The Discovery
In a groundbreaking discovery, security researcher Himaja Motheram of security firm Censys has identified a significant vulnerability in the DICOM (Digital Imaging and Communications in Medicine) protocol, which is widely used in medical imaging. The discovery highlights the need for improved security measures to protect sensitive medical data.
The DICOM Protocol
DICOM is a standard protocol for sharing medical images and data between healthcare providers. It is used in various medical imaging applications, including radiology, cardiology, and oncology. The protocol is designed to facilitate the exchange of medical images and data between different devices and systems. Key features of DICOM include: + Support for various image formats, such as JPEG, TIFF, and DICOM + Ability to transmit images and data between devices and systems + Standardized communication protocols for secure data exchange + Support for various security features, such as encryption and access control
The Vulnerability
Motheram’s discovery revealed that more than a third of the exposed IP addresses were open DICOM ports.
These providers were often using the DICOM servers to share medical images with other healthcare providers, hospitals, and research institutions.
Censys’ Discovery of Exposed DICOM Servers
In 2020, the cybersecurity firm Censys discovered a significant number of exposed DICOM servers. These servers were left unsecured and accessible to anyone on the internet. The discovery was made through a combination of automated scanning and manual review of publicly available data.
What are DICOM Servers? DICOM (Digital Imaging and Communications in Medicine) servers are specialized servers designed to store, manage, and transmit medical images. They are commonly used in hospitals, clinics, and research institutions to share medical images with healthcare providers, researchers, and other stakeholders.
The Role of a Cybersecurity Investigator
As a cybersecurity investigator, Motheram plays a crucial role in understanding the internet’s behavior in response to significant events. Her primary responsibility is to analyze the internet’s reaction to major incidents, such as data breaches, cyberattacks, and other security threats.