Skip to main content
  1. Home
  2. News

Millions of people’s MRIs, X-rays, and CT scans are easily accessible online

Jenny McGrath
By
x-ray
rawpixel.com / Pexels

Servers containing sensitive medical data — including X-rays, CT scans, and MRIs — are unprotected in doctors’ offices, imaging centers, and archiving services all over the world. Records for at least 5 million U.S. patients are available online, according to an investigation by ProPublica and German public broadcaster Bayerischer Rundfunk.

Reporters found 187 servers in the U.S. without passwords and other security protocols, leaving them open to access via software or basic web searches. The scans contained not only medical information but birthdates and social security numbers, in some cases. The Health Insurance Portability and Accountability Act (HIPAA) requires medical data be kept private, and failing to keep these images secure may violate that law.  

Recommended Videos

An industry group of radiologists and device makers created the standard Digital Imaging and Communications in Medicine (DICOM) in 1985, which lays out the standard for handling, storing, printing, and transmitting medical imaging. Before its security measures were standardized, devices that didn’t meet them were already showing up in hospitals and clinics. Some hospitals may have never have made changes after DICOM’s security measures were released, and vendors continued to sell devices without built-in security. “Nobody ever tried to connect all these pieces together, and that’s how the whole problem happened,” Dr. Oleg Pianykh, an assistant professor of radiology and the director of medical analytics at Massachusetts General Hospital, told Digital Trends.

Related

Pianykh has been tracking the problem for years. In 2016, he discovered 2,774 unprotected radiology or DICOM servers and published the results in a research paper. “The reason we were able to be able to connect to those DICOM devices was because the fundamental network security was missing,” he said.  

Large hospitals have fully staffed IT departments, but Pianykh aid smaller offices and centers may outsource their IT needs to companies unfamiliar with medical privacy standards. They may assume the devices have built-in protections. “What happens is that they just buy some kind of medical device and keep all the default settings and keep the network wide open,” said Pianykh. “And that’s it. That’s the breach.” 

As a baseline, any provider handling medical data needs to have its own secured network, Pianykh said. Otherwise, he compares securing individual devices to locking up the jewelry in your home while leaving the front door unlocked. The thieves will just steal something else. 

In one case, a Denver-based archival service, Offsite Image, had over 340,000 records that were vulnerable, including some from both human doctors and veterinarians. Its tech consultant, Matthew Nelms, said the company fixed its servers after told ProPublica alerted him of the issue. “We were just never even aware that there was a possibility that could even happen,” he said.

The Medical Imaging & Technology Alliance oversees DICOM but claims the security standards are adequate but seemed to suggest individual offices and centers are responsible for seeing them through. “Proper security, however, requires more than just technical measures,” the alliance said in a statement. “It requires the implementation of institutional plans and policies to address various aspects of security (for example: infrastructure, device configuration, procedures, policies, training, auditing, and oversight).”  

“You cannot just delegate to people, particularly physicians or patients, and tell them ‘Okay, well, go and take care of that,’” said Pianykh. Many will follow through, but some will not. Instead, he sees the need for a proactive approach, an agency that regularly scans for these issues and reaches out to the offices, cloud providers, or other entities who don’t have proper security in place. “The magnitude of this problem is monumental,” he said. “It’s beyond the scope of a single person doing some kind of single scan.” 

Update 9/18: Added additional comments from Dr. Oleg Pianykh.

Correction: An earlier version of this story misspelled Dr. Pianykh’s name.

Editors' Recommendations

Topics
Jenny McGrath
Jenny McGrath
Former Digital Trends Contributor
Jenny McGrath is a senior writer at Digital Trends covering the intersection of tech and the arts and the environment. Before…
How Intel and Microsoft are teaming up to take on Apple
An Intel Meteor Lake system-on-a-chip.

It seems like Apple might need to watch out, because Intel and Microsoft are coming for it after the latter two companies reportedly forged a close partnership during the development of Intel Lunar Lake chips. Lunar Lake refers to Intel's upcoming generation of mobile processors that are aimed specifically at the thin and light segment. While the specs are said to be fairly modest, some signs hint that Lunar Lake may have enough of an advantage to pose a threat to some of the best processors.

Today's round of Intel Lunar Lake leaks comes from Igor's Lab. The system-on-a-chip (SoC), pictured above, is Intel's low-power solution made for thin laptops that's said to be coming out later this year. Curiously, the chips weren't manufactured on Intel's own process, but on TSMC's N3B node. This is an interesting development because Intel typically sticks to its own fabs, and it even plans to sell its manufacturing services to rivals like AMD. This time, however, Intel opted for the N3B node for its compute tile.

Read more
How much does an AI supercomputer cost? Try $100 billion
A Microsoft datacenter.

It looks like OpenAI's ChatGPT and Sora, among other projects, are about to get a lot more juice. According to a new report shared by The Information, Microsoft and OpenAI are working on a new data center project, one part of which will be a massive AI supercomputer dubbed "Stargate." Microsoft is said to be footing the bill, and the cost is astronomical as the name of the supercomputer suggests -- the whole project might cost over $100 billion.

Spending over $100 billion on anything is mind-blowing, but when put into perspective, the price truly shows just how big a venture this might be: The Information claims that the new Microsoft and OpenAI joint project might cost a whopping 100 times more than some of the largest data centers currently in operation.

Read more
There’s an unexpected, new competitor in PC gaming
Snapdragon's X Elite PC SoC.

Windows gaming on ARM is becoming a legitimate possibility, and it's not just thanks to the recently unveiled emulation options, but it's chiefly due to the fact that Qualcomm's Snapdragon X Elite is shaping up to be pretty excellent. Spotted in a recent benchmark, the CPU was seen beating some of the best processors on the current market. Are we finally at a point where it's not always going to be a choice between just Intel and AMD?

The benchmarks were posted by user @techinmul on Twitter, and the results couldn't be more promising for the upcoming Qualcomm processor. The chip was tested in Geekbench 6, and although it's important not to take these results entirely at face value, it's an impressive show of performance that bodes well for upcoming thin and light laptops.

Read more