A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes. Anyone could access the images and data without the need for a username or password; in fact, in some cases, login portals to the systems storing the info accepted blank usernames and passwords, researchers said. Threat actors can violate people s privacy by selling the data on the dark web, where it is a valuable commodity.
Source: https://threatpost.com/million-medical-images-online/162284/