Posted: May 24, 2019 by Vasilios Hioureas In the medical world, sharing patient data between organizations and specialists has always been an issue. What we see today is individual practices hosting patient medical data on private and often in-house systems called PACS servers. It’s in the setup While there are hundreds of examples of exploitable medical devices/ services which have been publicly exposed so far, I will focus in detail on one specific case that deals with a PACS server framework, a system that has great prevalence in the industry and deserves attention because it has the potential to expose private patient data if not set up correctly. “This data does not contain a credit card and sometimes not even a social security number.” We have seen that on the black market, medical data is much more valuable to criminals than a credit card, or even a social security number alone. As I have described in this article, medical records are stored in silos, and it is not possible for one medical professional to cross check patient data with any kind of central database.