Analysts Uncover 4.4M Medical Imaging Files Exposed Online

May 30, 2019 – Analysts found 4.4 million medical imaging files exposed in online file stores, double the number uncovered last year, according to a new report by Digital Shadows.

In total, analysts found 4.7 million medical files exposed online.

The medical imaging files mostly were stored using the Digital Imaging and Communications in Medicine (DICOM) standard for handling, storing, printing, and transmitting information in medical images. Other standards used for exposed medical files included Health Level Seven (HL7) and the HIPAA Electronic Data Interchange (EDI) transaction format X12.
“The sheer amount of information exposed violates individuals’ privacy as well as regulations like HIPAA in the United States,” the report commented.

Overall, Digital Shadows analysts detected 2.3 billion exposed files, 750 million more than last year’s report.

The exposures include 326 million records from the United States, 98 million from the United Kingdom, and 121 million from Germany.

The files were exposed because of misconfiguration of file storage technologies, including server message block (SMB) protocol, network-attached storage (NAS) devices, file transfer protocol (FTP) services, rsync servers, and Amazon S3 buckets.

The SMB protocol exposed the highest number of files among the technologies examined, nearly 50 percent, while FTP services and rsync servers accounted for 20 percent and 16 percent of the exposed files, respectively. Amazon S3 buckets accounted for 8 percent, and NAS devices accounted for 3 percent.

The research found an open FTP server containing job applications, personal photos, passport scans, and bank statements, informaiton an attacker would need to conduct identity theft.

Digital Shadows advised organizations to take the following precautions:

Use Amazon S3 Block Public Access to limit public exposure of buckets that are intended to be private, and enable logging through AWS to monitor for unwanted access or potential exposure points
Block ports 139 and 445 from the internet, if possible; IP whitelisting should be used to enable only those systems that are authorized to access those shares, and employ usernames with strong and complex passwords
Block port 837 to disallow any external connections, if rsync is only used internally
Use SSH File Transfer Protocol (SFTP) as an update to FTP which adds SSH encryption to the protocol.
Place NAS drives internally behind a firewall, and use access control lists to prevent unwanted access
“Our research shows that in a GDPR [General Data Protection Regulation] world, the implications of inadvertently exposed data are even more significant. Countries within the European Union are collectively exposing over one billion files – nearly 50 percent of the total we looked at globally – some 262 million more than when we looked at last year. We urge all organizations to regularly audit the configuration of their public facing services,” commented Harrison Van Riper, an analyst with Digital Shadows’ Photon Research Team.

Source: https://bit.ly/2FFNwcq