Senator Mark Warner (D-VA) is scrutinizing the response from the Department of Health and Human Services’ Office for Civil Rights to the exposure of millions of patients’ medical image files, including some held by a U.S. company.
In a letter to OCR Director Roger Severino, Warner writes that he wants to determine how “an enormous oversight” in the HIPAA-enforcement agency “has allowed medical companies to leave insecure ports open to the internet and accessed repeatedly by [researchers via a] German IP address.”
In September, ProPublica and German broadcaster Bayerischer Rundfunk identified 187 servers hosting medical imaging in the U.S. that were “unprotected by passwords or basic security precautions.” The exposed records included medical images and health data belonging to about 5 million Americans – plus “millions more around the world,” the report said.