Latest in Gear

Image credit:

Millions of Americans' medical records are out in the open on the internet

Some servers with medical data in the US aren’t even protected by a password.
345 Shares
Share
Tweet
Share

Sponsored Links

gorodenkoff via Getty Images

If you've ever visited a private medical clinic, your records could be at risk. A new joint investigation published by ProPublica and German broadcaster Bayerischer Rundfunk found that the medical data of some 5 million patients in the US is easily obtainable with free software or just a simple web browser.

The publication identified at least 187 medical servers across the US that weren't protected by a password, let alone other modern cybersecurity measures. Moreover, many of those same servers were running outdated software, making them vulnerable to a variety of known exploits. In all, ProPublica estimates that some 13.7 million medical tests and 400,000 x-rays for patients in the US could be easily accessed by malicious individuals. "It's not even hacking. It's walking into an open door," cybersecurity researcher Jackie Singh said to ProPublica.

In some instances, the data included not only the name and birthday of the patient but their social security number as well. ProPublica didn't find evidence that the records were accessed and copied elsewhere, but the number of vulnerable servers highlights a glaring oversight by the medical industry.

As the publication notes, the oversight likely represents a breach of the federal government's Health Insurance Portability and Accountability Act (HIPAA). Enacted in 1996, the act governs the handling of sensitive data. One issue is that the act doesn't provide much guidance on how the industry is supposed to protect data it stores on computers. Some of the clinics ProPublica contacted about their servers tightened their security after the fact, but it'll likely be a while before most servers are properly protected.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
345 Shares
Share
Tweet
Share

Popular on Engadget

SpaceX launches its original Dragon capsule for the last time

SpaceX launches its original Dragon capsule for the last time

View
Facebook's experimental Stories feature lets users cross-post to Instagram

Facebook's experimental Stories feature lets users cross-post to Instagram

View
Roku is giving away 30 days of premium video

Roku is giving away 30 days of premium video

View
Google pulls Infowars from the Play Store over coronavirus misinformation

Google pulls Infowars from the Play Store over coronavirus misinformation

View
YouTube Music's redesigned playback screen includes lyrics

YouTube Music's redesigned playback screen includes lyrics

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr