A year ago, a team led by Oleg Pianykh, PhD, performed a worldwide DICOM scan, scanning all 4 billion Internet Protocol (IP) addresses to identify unprotected DICOM archives. That scan revealed nearly 3,000 DICOM servers -- used to store patient images -- that were unprotected, meaning they were open to remote access via DICOM protocol.
"DICOM servers store patient medical images, and the large number of unsecured DICOM installations found in our scan proves that clinical security is still very much neglected, even at the most basic level," Pianykh told AuntMinnie.com.
Pianykh next turned his attention to assessing the security of the second half of electronic patient data (patient demographics, reports, labs, and billing information). These data are commonly stored in an HIS, which uses the HL7 communication protocol. Following the same protocol as the DICOM security study, Pianykh and Sampson Abiola from the Harvard Extension School scanned all IP addresses for unprotected HL7 servers.
"Because HIS network settings are usually more variable compared to those of DICOM archives, our worldwide scan yielded only 324 unprotected HIS servers -- lower than DICOM, but still sufficient for our new 'HL7 security' country ranking and analysis," he said. "Our HL7 scan supports the same conclusion [as our DICOM server study]: Considerably more work needs to be done to keep medical data protected."
The U.S. was responsible for one-third of the unprotected HL7 archives found in the survey.
