Latest in Gear

Image credit: gorodenkoff via Getty Images

Millions of Americans' medical records are out in the open on the internet

Some servers with medical data in the US aren’t even protected by a password.
335 Shares
Share
Tweet
Share

Sponsored Links

gorodenkoff via Getty Images

If you've ever visited a private medical clinic, your records could be at risk. A new joint investigation published by ProPublica and German broadcaster Bayerischer Rundfunk found that the medical data of some 5 million patients in the US is easily obtainable with free software or just a simple web browser.

The publication identified at least 187 medical servers across the US that weren't protected by a password, let alone other modern cybersecurity measures. Moreover, many of those same servers were running outdated software, making them vulnerable to a variety of known exploits. In all, ProPublica estimates that some 13.7 million medical tests and 400,000 x-rays for patients in the US could be easily accessed by malicious individuals. "It's not even hacking. It's walking into an open door," cybersecurity researcher Jackie Singh said to ProPublica.

In some instances, the data included not only the name and birthday of the patient but their social security number as well. ProPublica didn't find evidence that the records were accessed and copied elsewhere, but the number of vulnerable servers highlights a glaring oversight by the medical industry.

As the publication notes, the oversight likely represents a breach of the federal government's Health Insurance Portability and Accountability Act (HIPAA). Enacted in 1996, the act governs the handling of sensitive data. One issue is that the act doesn't provide much guidance on how the industry is supposed to protect data it stores on computers. Some of the clinics ProPublica contacted about their servers tightened their security after the fact, but it'll likely be a while before most servers are properly protected.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
335 Shares
Share
Tweet
Share

Popular on Engadget

Windows users can now log in using Yubico security keys

Windows users can now log in using Yubico security keys

View
Watch NASA's first all-woman spacewalk

Watch NASA's first all-woman spacewalk

View
US military will no longer use floppy disks to coordinate nuke launches

US military will no longer use floppy disks to coordinate nuke launches

View
SpaceX begins construction of its next-generation Starship rockets

SpaceX begins construction of its next-generation Starship rockets

View
Lebanon plans to charge a fee for internet voice calls

Lebanon plans to charge a fee for internet voice calls

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr