INSUBCONTINENT EXCLUSIVE:
The medical images and health data of millions of Americans, including X-rays, MRIs and CT scans, have been discovered on unsecured
servers.The records cover over 5m patients in the US as well as millions more around the world and in some cases, these images and private
data can be viewed by anyone with access to a web browser.An investigation carried out by ProPublica and the German broadcaster Bayerischer
Rundfunk identified 187 servers in the US that were not protected by passwords or basic security precautions
Unlike other recent high-profile data breaches, these records were stored on servers which lacked the security precautions that are
typically employed by businesses and government agencies.ProPublica found that the extent of the exposure varies by health provider as well
as by the medical record software they use
For example, the server of the US company MobilexUSA displayed the names, dates of birth, doctors and procedures of more than a million
patients and all of this information was accessible by entering a simple data query
The company has since improved its security after being alerted by ProPublica.In total, medical data from over 16m scans worldwide was
available online and this data included names, birth dates and in some cases, Social Security numbers.However, pointing the blame and the
party responsible has been difficult for experts
Under US law, healthcare providers and their business associates are legally accountable for securing the privacy of patient data
According to several experts, exposing patient data the way these companies did could violate the Health Insurance Portability and
Accountability Act (HIPAA).Thankfully, ProPublica found no evidence that the exposed patient data was copied from these systems and
published elsewhere but still, the consequences of unauthorized access to this kind of information could be devastating.The nonprofit
organization's investigation showed that large hospital chains and academic medical centers did put the necessary security protections in
place to protect their data
However, independent radiologists, medical imaging centers and archiving services failed to protect the data that was in their care.Via
