Breach Candy Hospital Data Breach (2020)

Nearly one million medical files and 107 million related medical images of Indian patients, including X-rays and scans, are freely accessible on the internet, an investigation by German security firm Greenbone Networks has found. The records and images include details such as patient name, date of birth and ID, name of the medical institution, ailment, physician names and other sensitive details. ET has reviewed a screenshot containing a list of patient names. ET also accessed a web portal link that allows access to, and downloads of, medical images of patients. The servers on which these records are stored have been left vulnerable, Greenbone said. Medical practitioners use a file format known as Digital Imaging and Communications in Medicine (DICOM) to store and share medical images. These DICOM images are typically stored in a picture archiving and communications system (PACS) server, which allows for easy access and storage.