I-Med Radiology Details

    Organization Logo

    I-Med Radiology

    Sydney, New South Wales6000 employees • Healthcare

    https://www.i-med.com.au
    Australia

    Industry

    Healthcare

    Security Incidents

    1

    I-Med Radiology Network is one of Australia's largest diagnostic imaging providers, specializing in a comprehensive range of radiological imaging services. Its primary function is to offer advanced diagnostic imaging to aid in the accurate and timely diagnosis of various medical conditions. These imaging services include X-rays, MRIs, CT scans, PET scans, ultrasound, and nuclear medicine. The organization plays a crucial role in supporting healthcare professionals in making informed decisions for patient care.

    Founded in 2000, I-Med Radiology has grown significantly over the years, evolving b...
    Show more

    Security Incidents

    I-Med Radiology Breach of Oct 2024
    Severity Score
    Significant to High

    Type

    Credential Stuffing

    Summary

    In October 2024, I-MED Radiology, Australia's leading medical imaging provider, faced a cybersecurity incident where an unauthorized individual accessed a radiologist’s platform using stolen credentials. The credentials, reportedly acquired from a separate data breach, were reused on I-MED's patient portal. The breach exposed sensitive patient data, including full names, dates of birth, gender, scan types, and scan dates.

    This unauthorized access is attributed to poor security practices, including the reuse of simple, short passwords (three to five letters) without two-factor authentication (...
    Show more

    Severity

    The security breach involved unauthorized access to I-MED Radiology's platform using stolen credentials, highlighting the risks associated with credential stuffing. This incident exposed sensitive patient data, including full names, dates of birth, and medical records from scans, due to poor security measures like weak passwords and lack of two-factor authentication. Compromised log-in details were shared publicly for over a year, affecting multiple accounts reportedly connected to a hospital, showcasing significant carelessness in protecting sensitive information.

    Given that the incident in...
    Show more

    Impact

    The I-MED Radiology incident was a data breach resulting from credential stuffing, where cybercriminals leveraged reused passwords found in a separate breach to gain unauthorized access to a platform hosting sensitive patient information. The accessed patient data included full names, dates of birth, gender, the types of imaging scans received, and the dates of these procedures. Though no systems or services were explicitly taken offline, the breach exposed a significant privacy lapse due to the subpar length of passwords and the absence of two-factor authentication, which left patient data vu...
    Show more

    KEEP YOUR ENVIRONMENT SECURE

    Weak credentials are the leading cause of breaches. Beyond Identity can help.

    See MFA exploits in action
    Watch how adversaries exploit companies in quick videos