Medical Record Breach Lack of Security

Imagine a data leak that an average computer user could have found with a few simple clicks on an online site. Researchers at Greenbone Networks found the personally identifiable information and medical images of over 24 million by simply visiting publicly-accessible web pages.

Between July and September of 2019, Greenbone analyzed 2,300 medical archiving systems worldwide that are connected to the internet. These systems are known as “Picture Archiving and Communication Systems” and are primarily used in healthcare industries to archive radiologist images and make them available for physicians.

The unprotected systems could be accessed without even the need for a password. Researchers found that 590 of the 2,300 they analyzed were freely accessible, exposing records of 24.3 million patients in 52 countries. Information that was exposed included:

  • Patient Names
  • Dates of Birth
  • Dates of Examination
  • Attending Physician
  • Purpose of the Examination

American patients were also at a loss as 13.7 million of the records included their Social Security Numbers. What’s worse is that attached to patient information was 737 million images such as X-Rays, CT Scans, and MRI Scans. Of these images, 400 million could be downloaded via the internet and could even be obtained through an unencrypted HTTP connection.

Simple Steps to Security

Having a strong password to protect vital personal information online is a simple layer of protection. The important thing to remember is that passwords should be complex and different for each login or site that you use. Having a layer of encryption only heightens the level of security on a device or database and hardware encrypted SecureDrives provide just that.

These devices can be utilized in the healthcare industry to protect patient files when being transferred between hospitals and to store X-Rays and other medical images that may be taken off-site. It can only be accessed through the paired mobile app on your phone and requires a unique password to unlock with the option of unlocking using biometric indicators like facial recognition and fingerprints. Users can also enable two-factor authentication.

An Admin on the device can set Read-Only mode, change the password on the device, and set geo- and time-fencing with the remote management to restrict drive access to certain times and places. Users can even remotely wipe the information if the drive is lost or stolen.

Completely exposed sites are somewhat of a “face-palm” moment in the age of data breaches and technological advances. That is why medical facilities and companies with sensitive data need a reliable storage solution. Call 1-800-875-3230 for more information on how to secure your data with our hardware encrypted SecureDrives.