Measuring Healthcare Data Leaks and Security Flaws at Internet Scale

Abstract

Systems that process medical data should be meticulously secured. Yet, network services in healthcare environments often fail to implement basic security measures. For example, previous studies showed that network segmentation flaws led to DICOM systems leaking millions of patient records. In addition to DICOM, healthcare facilities rely heavily on the HL7 and FHIR protocols to transmit data. For nine months, we operated a low-interaction honeypot for medical protocols. We found it was regularly scanned for DICOM but never for HL7 or FHIR, indicating that despite their widespread use and importance for patient data security, the security of these services remains underexplored. In this paper, we present the first large-scale study on HL7 and FHIR services and expand previous work on DICOM. Our large-scale Internet scans, covering the three major healthcare protocols across IPv4 and IPv6 address spaces, identify healthcare systems and uncover data leaks due to authentication flaws. Additionally, we scanned for deficiencies in TLS configurations of these services and known insecure healthcare software. In total, we found ~healthcare services with authentication flaws. \% of all exposed systems do not support transport encryption, and systems have known software vulnerabilities, including those with potential for system takeover and CVSS scores up to 9.8. Overall, our study reveals an alarming state of cybersecurity in healthcare deployments, for which we discuss potential reasons and countermeasures. Finally, we report on the coordinated disclosure campaign we initiated to improve the security of patient data.

0

Turn this paper into a full lesson

ArcXiv compiles a staged curriculum from this paper: 8-12 lessons across beginner → advanced, synthesised section guides, visuals, flashcards, a quiz, exercises, and on-demand deep dives per section. Grounded in the abstract, never invented.

Discussion (0)

Sign in to join the discussion.

Loading comments…