Unprotected image servers remain a global problem

By Erik L. Ridley, AuntMinnie staff writer
March 10, 2016

Despite widespread focus on the critical need for healthcare data security, many institutions still aren't getting the message. More than 800 servers worldwide storing DICOM image data are fully open to outside computers that could steal their data, according to a study presented at last week's ECR 2016 in Vienna.

Repeating a study that was presented at ECR 2015, researchers from Massachusetts General Hospital (MGH) in Boston unfortunately found no improvement in 2016 for DICOM security after a worldwide search for unprotected DICOM servers. Of the 2,773 unprotected DICOM servers found by the researchers this year, 29% were completely open to DICOM communication with outside computers and were capable of transferring patient data.

The troubling findings show that patient data is still not secured, according to presenter Oleg Pianykh, PhD.

"If you think that your hospital has not been hacked yet, then most probably you just don't know that it was," Pianykh said.

Assessing clinical security

Pianykh and colleague Sampson Abiola of MGH wrote an application designed to probe remote computers over an Internet protocol (IP) address and see if it would respond to a query to communicate. The idea was to survey a large sample of IP addresses and identify the ones that responded positively to the request.

Using geolocation technology, they would then map these unprotected IP addresses, pinpointing the coordinates and their providers/owners, he said. Pianykh noted that the search was conducted only for protocol verification purposes; no clinical data were accessed.

Thanks to some multicore programming and a highly parallel Amazon computing cluster, the researchers were able to scan 4 billion IP addresses -- the entire IP space -- in 12 hours, Pianykh said. They calculated the number of overall unprotected DICOM IP addresses, as well as those that also accepted external DICOM "handshakes" (i.e., communication requests), meaning they were fully open to DICOM communication with outside computers.

Number of unprotected DICOM computers
  2014 2016 Change
Number of unprotected DICOM IP addresses 2,774 2,773 0%
Number of unprotected DICOM IP addresses that were fully open to outside communication 719 804 11%
Percent of unprotected DICOM servers fully open to outside communication 25% 29% 4 percentage points

"Obviously, we don't know the actual [total] number of DICOM servers; nobody knows how many servers are being kept behind firewalls, so there's no way to count them," he said. But at least the number of unprotected DICOM addresses and the number of unprotected DICOM IP addresses that were fully open to outside communication give you a "fair idea of what's going on," he noted.

The biggest offenders

Pianykh noted that the total number of overall clinical servers was the major predictor for the number of unsecured servers.

Countries with the highest ratios of open DICOM servers accepting foreign handshakes to all detected DICOM servers included the following:

  1. Iran 34/40 (85%)
  2. Thailand: 10/14 (71%)
  3. Spain: 11/23 (48%)
  4. Argentina: 6/13 (46%)
  5. Russia: 8/18 (44%)
  6. Brazil: 51/118 (43%)
  7. Germany: 9/22 (41%)
  8. Bolivia: 4/10 (40%)
  9. Australia: 12/32 (38%)
  10. Turkey: 49/143: (34%)
  11. Taiwan: 41/114: (34%)
  12. Poland: 4/12 (33%)
  13. Japan: 3/11 (27%)
  14. Chile: 7/27 (26%)
  15. U.S.: 346/1335 (26%)
  16. China: 11/43 (26%)
  17. Canada: 13/52 (25%)
  18. Philippines: 6/24 (25%)
  19. Mexico: 14/57 (25%)
  20. Hungary: 4/20 (20%)

"You see some unusual [countries] on this list, but you also see countries that you would expect to take better care of their DICOM communications," he said.

The researchers also found open HL7 servers when they performed a similar search of all IP addresses for the HL7 protocol.

Countries with the most open HL7 servers:

  1. U.S.: 89
  2. Brazil: 26
  3. Egypt: 25
  4. Japan: 18
  5. China: 15
  6. Netherlands: 15
  7. Chile: 11
  8. France: 11
  9. Denmark: 9
  10. India: 8
  11. Italy: 8
  12. Russia: 8
  13. Canada: 6
  14. Singapore: 6
  15. Columbia: 5
  16. Germany: 5
  17. Puerto Rico: 5
  18. Ecuador: 4
  19. South Korea: 4
  20. Taiwan: 4

More than 20 years after digital medicine began to be implemented, patient data still remain unsecured, according to Pianykh.

Image security remains 'significant global problem'
How secure are your medical images? If you don't know the answer, you'd better find out. A recent search found that more than 700 DICOM medical image...
Report: Medical cybersecurity risks include radiology software
Many healthcare information assets have been compromised, and no organization is immune, according to a report issued by Internet security firm SANS...
HIMSS: Staffing, security are top concerns for HIT leaders
NEW ORLEANS - Recruiting and retaining healthcare IT personnel and ensuring data security in an era of bring-your-own mobile devices are among the top...
HIMSS survey finds improvements in data security
Thanks in part to the U.S. government's meaningful use initiative, U.S. hospitals have increased security to protect their electronic records, according...

Copyright © 2016 AuntMinnie.com

Last Updated np 3/17/2016 2:45:01 PM