely accessible online without basic security measures, German authorities said Tuesday, September 17, after a media investigation.
ProPublica and Bavarian public television BR reported that some 16 million records were available “unprotected on the internet and available to anyone with basic computer expertise,” protected by neither a password nor encryption.
It is unclear how much of the data has now been safely sealed away by the various hospitals and other health care providers affected in dozens of countries. (READ: 76% of devices in healthcare facilities in PH infected by malicious code)
“Several thousand patient records were accessible,” confirmed Germany’s Federal Office for IT Security (BSI), referring only to some 13,000 of the country’s citizens affected.
“The patient data could be accessed as the simplest IT security measures, like access control using usernames and passwords, or encryption, were not implemented.”
However, the government agency “has no information that patient data were in fact copied for criminal purposes.”
As well as scan and radiology data, patients’ names, birth dates and social security numbers were freely readable.
BR and ProPublica reported at least 187 servers in the US and 5 in Germany were among the vulnerable computers, although there were similar security gaps in almost 50 countries including Brazil, Turkey and India.
The BSI said it had informed “partner organizations” in 46 countries about the problem. – Rappler.com
There are no comments yet. Add your comment to start the conversation.