120 million, Indian patients medical images including X-rays and scans are available online which are freely accessible by anyone.
The firm published a follow-up report in November classifying countries in the “good, bad and ugly categories” based on the actions taken up by their governments after the first report was made public. India ranks second in the “ugly” category behind the United States.
What is the overall data troves after the first report was published?
The number of photos of patient information rose from 105 million to 121 million and that of data tribes with patient information went up from 6,27,000 to 1.01 million after two months of the first report.
What information exposed?
The data leak contained CT scans, MRIs and even patient’s photographs.
According to Greenbone Networks details such as the name of the patient, their date of birth, the national ID, name of the medical institutions, their medical history, physician names and other details that are meant to be classified.
“The leak is worrying because the affected patients can include anyone from the common working man to politicians and celebrities. In image-driven fields like politics or entertainment, knowledge about certain ailments faced by people from these fields could deal a huge blow to their image. The other concern is of fake identities being created using the details, which can be misused in any possible number of ways,” a cybersecurity officer in Maharashtra said.
As per the data available online, Maharashtra ranks highest with 3,08,451 data troves offering access to 6,97,89,685 images. Next is Karnataka with 1,82,865 data troves granting access to 1,37,31,001 images.
What is the main reason for data leak?
Greenbone states that the main reason for the leak is the Picture Archiving and Communications Systems or PACS server does not carry the latest security protocols, leaving data open for anyone to access. These servers are linked to the public BBC internet without any protection or safeguard, which is easily accessible to anyone.
The data leak occurred due to bad security practices rather than any flaw or loophole.
“The fact that PACS servers are vulnerable to attack or are accessible is not new information, and there have been a number of reports on this topic in the past. No report, however, has dealt with the breadth and depth of the problem associated with unsecured PACS servers,” the report states.