Buzz
This isn't necessarily a case of data theft; rather, it points to poor IT practices. If images are stored on a server without any password protection or authentication, anyone aware of the server's existence could potentially access and download your data. ProPublica reports that over 16 million medical scans from around the world were accessible online, with some even containing personal details like names, birthdates, and occasionally, Social Security numbers.
How can we secure our data? Unfortunately, it's not a simple solution. ProPublica refrains from revealing how to locate these images for privacy concerns. The advice they offer includes:
The investigation reveals how easy it can be to stumble upon medical images online. ProPublica offers guidance on safeguarding our information, though the details are kept private for obvious reasons.
When undergoing a medical imaging scan, such as an x-ray, CT scan, MRI, or ultrasound, be sure to ask the healthcare provider who performed the scan — or your doctor — whether accessing your images requires a username and password. You should also inquire if their office, or the medical imaging provider to whom they refer patients, regularly conducts a security assessment as mandated by HIPAA.
Unfortunately, simply asking may not always be enough. According to a report by ProPublica, one provider initially claimed their data was password-protected, but it wasn't. Afterward, they secured the servers, but it's difficult to imagine how a patient could verify if their data is truly protected.
ProPublica also notes that larger hospital systems generally secured their patient data more effectively, with the issues often arising from independent radiologists, medical imaging centers, or archiving services. Ultimately, it's the responsibility of the provider or their associated hospital system to ensure the privacy of your images, no matter who takes them.
