A significant security breach has been identified in the Digital Imaging and Communications in Medicine (DICOM) protocol, leading to the exposure of millions of patient scans and health records online. The DICOM standard, a cornerstone for medical imaging interoperability, has been found to have vulnerabilities that have left patient information, including imaging, names, addresses, and phone numbers, unprotected on the internet.
The discovery, made by Aplite, a cybersecurity consultancy with a focus on digital healthcare, revealed that over 3,800 servers in more than 110 countries have been exposing the personal data of approximately 16 million patients. The compromised data includes sensitive details such as Social Security numbers in some instances. Additionally, these servers have exposed over 43 million health records, encompassing examination results, dates, and referring physicians’ information.
The United States hosts the majority of these exposed servers, with over 8 million records, followed by India and South Africa. Notably, many servers located in the U.S. contain data from medical practices outside the country. Aplite’s senior IT security consultant, Sina Yazdanmehr, highlighted that a vast majority of these vulnerable DICOM servers are hosted on cloud platforms like Amazon AWS and Microsoft Azure, with less than 1% employing effective security measures.
This issue is not new; previous reports have indicated that the decades-old DICOM protocol has been a source of data exposure in the past. However, the situation persists, and Aplite has identified a new potential attack vector that could allow malicious actors to alter data within medical images. Such tampering could render the records useless or even lead to the falsification of illness signs.
The findings were shared ahead of Aplite’s presentation at Black Hat Europe, where further details of the vulnerabilities and their implications for patient privacy and data integrity are expected to be discussed2. The ongoing risks associated with the DICOM protocol underscore the urgent need for enhanced security measures to protect sensitive medical information in the digital age.
