Are your Medical Images Exposed?
CybelAngel just released a report that, without any hacking tools, their automated system was able to find over 9.5 million unique DICOM files on 269 U.S. servers. These images were dangling in the Internet wind, not even needing a password or username to access. Worst of all, some of these images may have been on your servers or the servers of your healthcare provider.
Even after well over one hundred million dollars in fines, HIPAA is a mere educational slide in an annual training slide deck. But for many others, real action is taking place.
From my experience with penetration testing, I know that far more than 45,000,000 images are available with even the simplest hacking tools. Because criminals are using those tools, our job as protectors of our patients and their privacy is to employ our own tools to stop them.
The greatest tool at your disposal is going to be an ally. Hiring a competent security team that fits the size and needs of your company will be crucial to building the foundations of a working cybersecurity plan. As you work through your plan, your network and its security will get the chance to be engaged with penetration testing. This testing will go far deeper than CybelAngel’s gentle look and, if you haven’t completed any penetration testing before, will likely yield significant problems. As you address these issues, you will be far more protected from litigation and fines. Even if you are hacked, your fines will almost certainly be minimal compared to those who do not perform any testing.
Lastly, medical equipment is likely on your network. Medical equipment is very different compared with other systems on your network such as a Network Attached Storage (NAS) or Picture Archive and Communication System. Penetration testing must also be handled with special care. CE-Tech can help with that. Our Medical Device Cybersecurity team can perform penetration tests on your medical equipment in a safe environment and create a plan to keep the bad guys out.
If you do not have a plan in place today, now is the time to start.
Download the full report from Cybelangel here.