The medical data of more than 5 million U.S. patients and millions more globally can be accessed online by basic web browsers and free software programs, according to an investigation by ProPublica and German radio and TV network Bayerischer Rundfunk.
The investigation identified a total of 187 servers in just the U.S., spanning physicians' offices, medical imaging centers and mobile X-ray services, unprotected by basic security precautions or even passwords. The unprotected information includes not only names, birthdates, physicians and procedures, but also, in some cases, Social Security numbers.
Imaging data such as X-rays, MRIs and CT scans was also affected. ProPublica reports that data from more than 13.7 million medical tests in the U.S. was readily available online; X-rays and other images could be freely downloaded in more than 400,000 of those cases.
The security issues were largely due to medical facilities' failure to update outdated operating systems and fit them with proper, HIPAA-abiding protections. The investigators found that while most large hospitals, health systems and academic medical centers did enact appropriate security protocols, the majority of the unprotected data came from independent radiologists, medical imaging centers and archiving services.
After the investigators shared their findings with the affected facilities, many reportedly took action to better secure the data. Additionally, a spokesperson for the U.S. Department of Health and Human Services' Office for Civil Rights, responsible for penalizing HIPAA violations, told ProPublica the office would not comment on open or potential investigations.
Read more here.
More articles on cybersecurity:
Health tech leaders release privacy guidelines for consumer health data
Moody's: Healthcare cyberattacks on the rise, small hospitals most vulnerable
The role of security in digital healthcare delivery and why it's a core focus for Hackensack Meridian Health in 2020