loader gif

Almost 600 PACS servers containing millions of X-rays and MRIs exposed to the internet

Almost 600 PACS servers containing millions of X-rays and MRIs exposed to the internet
  • The analysis revealed that at least 590 PACS servers in 59 countries are left unprotected exposing over 24.3 million patient records.
  • Apart from these, the researchers noted that the PACS systems contain over 10,000 security issues, of which 500 of them (20%) are labeled with a high-severity score (CVSS score of 10).

The Backdrop

Greenbone Networks, a Germany-based vulnerability analysis and management company, analyzed over 2,300 Picture Archiving and Communication System (PACS) systems that are connected to the public internet.

PACS are used in the healthcare sector to store and serve medical information retrieved from imaging devices such as X-Ray, CT, or MRI machines.

The Exposure

The analysis revealed that at least 590 PACS servers are left unprotected exposing over 24.3 million patient records.

  • The researchers used RadiAnt DICOM Viewer and downloaded at least 399.5 million images out of an estimated 733.5 million images.
  • The exposed patient records included names, dates of birth, dates of examination, type of imaging procedure, attending physicians, clinic names, and the number of generated images.

Apart from these, the researchers noted that the PACS systems contain over 10,000 security issues, of which 500 of them (20%) are labeled with a high-severity score (CVSS score of 10).

The Highlights

The unprotected PACS servers were spread across 59 countries, of which:

  • The United States has the largest number of exposed data sets (13.7 million), with over 300 million medical images attached and 187 unprotected PACS systems.
  • In South America, Brazil leads with 640,000 exposed data sets, 31.1 million exposed images, and 34 unprotected PACS.
  • In Europe, Italy has the highest number of unprotected systems and exposed data sets.
  • In Asia, India has over 100 unprotected PACS, 627,000 exposed records, and over 105 million exposed images.
  • In Asia, Turkey has the highest number of exposed records (4.9 million) along with associated 4.9 million medical images.

Greenbone Networks has published a detailed report about their analysis and findings.

loader gif