THE DataBreaches[.]net post, published on 11 May 2026, highlights thousands of internet-facing DICOM servers exposed by a lack of basic security measures. According to Trend Micro TrendAI analysis, the researchers identified thousands of servers belonging to hundreds of entities, with serious implications for patient privacy and potential for lateral movement and ransomware.
The analysis used Shodan data from November to December 2025 and found that only 0.14% of exposed DICOM servers use TLS encryption, while 99.56% accepted connections without AE Title validation. Across the exposed servers, 334 organisations could be identified, including 231 healthcare organisations such as hospitals, clinics, laboratories and imaging and radiology centres.
DataBreaches[.]net notes it contacted Trend Micro yesterday to ask whether they had notified the identifiable organisations and would update the post with any reply.