Hospitals love to talk about Zero Trust in conference keynotes, but a fresh scan of the public internet just exposed how far the talk is from the practice. Trend Micro’s TrendAI team identified 3,627 DICOM medical imaging servers across more than 100 countries sitting directly on the public internet, with the United States accounting for 1,189 of them — roughly 33% of the global total. The kicker: only 0.14% of those servers use TLS encryption, and 99.56% accept connections without AE Title validation. That isn’t a security gap. That’s an open door with a welcome mat made of patient records.
Why 3,627 Exposed Servers Is a Compliance Earthquake, Not a Headline
According to TrendAI’s analysis of Shodan scanning data collected from November to December 2025, the exposed servers belong to 334 identifiable organizations, 231 of which are healthcare entities — hospitals, clinics, labs, and imaging centers. DICOM is the decades-old standard (work began in the early 1980s) that lets MRI, CT, X-ray, and ultrasound systems talk to each other regardless of manufacturer, and the files it generates aren’t just pictures. The metadata routinely contains full names, dates of birth, medical record numbers, referring physicians, reading radiologists, diagnosis codes, and sometimes Social Security numbers.
Why it matters: that metadata profile is essentially a pre-assembled identity theft kit, wrapped in HIPAA liability and bound to a clinical record an attacker can extort against. Lateral movement from a PACS server into the broader hospital network is a documented ransomware playbook, and TrendAI notes the exposed servers often function as gateways to actual imaging modalities — MRI, CT, PET-CT, mammography units. If you’re a regional health system running a PACS deployment that was last hardened during a 2018 IT refresh, the practical implication is that adversaries don’t need to phish your staff to get inside. They just need Shodan and a free afternoon. The next round of HHS Office for Civil Rights enforcement actions is going to look very different from the last one.
The DICOM Metadata Problem Is an Identity Problem in Disguise
The second-order risk in the TrendAI report isn’t medical — it’s identity. DICOM metadata blends protected health information with referring-physician identifiers and procedure codes, which means a single breach simultaneously violates HIPAA, complicates state biometric laws, and feeds downstream fraud against payers and pharmacy benefit managers. TrendAI’s report explicitly calls out that the lack of AE Title validation on 99.56% of exposed servers means almost none are checking who is actually connecting before handing over images.
Why it matters: identity verification is no longer a banking concern that healthcare can defer. The same patient identifiers being leaked here are exactly the ones used to authenticate telehealth visits, prescription refills, and insurance claims. If you’re a payer or a digital health startup, your fraud models are about to get noisier as stolen DICOM metadata flows into the underground market — and your onboarding flows will need stronger verifiable credentials and KYC checks to compensate. The prediction here is straightforward: within 18 months, expect at least one major insurer to require provider-side attestation of DICOM hardening before reimbursing imaging claims, similar to how PCI compliance reshaped retail.
A Software Monoculture That Makes One CVE Into Hundreds of Breaches
TrendAI’s analysis went beyond exposure counts. The team found that 44% of the exposed servers cluster into groups running identical software, and many carried unpatched critical vulnerabilities — CVE-2019-1010228, CVE-2022-2119, CVE-2022-2120, and CVE-2025-0896. The newest of those was disclosed in 2025; the oldest has been public since 2019.
Why it matters: a 44% software monoculture means a single working exploit doesn’t compromise one hospital — it compromises hundreds. That’s the structural condition that turns a routine CVE into a sector-wide ransomware event. For a CISO at a mid-sized hospital network, the practical action is uncomfortable but clear: assume your DICOM stack is identical to dozens of peers, assume an attacker who breaches one of them has a working playbook for yours, and prioritize segmentation over feature parity. Teams building modern healthcare software with compliance baked in are going to win procurement battles against legacy PACS vendors specifically because the legacy stack has become a shared liability. The editorial take: DICOM 3.0’s security features have existed for years. The reason they aren’t turned on is procurement culture, not technology — and that culture is about to get repriced by cyber insurers.
What Healthcare Builders and Compliance Teams Should Do This Quarter
TrendAI’s own conclusion is blunt: “Security must be treated as a fundamental requirement rather than an optional enhancement. The tools exist; they simply need to be used.” Best practice — isolating DICOM servers behind firewalls on segmented networks — was already the standard before this report. The report just confirms that 3,627 organizations skipped it.
Why it matters: the gap between what’s required and what’s deployed is exactly the space where automation pays for itself. Continuous external attack surface monitoring, automated patch compliance reporting, and policy-as-code enforcement on AE Title validation — none of which require hiring more security engineers. If you’re a digital health vendor, building these checks into your product is no longer a differentiator — it’s table stakes for hospital procurement in 2026. Workflow tooling like AI-driven automation for compliance pipelines cuts the manual audit load on short-staffed security teams. The prediction: the next wave of healthcare security funding won’t go to new EDR tools — it will go to vendors who can prove, in real time, that imaging infrastructure isn’t reachable from the open internet.
FAQ
Q: What is a DICOM server and why is it on the internet? A: A DICOM server stores and transmits medical imaging files (X-rays, MRI, CT, ultrasound) using a standard developed in the 1980s for interoperability across vendors. Many were placed on the public internet for remote radiologist access or telehealth workflows, often without the firewall isolation and TLS encryption that the DICOM standard itself supports.
Q: How is this different from a typical HIPAA breach? A: Most HIPAA breaches involve EHR systems or email. DICOM exposure leaks imaging metadata that combines patient identifiers with clinical context — referring physician, diagnosis codes, procedure information — and gives attackers a foothold into connected modalities like MRI and CT scanners. Per TrendAI, those servers often act as gateways to the actual imaging hardware.
Q: What should a hospital do first if it suspects exposure? A: Run an external scan against your own IP ranges, validate that DICOM ports are not internet-reachable, enforce AE Title validation, enable TLS, and patch against the CVEs TrendAI flagged (CVE-2019-1010228, CVE-2022-2119, CVE-2022-2120, CVE-2025-0896). Then audit which third-party imaging partners can reach those servers.
Key Takeaways
- Treat external attack surface scanning of imaging infrastructure as a monthly compliance control, not an annual penetration test line item.
- Expect cyber insurers and payers to start demanding evidence of DICOM hardening — TLS, AE Title validation, network segmentation — as a condition of coverage and reimbursement.
- The 44% software monoculture finding means peer-hospital breaches are leading indicators for your own risk; build a threat-sharing relationship with similar-sized providers now.
- Digital health and identity vendors should prepare fraud models for an influx of leaked DICOM metadata feeding synthetic identity attacks against telehealth and pharmacy workflows.
- Procurement teams evaluating PACS or imaging software should require security defaults to be on out of the box, with audit logs proving AE Title validation and TLS are enforced.