275 Million medical Images of Over 2 Million Patients Remain Exposed via PACS Flaws

275 Million medical Images of Over 2 Million Patients Remain Exposed via PACS Flaws

A neurologist studies a patient’s computed tomography scan. (US Air Force from USA, Public domain, via Wikimedia Commons)

In September 2019, ProPublica revealed millions of medical images were being exposed online through unsecured Picture Archiving and Communication Systems (PACS). But while other countries took swift action to secure these vulnerabilities, the U.S. continues to utilize PACS without first closing major security gaps.


What’s worse, the health systems employing unsecured PACS have also failed to close other critical vulnerabilities, according to data from Dirk Schrader, global vice president at New Net Technologies (NNT).


PACS servers are used by the majority of health care delivery organizations to archive medical images and enable providers to swiftly share these patient records and images with other providers. 


However, the tool is ranked as one of the riskiest devices employed in the health care sector, according to Forescout.


The tech holds inherent vulnerabilities, including use of Digital Imaging and Communications (DICOM), which is the communication and management standard of medical imaging information and related data.


The DICOM standard is more than 30 years old and easily exploitable when left exposed to the internet. Cylera research found a flaw in the DICOM image format could even enable an attacker to install malicious code into the imaging files to corrupt patient data. Research has consistently shown that nation-state threat actors actively scan for the DICOM port.


As a whole, these vulnerabilities pose a serious risk to the health care enterprise. But the U.S. has taken minimal action since the initial 2019 report, and as such, millions of and medical images and case study data are currently exposed onlin ..

Support the originator by clicking the read the rest link below.