The use of the legacy DICOM protocol in medical equipment has potentially exposed around 60 million personal and medical records. This has raised concerns about the lack of safety controls and the leakage of sensitive information.


Researchers from Aplite have conducted an examination of the DICOM protocol and discovered that many customers do not utilize the necessary safety controls, resulting in the leakage of sensitive information. They have identified over 3,800 servers that are accessible on the Web and use the DICOM protocol, with 30% of them leaking sensitive information [3]. Several factors contribute to this issue, including a lack of awareness about security risks [3], difficulties in upgrading hardware to support security measures [3], and the targeting of smaller organizations that lack the necessary IT infrastructure [3]. Additionally, managing TLS certificates is seen as complex and resource-intensive [3]. The lack of mandatory security measures and regulatory governance also contributes to the overall insecurity [2] [3]. Furthermore, the age of the protocol [1], with the latest version released in 1993 [3], may explain the presence of security vulnerabilities.


The exposure of personal and medical records due to the use of the DICOM protocol has significant impacts on individuals’ privacy and the overall security of medical systems. To mitigate these risks, it is crucial for customers to prioritize the implementation of safety controls and upgrade their hardware to support security measures. Additionally, raising awareness about security risks and providing necessary resources to smaller organizations can help address the vulnerabilities. Furthermore, there is a need for mandatory security measures and regulatory governance to ensure the protection of sensitive information. As technology continues to advance, it is essential to regularly update and improve protocols to address emerging security challenges and protect against potential breaches.