back to article Seriously, this sh!t again? 24m medical records, 700m+ scan pics casually left online

Around 24 million medical patients' data is floating around on the internet, freely available for all to pore over – thanks to that good old common factor, terribly insecure servers. German vuln-hunting firm Greenbone Networks found 590 "medical image archive systems online" containing a startling 737 million images, of which …

  1. GnuTzu

    "..for all to pore over"

    O.K. I'm trusting that this was an intentional misspelling, but it just doesn't play into the medical angle all that well.

    Besides, the notion that medical records could be viewed as some bodily fluid leaking out a server's pores is... Well, I guess this is a kind of medical waste.

    1. Imhotep

      Definition of pore over: to read or study (something) very carefully

    2. macjules
      Headmaster

      At the risk of being called a grammar Nazi, you might wish to check the difference between ‘to pour over’ and ‘to pore over’*

      * If you are an American then I apologise as your grammar is already an aberration to the English language.

      1. CrazyOldCatMan Silver badge

        American then I apologise as your grammar is already an aberration to the English language

        One that's sadly infecting the mother-language with the same abberations..

    3. fidodogbreath

      pore [ pawr, pohr ]

      verb (used without object), pored, por·ing.

      1. to read or study with steady attention or application: a scholar poring over a rare old manuscript.

      2 to gaze earnestly or steadily: to pore over a painting.

      3 to meditate or ponder intently (usually followed by over, on, or upon): He pored over the strange events of the preceding evening.

      https://www.dictionary.com/browse/pore

    4. General Purpose

      "Pore" is correct; you may accidentally pour coffee over a book but if you want to read it carefully, pore over it instead. https://www.dictionary.com/e/pore-over-vs-pour-over/ describes it well.

    5. Steve Aubrey
      Thumb Up

      Ratios

      Three comments about the story. Five comments about grammar.

      Commentards FTW!!

      1. General Purpose

        Re: Ratios

        Plus a comment about the comments and a comment about that. Recursion rocks!

        1. FozzyBear
          Go

          Re: Ratios

          To understand recursion, you must first understand recursion

          1. Aussie Doc

            Re: Ratios

            You can say that again.

            Oh, wait.

      2. Anonymous Coward
        Anonymous Coward

        Re: Ratios

        "Commentards FTW!!"

        'Multiple exclamation marks,' he went on, shaking his head, 'are a sure sign of a diseased mind.' - Terry Pratchett

      3. Korev Silver badge
        Coat

        Re: Ratios

        A bit poor isn’t it...

    6. TopCat62

      No one has mentioned Muphry's Law yet.

    7. GnuTzu

      Well, I stand corrected. I've only known the word "pore" as a small opening and had always expected that the term "pore over" would metaphorically relate to the concept of "pouring". Is "pore over" supposed to refer to squinty eyes passing over something? That sounds so weird to me. Just what is the etymology of such an expression?

      Sigh, well at least I learned something new.

      1. Anonymous Coward
        Anonymous Coward

        Just what is the etymology of such an expression?

        English, the sort of English that was in existence before the north Americas 'dumbed down' & bastardised it.

        1. CrazyOldCatMan Silver badge

          Re: Just what is the etymology of such an expression?

          north Americas 'dumbed down'

          That's a tad harsh - the US spellings were deliberately simplified to make it easier for the many immigrants from non English-speaking countries to learn. Which still gave plenty of space for eloquence and elegant language.

          No - for the current state of US grammar and spelling you have to look no further than the abysmal teaching of English in schools. And we in the UK are follwing suit.

          (Lets be clear here - I'm not blaming the teachers - I'm blaming the system and the methods that don't allow the teachers to *actually* teach proper English)

  2. Paratrooping Parrot
    Boffin

    Managers

    Usually it is the managers' fault for not recruiting trained staff who understand computer security to deal with data storage. They must also pay the computer staff properly as well. I think if managers' pay is directly affected, then these incidents would reduce.

    1. fidodogbreath

      Re: Managers

      Usually it is the managers' fault

      Curious...what is this "managers' fault" of which you speak?

      1. VikiAi
        Happy

        Re: Managers

        It's a big crack which private data often falls through!

    2. Phil Kingston

      Re: Managers

      Kinda. But I still say that until CIOs start going to prison, this lind of shit will continue.

      1. Halfmad

        Re: Managers

        Great in theory assuming these companies have them but as most will be smaller private clinics (At least in the UK) I can put money on them not having any in-house IT staff, nevermind CIOs etc.

        NHS is very unlikely to be directly affected as DICOM will be at least behind national boundaries like PSN/SWAN etc however that doesn't mean this isn't NHS data and NHS patients..

  3. IGotOut Silver badge
    Megaphone

    I think the best solution to this is simple.

    Stop reporting these wide open servers to the owner. Report to the relevant coutries Data Protection authourites first, THEN report to the owners afterwards.

    1. ecofeco Silver badge

      Re: I think the best solution to this is simple.

      USA had no such agency. Lovely innit?

      Yes HIPAA exist but they aren't enforcing.

  4. Anonymous Coward
    Anonymous Coward

    Interesting to see...

    the difference between the US and the UK in amount of data left exposed.

    I wonder if there is correlation with the Data Protection authorities or just that more US medical companies used this service?

  5. Lorribot

    sack the board,...

    Or make any security breaches an instant loss of bonus.

    May be share holders should be demanding companies report all breaches at their AGMs.

    You can't blame managers for recruiting IT illiterate when they themselves are IT illiterate and were appointed by senior managers that work for the business and are also IT illiterate.

    Hopefully the company in the UK will be fined massively, go out of business and the board will be named and shamed, personally fined and never work again.

    Unfortunately there will be a knee jerk reaction by the IT illiterate boards who will spray money at consultants to fix the problem, but will fix nothing fundamental and just cause lots work for the poor real techies who know how to fix this stuff but are not giver the funding or tools.

  6. sanmigueelbeer

    As for data security, it can get tiresome repeating the same simple messages. But until the world gets the message, we've got to keep on hammering it home.

    Speak softly but carry a big stick: Unless fines are imposed, and most importantly COLLECTED, from the offenders, nothing gets done.

    Alternatively, I hear "lawsuits" are equally effective as well.

  7. Brian in Seattle

    Cool. Maybe I can get the x-rays from my broken foot. I've been looking for those and my provider won't give me copies.

    1. Korev Silver badge
      Coat

      You poor thing, I guess you have toe ask the right sole to get you data.

  8. Conundrum1885

    Re. Data

    It appears that at least some of the images are test ones given with the owners consent eg for medical consultant training.

    The problem will be sorting out whose images they are, without the original data which is behind firewalls etc.

    On the flip side if the original owners really wanted to, they now have access to "Their" data without heinous charges, and

    in all likelihood should they choose it can be uploaded to a consultant of their choice for a second opinion.

    Get ready for "XrayBook" and "MRIBook" :-)

  9. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like