Exposed DICOM Servers Risk Patient Data Across Healthcare Systems

Exposed DICOM Servers Risk Patient Data Across Healthcare Systems

First seen 5 May 2026, 14:03 UTC Trendmicrotechcrunch.comwww.dicomstandard.org 89% similarity 69.6

Article Content

Browse articles
ThreatCluster

A cybersecurity investigation revealed that over 3,800 DICOM servers are exposed to the internet, compromising the personal health information of approximately 16 million patients across more than 110 countries. The Digital Imaging and Communications in Medicine (DICOM) standard, essential for medical imaging interoperability, has significant security vulnerabilities that allow unauthorized access to sensitive data. Researchers from Aplite, a cybersecurity consultancy, found that many of these servers lack effective security measures, with over 70% hosted by major cloud providers like Amazon AWS and Microsoft Azure. The exposed data includes patient names, addresses, phone numbers, and in some cases, Social Security numbers. The findings highlight a critical risk to patient privacy and healthcare operations, necessitating immediate action from healthcare organizations and cloud providers. The research was presented ahead of the Black Hat Europe conference, emphasizing the urgency of addressing these vulnerabilities.

Key Points: • Over 3,800 DICOM servers exposed, affecting 16 million patients globally. • More than 70% of vulnerable servers are hosted by major cloud providers. • Exposed data includes sensitive personal health information and medical records.

ThreatCluster AI

Timeline

2025-11-01
Internet scanning for DICOM servers commenced.
2025-12-01
3,800 exposed DICOM servers identified.
2026-05-05
Research findings published by Aplite.
2026-05-05
Article coverage by TechCrunch.

Community

Browse all →