- Modat found more than 1.2 million wrongly wrong devices
- This includes MRI analyzes, X -rays and other sensitive files, as well as patient contact data
- The health care industry needs a proactive cybersecurity approach, warns researchers
Researchers have warned that there are currently more than a million health devices connected to the Internet that are poorly configured, disclosing all the data they generate online – putting millions of people at risk of identity, phishing, wire fraud, etc.
Modat recently digitized the Internet in search of unconverted devices and not in accordance with passwords, and using “ health care ”, they found more than 1.2 million aircraft that generated and flee confidential medical images, including MRI analyzes, X -rays and even blood tests, hospitals around the world.
“The examples of data disclosed in this way include brain scanners and X -rays, stored alongside protected health information and personally identifiable information from the patient, potentially representing both a violation of the patient’s confidentiality and confidentiality,” the researchers said.
Weak passwords and other misfortunes
In some cases, the researchers found information unlocked and available to anyone knows where to look for – and in other cases, the data was protected by such weak and predictable passwords which did not pose any challenges to penetrate and enter them.
“In the worst case, sensitive medical information disclosed could leave the victims without distrust open to fraud or even blackmail for a confidential medical condition,” they added.
In theory, a threat actor could learn a patient’s condition before doing so. With names and contact details, they can contact the patient and threaten to disclose information to friends and family, unless they pay a ransom.
Alternatively, they could pretend to be the doctor or the hospital and send phishing emails inviting the victim to “display sensitive files” which would simply redirect them to download malware or share connection identification information.
The majority of erroneous devices are located in the United States (174K +), South Africa being close to the second (172k +). Australia (111K +), Brazil (82k +) and Germany (81k +) stop the top five.
For Modat, a proactive security culture “beats a reactive response”.
“This research strengthens the urgent need for complete visibility of assets, robust vulnerability management and a proactive approach to secure each device connected to the Internet in health care environments, ensuring that sensitive patients of patients remain protected against unauthorized access and potential exploitation,” commented Errol Weiss, the security manager at Health-ISAC.
