Over 120 million X-Rays, CT scans exposed on the internet due to carelessness of hospitals: Report

More than 120 million images are lying open for cyber-criminals to tap into and sell on the blackmarket.


Confidential personal health data belonging to millions of Indians are lying exposed on the internet because hospitals and medical institutions have not taken security precautions to safeguard this information.

More than 120 million images — X-rays, ultrasounds, magnetic resonance imaging (MRI) files, computed tomography (CT) scans, endoscopy, mammograms and ophthalmology records — are lying open for cyber-criminals to tap into and sell on the black market, according to a report by Germany-based security firm Greenbone Networks.

Globally, nearly 1.2 billion medical images are lying insecure and open to exploitation.

 Over 120 million X-Rays, CT scans exposed on the internet due to carelessness of hospitals: Report

Image: Pixabay

The data is being exposed through insecure servers known as Picture Archiving and Communication Systems. These servers help medical practitioners easily store and share images but when these systems are connected to the internet without protection, the most intimate details of a patient’s health become exposed to the world.

“It is a notable fact for the systems located in India, that almost 100 percent of the studies allow full access to related images,” the report said.

Tech2 has written to the Indian Medical Association asking for comments. This story will be updated once IMA replies to our email.

Implementation of PACS systems has been growing over the years, as hospitals try and move to a paperless system, but the worrisome part is that the institutes are not paying as much importance to secure these systems as they increase their scope and usage.

Indian States Studies Images Images Accessible Studies with image access Systems per state
Maharashtra 3,08,451 6,97,89,685 6,97,89,685 3,08,451 46
Karnataka 1,82,865 1,37,31,001 1,37,31,001 1,82,865 7
West Bengal 1,72,885 34,11,255 34,11,255 1,72,885 2
Telangana 1,26,160 59,97,360 1,10,160 7,344 3
Gujarat 1,11,408 1,39,97,757 1,39,97,757 1,11,408 19
Punjab 45,973 71,56,545 71,56,545 45,973 6
Delhi 40,709 21,05,605 21,05,605 40,709 4
Andhra Pradesh 17,302 4,46,870 4,46,870 17,302 2
Haryana 10,713 15,48,165 15,48,165 10,713 2
Uttar Pradesh 6,013 17,49,150 17,49,150 6,013 4
Madhya Pradesh 4,329 4,32,900 - - 1
Chandigarh 1,121 6,72,600 6,72,600 1,121 1

Increasingly, medical records are becoming an important target for hackers, for whom financial records are a top priority. Many times, medical images are stored along with other personal data belonging to patients.

A total of 97 insecure systems were found across India, exposing 121 million image records related to over a million medical studies, Greenbone’s November 2019 report said. This report was updated last week.

Healthcare data is classified as ‘sensitive’ in the draft Personal Data Protection bill, which is being debated by a select committee of both houses of parliament.

A final bill is expected to be ready for the budget session which starts at the end of this month.

Welcome to Tech2 Innovate, India’s most definitive youth festival celebrating innovation is being held at GMR Grounds, Aerocity Phase 2, on 14th and 15th February 2020. Come and experience an amalgamation of tech, gadgets, automobiles, music, technology, and pop culture along with the who’s who of the online world. Book your tickets now.