Millions of Medical Records That Include Images Have Been Exposed. Are You a Victim?

There are different types of sensitive information. Perhaps, personal medical records can be said to be the most private information about an individual. When we visit our physicians, we expect our medical records to remain private and secure. However, with the switch from analog to digital, private medical records have also become a piece of information that can be stolen. What’s more, while it is possible to experience a medical data breach, it is also very common to come across servers that do not secure this kind of information in the first place. Thus, we need to take a closer look at this issue to make sure that we do not become the next victims of a medical records data breach.

Dangerous Medical Records Data Breach Instances

When we talk about a data breach, we emphasize the measures users and the data administrators can take to prevent malicious breaches. However, it is also important to note that if hackers are determined, they might steal the data no matter what security measures are employed. Of course, most of the time, relatively outdated security measures and authentication methods only help hackers steal more data.

For example, back in June, it was reported that almost 20 million patients of Quest Diagnostics and LabCorp got their information stolen in an obnoxious data breach. Security experts have noted that this data breach was similar in its nature to the attacks that were arranged against Ticketmaster, British Airways, and other organizations. During such data breaches, hackers tend to exploit a certain system vulnerability to steal sensitive data. The worst is that the vulnerability might remain undetected for a long period of time. Consequently, hackers can take their time stealing important information. Not to mention that services do not notify their customers about the breach until way later.

So, these are the types of data breaches that require a little bit of effort on the hacker’s side. But what if the hackers do not need to try at all? What if your personal data is just lying around, waiting for someone to take it? What if a medical records data breach is nothing more than a pleasant walk in a park?

Medical Images and Data Available Online

As mentioned before, the shift from analog to digital has opened doors for another type of criminal activity. Also, the universal data exodus from the paper form to the cloud service unearthed numerous security issues. It seems that someone in the medical world responsible for the security of private information has simply forgotten to secure it.

A few weeks ago, ProPublica published a report about the security of medical images and health data around the world. ProPublica is a non-profit organization that investigates abuses of power. Although the report was started out as a German investigation, ProPublica also states that millions of Americans are at risk of medical records data breaches because their information is not stored properly.

Now, what do we mean by proper storage? It means that if someone manages your personal information, they should make sure that no one from the outside is able to access it. So, if your medical records are stored on an online server, that server should be protected.

However, ProPublica identified at least 187 servers across the United States that weren’t using the basic security measures to protect the data. And what is a basic security measure? You probably are not going to believe it, but yes – it is a password. It is definitely hard to believe, but while individuals and businesses are actively employing password managers to protect their information from potential hacking attacks, there are still multiple databases out there, available to reach with one single click.

How is it possible to access an unprotected server? Well, sometimes, a web browser is enough. If you know the hyperlink address, you might reach the server, and just navigate through its folders looking for the information you need. Sometimes you may need special software. Sometimes it may require a little bit of coding. However, even if it does require some effort on your (or the hacker’s) part to access that information, security experts unanimously agree that, with such lack of protection, medical record access wouldn’t even count as a hack because you would be walking in through an open door.

Isn’t it illegal to store such sensitive information out in the open? The legal ground is slippery in this case, but some security experts suggest that continuous exposure of sensitive medical records could be a violation of the Health Insurance Portability and Accountability Act (HIPPA) that was passed in 1996. So the companies that store this information should be concerned about the potential data breaches. In fact, some medical providers like MobilexUSA have locked down their systems after ProPublica alerted them about the lack of security of their servers.

Are You a Victim?

Although there’s no actual list you can check, you can always ask your health care provider whether your medical records and imaging scans (like X-ray, ultrasound, and others) are protected by a password. You may also make inquiries into the usual personal data security practices at your doctor’s office.

If you are one of those users whose personal information has been stolen by hackers, your medical service provider should have informed you about it by now. Please follow the recommendations from your service provider to improve your data security.

All in all, there isn’t much you can do to protect your medical records yourself. However, if you make appointments to see your G.P. online, you probably have a password that helps you access your account. Although the chances of hackers targeting your account on a medical service website are pretty low, you can still review your password strength and perhaps change it.

The most efficient way to generate strong passwords is to employ reliable password managers that can evaluate your password strength and then help you create a new one. This way, you will be sure that you have done everything you can to protect your data.

By Foley
November 19, 2019
News
English
November 19, 2019
News
Recent Posts Popular Posts

Related Posts

A Security Vulnerability Left Personal Data of 'Millions' of Telefonica Customers Exposed screenshot
News

A Security Vulnerability Left Personal Data of 'Millions' of Telefonica Customers Exposed

On May 12, 2017, an unprecedented ransomware outbreak infected thousands of computers all around the world and wreaked havoc of unseen proportions. The infamous WannaCry strain hit both regular users and large... Read more

July 18, 2018
What Do I Do If I Fall Victim to a Data Breach? screenshot
Tips

What Do I Do If I Fall Victim to a Data Breach?

Your personal information has been exposed in a data breach and is now sitting somewhere on a hacking forum. You feel like someone has intruded your digital life and has made off with something very dear to you. Your... Read more

April 4, 2018
Yet Another Unprotected Server Exposes Medical Data screenshot
News

Yet Another Unprotected Server Exposes Medical Data

We've established already that people aren't nearly as careful as they should be when it comes to securing their personal data. Nevertheless, most users realize that they hand over quite a lot of sensitive information... Read more

February 25, 2019

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 5 + 4 ?

English