Maharashtra tops list of States hit by global medical data leak-PIB-05-02-2020

Context:

According to a recent report published by Greenbone Sustainable Resilience, a German cybersecurity firm, medical details of over 120 million Indian patients have been leaked and made freely available on the Internet.

Details:

The first report was published in October 2019, in which Greenbone revealed a widespread data leak of a massive number of records, including images of CT scans, X-rays, MRIs and even pictures of the patients.
The follow-up report, which was published in November, classifies countries in the “good”, “bad” and “ugly” categories based on the action taken by their governments after the first report was made public.
India ranks second in the “ugly” category, after the U.S.

Issue:

Greenbone’s original report says the leak was facilitated by the fact that the Picture Archiving and Communications Systems (PACS) servers, where these details are stored, are not secure and linked to the public Internet without any protection, making them easily accessible to malicious elements.

The number of data troves containing this sensitive data went up by a significant number in the Indian context a month after Greenbone’s initial report was published.

The updated report also places Maharashtra at the top of the States affected by the leak.

Concerns:

The fact that PACS servers are vulnerable to attack or are accessible is not new information, and there have been a number of reports on this topic in the past.

No report, however, has dealt with the breadth and depth of the problem associated with unsecured PACS servers.

The leak is worrying because the affected patients can include anyone from the common working man to politicians and celebrities.

In image-driven fields like politics or entertainment, knowledge about certain ailments faced by people from these fields could deal a huge blow to their image.

The other concern is of fake identities being created using the details, which can be misused in any possible number of ways.

Conclusion:

Any communication between a doctor and a patient was a privileged one. A doctor or a hospital is thus ethically, legally and morally bound to maintain confidentiality.