Anand Murali

Confidential personal health data belonging to millions of Indians are lying exposed on the internet because hospitals and medical institutions have not taken security precautions to safeguard this information.

More than 120 million images — X-rays, ultrasounds, magnetic resonance imaging (MRI) files, computed tomography (CT) scans, endoscopy, mammograms and ophthalmology records — are lying open for cyber-criminals to tap into and sell on the black market, according to a report by Germany-based security firm Greenbone Networks.

Globally, nearly 1.2 billion medical images are lying insecure and open to exploitation.

The data is being exposed through insecure servers known as Picture Archiving and Communication Systems. These servers help medical practitioners easily store and share images but when these systems are connected to the internet without protection, the most intimate details of a patient’s health become exposed to the world.

“It is a notable fact for the systems located in India, that almost 100 percent of the studies allow full access to related images,” the report said.

Tech2 has written to the Indian Medical Association asking for comments. This story will be updated once IMA replies to our email.

Implementation of PACS systems has been growing over the years, as hospitals try and move to a paperless system, but the worrisome part is that the institutes are not paying as much importance to secure these systems as they increase their scope and usage.

Indian States Studies Images Images Accessible Studies with image access Systems per state Maharashtra 3,08,451 6,97,89,685 6,97,89,685 3,08,451 46 Karnataka 1,82,865 1,37,31,001 1,37,31,001 1,82,865 7 West Bengal 1,72,885 34,11,255 34,11,255 1,72,885 2 Telangana 1,26,160 59,97,360 1,10,160 7,344 3 Gujarat 1,11,408 1,39,97,757 1,39,97,757 1,11,408 19 Punjab 45,973 71,56,545 71,56,545 45,973 6 Delhi 40,709 21,05,605 21,05,605 40,709 4 Andhra Pradesh 17,302 4,46,870 4,46,870 17,302 2 Haryana 10,713 15,48,165 15,48,165 10,713 2 Uttar Pradesh 6,013 17,49,150 17,49,150 6,013 4 Madhya Pradesh 4,329 4,32,900 - - 1 Chandigarh 1,121 6,72,600 6,72,600 1,121 1

Increasingly, medical records are becoming an important target for hackers, for whom financial records are a top priority. Many times, medical images are stored along with other personal data belonging to patients.

A total of 97 insecure systems were found across India, exposing 121 million image records related to over a million medical studies, Greenbone’s November 2019 report said. This report was updated last week.

Healthcare data is classified as ‘sensitive’ in the draft Personal Data Protection bill, which is being debated by a select committee of both houses of parliament.

A final bill is expected to be ready for the budget session which starts at the end of this month.