German probe finds millions of medical records freely available online
Millions of records belonging to patients worldwide, including X-Rays, mammograms and MRI scans, were long freely accessible online without basic security measures, German authorities said Tuesday after a media investigation.
ProPublica and Bavarian public television BR reported that some 16 million records were available "unprotected on the internet and available to anyone with basic computer expertise", protected by neither a password nor encryption.
It is unclear how much of the data has now been safely sealed away by the various hospitals and other health care providers affected in dozens of countries.
"Several thousand patient records were accessible," confirmed Germany's Federal Office for IT Security (BSI), referring only to some 13,000 of the country's citizens affected.
"The patient data could be accessed as the simplest IT security measures, like access control using usernames and passwords, or encryption, were not implemented."
However, the government agency "has no information that patient data were in fact copied for criminal purposes."
As well as scan and radiology data, patients' names, birth dates and social security numbers were freely readable.
BR and ProPublica reported at least 187 servers in the US and five in Germany were among the vulnerable computers, although there were similar security gaps in almost 50 countries including Brazil, Turkey and India.
The BSI said it had informed "partner organisations" in 46 countries about the problem.
Comments
See Also
ProPublica and Bavarian public television BR reported that some 16 million records were available "unprotected on the internet and available to anyone with basic computer expertise", protected by neither a password nor encryption.
It is unclear how much of the data has now been safely sealed away by the various hospitals and other health care providers affected in dozens of countries.
"Several thousand patient records were accessible," confirmed Germany's Federal Office for IT Security (BSI), referring only to some 13,000 of the country's citizens affected.
"The patient data could be accessed as the simplest IT security measures, like access control using usernames and passwords, or encryption, were not implemented."
However, the government agency "has no information that patient data were in fact copied for criminal purposes."
As well as scan and radiology data, patients' names, birth dates and social security numbers were freely readable.
BR and ProPublica reported at least 187 servers in the US and five in Germany were among the vulnerable computers, although there were similar security gaps in almost 50 countries including Brazil, Turkey and India.
The BSI said it had informed "partner organisations" in 46 countries about the problem.
Join the conversation in our comments section below. Share your own views and experience and if you have a question or suggestion for our journalists then email us at [email protected].
Please keep comments civil, constructive and on topic – and make sure to read our terms of use before getting involved.
Please log in here to leave a comment.