Data security firm Digital Shadows said that it has found 4.4 million DICOM medical imaging files left exposed in online file repositories worldwide -- twice the number of openly accessible imaging files discovered when the company last performed its survey in 2018.
The exposed imaging files were among 2.3 billion files containing customer data and business information that have been left exposed due to the misconfiguration of commonly used file-storage technologies, according to a team from Digital Shadows. The group shared the findings in a report called Too Much Information: The Sequel.
"As with all of the cases we discuss in this paper, not every single one of the exposed [medical-related] files is going to contain something sensitive," the report authors wrote. "However, the sheer amount of information exposed illustrates the extent of individuals' privacy violations, and of regulations like HIPAA in the United States."
The researchers also found approximately 300,000 exposed HL7 and HIPAA healthcare transaction format X12 files.
Digital Shadows recommends that organizations implement five precautions:
- Use Amazon S3 Block Public Access to limit public exposure of buckets that are intended to be private. Enable logging through Amazon Web Services (AWS) to monitor for any unwanted access or potential exposure points.
- If possible, block ports 139 and 445 from the internet. Use internet protocol (IP) whitelisting to ensure that only authorized systems have access. Utilize usernames with strong and complex passwords.
- If the rsync utility is only used internally, block port 837 to disallow any external connections.
- Use SSH File Transfer Protocol (SFTP), an update to FTP that adds Secure Shell (SSH) encryption.
- As with FTP servers, place network-attached storage (NAS) drives internally behind a firewall, and use access control lists to prevent unwanted access.