Exposed DICOM Servers Risk Patient Data Across Healthcare Systems

Severity: High (Score: 69.6)

Sources: techcrunch.com, www.dicomstandard.org, Trendmicro

Summary

A cybersecurity investigation revealed that over 3,800 DICOM servers are exposed to the internet, compromising the personal health information of approximately 16 million patients across more than 110 countries. The Digital Imaging and Communications in Medicine (DICOM) standard, essential for medical imaging interoperability, has significant security vulnerabilities that allow unauthorized access to sensitive data. Researchers from Aplite, a cybersecurity consultancy, found that many of these servers lack effective security measures, with over 70% hosted by major cloud providers like Amazon AWS and Microsoft Azure. The exposed data includes patient names, addresses, phone numbers, and in some cases, Social Security numbers. The findings highlight a critical risk to patient privacy and healthcare operations, necessitating immediate action from healthcare organizations and cloud providers. The research was presented ahead of the Black Hat Europe conference, emphasizing the urgency of addressing these vulnerabilities. Key Points: • Over 3,800 DICOM servers exposed, affecting 16 million patients globally. • More than 70% of vulnerable servers are hosted by major cloud providers. • Exposed data includes sensitive personal health information and medical records.

Key Entities

• Data Breach (attack_type)
• Man-in-the-Middle (attack_type)
• Ransomware (attack_type)
• India (country)
• South Africa (country)
• United States (country)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-862 - Missing Authorization (cwe)
• shodan.io (domain)
• Healthcare (industry)
• T1557 - Adversary-in-the-Middle (mitre_attack)
• Amazon AWS (platform)
• Dicom (platform)
• Azure (company)
• Microsoft Azure (company)
• Censys (tool)
• Honeyscore API (tool)
• Shodan (tool)