September 26, 2019

ProPublica Investigation Identifies Records of 5 Million U.S. Patients Exposed on Internet

ProPublica reports that it has identified medical records of more than 5 million patients in the United States that are unprotected and accessible via the internet. In its investigation, ProPublica identified 187 servers in the United States with medical records that were unprotected by passwords or other basic security measures. Unlike other recent security breaches, in which hackers penetrated an organization’s cyber defenses, the medical records identified by ProPublica lacked even the most basic security precautions and were accessible with the use of free software or a basic web browser. Most of the unprotected data found were maintained by independent radiologists, medical imaging centers, or archiving services.  ProPublica’s report attributed Digital Imaging and Communication in Medicine (DICOM), the international standard for handling, storing, and transmitting medical imaging data, as a possible reason for the disproportionate amount of medical imaging data identified in their investigation.