Highly sensitive medical data, including almost 200,000 pictures of patients in Switzerland, have ended up on unsecured servers, according to research. Worldwide, data from several million patients are affected.
Anyone with basic computer skills can access the documents, including breast cancer screenings, spinal images, chest x-rays or cardiac pacemakers, said German public broadcaster Bayerischer Rundfunkexternal link on Tuesday based on the its research with US investigative news platform ProPublicaexternal link.
In Switzerland two systems with 1,500 patient data sets and a total of 197,000 images are affected, according to the report.
The images are high-resolution and contain a great deal of information, almost all of which is personal data: date of birth, first and last name, date of examination and information about the treating physician or the treatment itself.
“Unlike some of the more infamous recent security breaches, in which hackers circumvented a company’s cyber defenses, these records were often stored on servers that lacked the security precautions that long ago became standard for businesses and government agencies,” wrote ProPublica.
Worldwide, the scale is much larger, with servers all over the world left unprotected.
According to the report, 590 archive systems reveal 24.5 million data records. Patients from the United States are particularly affected.
Although ProPublica found no evidence that patient data was copied from these systems and published elsewhere, it said the consequences of unauthorised access to such information could be devastating.
“Medical records are one of the most important areas for privacy because they’re so sensitive. Medical knowledge can be used against you in malicious ways: to shame people, to blackmail people,” said Cooper Quintin, a security researcher and senior staff technologist with the Electronic Frontier Foundation, a digital-rights group.
“This is so utterly irresponsible,” he said.