The hospitals we found most likely to be exposed were those for children. This is very concerning and we don't have immediate explanations as to why.
Additionally, we realize that with the Coronavirus Pandemic in full swing across every continent, such institutions should be cut a break - for the time being. We are fine with this (indeed we brought it up first) however it still deserves to be written about.
Some exposed hospitals:
- Rady's Children's Hospital of San Diego (Southern California)
- Children's Hospital of Philadelphia (Pennsylvania)
- Nationwide Children's Hospital (Ohio)
What do they have in common?
- Large amounts of patient data leaking either through web apps left open or DICOM servers
- The domain owner of each has, inexplicably, taken out dozens of other seemingly unrelated domains
- All have engaged in research projects with the People's Republic of China
Why do these hospitals own so many unrelated domain names?
What work have these hospitals done with the Chinese Government?
We will post a report at length in the next week or so that elaborate on the questions raised here.