KUALA LUMPUR, Oct 10 — The leak of over a million medical scan images linked to 20,000 Malaysian patient records originated from a local private organisation, the Ministry of Health (MOH) revealed.
Health Minister Dzulkefly Ahmad said that the patient information leak from 52 countries, including Malaysia, as reported by Germany-based security firm Greenbone Networks could be due to the accessibility of radiological imaging systems via the Internet without any security features.
“MOH is serious about the issue and had set up a special team to investigate and identify sources of the leak with technical assistance from the Malaysian Communications and Multimedia Commission (MCMC) and the National Cyber Security Agency (NACSA),” Dzulkefly said in a statement today.
“Investigations revealed that the three systems that were reported by Greenbone Networks to be at risk of disclosure of such information are owned by a local private organisation.
“Following that, the special team have contacted and held discussions with the organization to strengthen and improve the security of the system the organisation,” he further explained.
In September, Greenbone revealed that 19,922 patient records, along with 1.2 million linked images, from Malaysia were publicly accessible on the internet from three systems allowing unprotected access via DICOM (Digital Imaging and Communications in Medicine).
DICOM is a protocol in the PACS servers used by hospitals to archive images created by radiological processes (X-ray, CT, MRI) and to make them available to attending physicians to review.
According to Greenbone, a vast majority of the 24 million patient data records accessible online from 52 countries, including Malaysia, contained sensitive personal information like one’s full name, date of birth, date of examination, the scope of the investigation, type of imaging procedure, attending physician, institute or clinic, as well as images of X-ray, CT and MRI scans.