EXECUTIVE SUMMARY:
Millions of medical images floating around the web?
Cyber security researchers recently found that hospitals are leaving millions of private medical images electronically accessible by way of insecure storage practices. Over 45 million medical images from scans such as X-rays, MRIs, and CT scans are stored on unsecured servers and storage devices.
On top of patient privacy concerns, cybercriminals could steal the data on these systems to blackmail individuals. Hackers could also leverage these under-secured servers to execute ransomware attacks on healthcare facilities.
In the past few months, we’ve seen an alarming increase in the number of healthcare groups hit with ransomware attacks. A key US healthcare system recently enacted EHR downtime procedures after falling victim to a ransomware related ruse. A string of strikes has shut down a variety of health focused organizations across the past few months, impacting over 60 providers and more than 500 facilities.
What happens if these images are inaccessible to those who need them?
These millions of medical files may be needed for clinical decision-making purposes. Without on-demand access, people may receive sub-standard healthcare and may suffer through serious consequences.
What’s causing healthcare industry-related security issues?
Medical groups may be using outdated technologies that leave patients and their data vulnerable. Healthcare security budgets are often stretched thin and organizations may resist purchasing new equipment or even investing in better security.
In one recent example, 45 million unique cases of Digital Imaging and Communications in Medicine (DICOM) exposed. Further, researchers found malicious scripts on several servers, indicating that malicious actors had already accessed the unsecured devices.
It goes without saying, cyber security in the healthcare sector needs to be a top priority, especially as these organizations are at the frontline of this global pandemic.
How can your healthcare group improve security?
The US Cybersecurity and Infrastructure Security Agency recommends following best practices, from proper segmentation to explicit access rules. For additional insights into securing the healthcare sector, check out Cyber Talk’s healthcare-focused whitepapers and solutions briefs.