Thousands of DICOM servers exposed due to shameful lack of basic security measures

Trend Micro/TrendAI analysis of Shodan scan data (Nov–Dec 2025) found thousands of internet-facing DICOM servers belonging to hundreds of organizations with poor or no security controls: only 0.14% used TLS and 99.56% did not enforce AE Title validation. The exposure affects at least 334 identifiable organizations (231 healthcare entities), putting patient privacy at risk and creating opportunities for lateral movement and ransomware attacks.