Electronic Healthcare Records , Governance & Risk Management , Healthcare
Exposed on the Web: Thousands of Devices, Medical Records
Researcher Himaja Motheram of Censys on Recent IP Security FindingsThousands of unique IP addresses are potentially exposing medical devices, electronic medical records systems and other sensitive healthcare information to the internet, said security researcher Himaja Motheram of security firm Censys, which made the discovery.
"Login interfaces are sitting out on the public internet for anybody to see," Motheram said based on the findings of a recent Censys report.
"When those interfaces allow things like credential brute forcing attempts, or when those interfaces don't use encryption or multifactor authentication, weakness in that one interface can potentially put vast amounts of sensitive personal health data at risk," she said.
More than a third of the more than 14,000 exposed IP addresses were open DICOM ports and DICOM-enabled web interfaces intended for exchanging and viewing medical images. This was particularly concerning because the legacy DICOM protocol has other previously identified security weaknesses, she said.
"DICOM is over 30 years old. It was not designed for security. It was designed for ease of access, which is oftentimes at odds with security," she said.
In recent years, there have been multiple published exploits in DICOM, including ways to gain entry into networks and for lateral access, she said.
Censys' research found that many of the exposed DICOM servers identified were tied to independent radiology and pathology service providers, as well as imaging departments within larger hospital networks.
"These old medical imaging scanners and radiology servers are probably not that high on the priority list for a security admin working in healthcare," she said.
In this audio interview with Information Security Media Group (see audio link below photo), Motheram also discussed:
- Exposures involving electronic health record systems;
- Compromises involving IP address exposures;
- Steps for mitigating the risk involving IP address exposures.
At Censys, Motheram is responsible for investigating the impact of emerging vulnerabilities and exploring internet phenomena. She specializes in tracking the internet's response to major incidents.