The Department of Health and Human Services says more than 275 million medical images are currently exposed due to unsecured picture archiving and communication systems (PACS), according to an alert published Tuesday.
The HHS report further claims 130 health organizations are running vulnerable systems and putting nearly 2 million patients at risk.
Part of the problem extends to images stored using the Digital Imaging and Communications in Medicine (DICOM) format, the government health organization noted.
“Through exploitation of the DICOM protocol, installation of malicious code can be used to manipulate medical diagnosis, falsify scans, install malware, sabotage research, etc.,” according to the June 29 report. “Such threats could allow an attacker to compromise connected clinical devices and laterally spread malicious code to other parts of the network undetected.”
HHS recommends health systems start applying basic security principles, such as validating internet connections, mandatory passwords to access information and placing data behind a firewall.
“There continues to be several unpatched PACS servers visible and the Health Sector Cybersecurity Coordination Center is recommending entities patch their systems immediately,” the news alert stated. “Healthcare organizations are advised to review their inventory to determine if they are running any PACS systems and if so, ensure the guidance in this alert is followed.”
You can read the full alert here.