- Modat found more than 1.2 million devices poorly configured with filtration information
- This includes magnetic resonance scans, radiographs and other confidential files, along with patient contact data
- The health industry needs a proactive approach to cybersecurity, researchers warn
Researchers have warned that there are currently more than one million health devices connected to the Internet that are poorly configured, filtering all the data they generate online, which puts millions of people at risk of identity theft, phishing, cable fraud and more.
Modat recently scanned the Internet in search of poorly configured, protected by the word, devices and its data, and when using the ‘Healthcare’ label, they found more than 1.2 million devices that generated and leaks confidential medical images that include magnetic resonance scans, X -rays and even blood work, hospitals worldwide.
“The examples of data that are filtered in this way include brain and radiographs, stored together with protected health information and patient personal identification information, which potentially represents a violation of the patient’s confidentiality and privacy,” the researchers explained.
Weak passwords and other problems
In some cases, researchers found unlocked and available information for anyone who knows where to look for, and in other cases, the data were protected with such weak and predictable passwords that did not raise the challenge of breaking and taking them.
“In the worst case, the filtered sensitive medical information could leave the victims open to fraud or even blackmail for a confidential medical condition,” they added.
In theory, a threat actor could learn from the condition of a patient before doing so. Together with the names and contact data, they can communicate with the patient and threaten to disseminate the information to friends and family, unless they pay a rescue.
Alternatively, they could impersonate the doctor or hospital and send emails from Phishing inviting the victim to “see confidential files” that would redirect them to download malware or share login credentials.
Most poorly configured devices are found in the United States (174k+), with South Africa in second place (172k+). Australia (111k+), Brazil (82k+) and Germany (81k+) round the first five.
For Modat, a proactive security culture “exceeds a reactive response.”
“This research reinforces the urgent need for integral visibility of assets, a solid vulnerability management and a proactive approach to ensure all the devices connected to the Internet in health environments, ensuring that the confidential data of patients remain protected from unauthorized access and possible exploitation,” said Errol Weiss, Health-Isac Security Director.
