If you are like most people you’ve had at least one ridiculous run-in with the HIPAA laws. Most often it happens when you are trying to get medical results on behalf of another family member and you are denied because HIPAA is protecting his or her privacy!
And Yet ANYONE Can Download Their Images!
According to TechCrunch, over a billion medical images ranging from X-rays to ultrasounds and CT scans are available for download by anyone with an Internet connection and free-to-download software.
Makes one wonder where is HIPAA on this one?
Outdated and Insecure
The problem stems from insecure storage systems that are being used by hospitals, medical imaging centers and medical offices. These archiving systems known as PACS servers (Picture Archiving and Communication Systems) have had known vulnerabilities for quite some time. These PACS run a network architecture called DICOM (Digital Imaging and Communications in Medicine) that allows the archived images to be exchanged amongst servers and thus among the various healthcare providers that need access to them in order to provide patient care. Unfortunately, DICOM uses the IP protocol and this means that these systems can also be found on the Internet.
The HIPAA website states:
“The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, oral, and electronic, etc. Furthermore, only the minimum health information necessary to conduct business is to be used or shared.”
Open to Anyone Who Wants a Peek. Not Exactly HiPAA Compliant!
Since PACS servers store highly confidential data pertaining to the medical records of individuals, access should be heavily restricted per the HIPAA laws so that only certain personnel can view it. However, according to the results of a study conducted by Greenbone “for many of the archiving systems nothing could be further for the truth. Anyone can access a significant number of these systems and, what’s more, they can see everything that’s stored on them.” And by everything, we mean everything. Greenbone found that these wide-open archives contained medical and personal information including Social Security Numbers, birth dates, procedure dates, exam details, treating physicians, clinics and the scans themselves. All searchable and in some cases downloadable.
Let Konsultek Check Your Network for Vulnerabilities
Whether it is a wide open IP Address, ransomware, brute force hacking, phishing or some other cyber threat, Konsultek has the tools and talent to develop the right security solution for your particular situation. Not sure just how robust your network security is? No problem! Let our experts check your network’s vulnerability for free.
Our team of experts is happy to provide an outside, independent and unbiased analysis of your network’s security. Simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.
You’ll receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.