Have a question? +971 56 404 0503
Tech Features
WHEN MEDICAL SCANS END UP ONLINE: THE QUIET RISK HOSPITALS CAN FIX FAST
Attributed by Osama Alzoubi, Middle East and Africa VP at Phosphorus Cybersecurity
As Saudi Arabia races ahead in digital healthcare transformation, a quieter vulnerability lingers in the background: medical imaging systems that can be found – and sometimes accessed – directly from the public internet. Imaging infrastructure, diagnostic platforms, and hospital information systems are being modernized at speed improving outcomes, accelerating workflows, and bringing advanced clinical capabilities to more communities. But beneath this progress lies a quieter risk that rarely makes headlines: medical imaging systems being exposed on the public internet due to simple configuration errors.
Not a dramatic cyberattack. Not a threat actor breaching a firewall. Just avoidable misconfigurations that leave sensitive patient data reachable by anyone who knows where to look.
Medical imaging systems in Saudi Arabia face a persistent security challenge that differs from dramatic cyberattacks. Patient data exposure often occurs through configuration errors that leave systems accessible on the public internet. These technical oversights represent a significant vulnerability in healthcare’s digital infrastructure.
The Kingdom’s Personal Data Protection Law (PDPL) establishes strict requirements for handling health data. This legislation, modeled after international standards, mandates enhanced protection for medical information and imposes penalties for unauthorized disclosure. Hospitals must implement organizational and technical measures to prevent data exposure.
Radiology departments increasingly use digital platforms for case discussions and second opinions. Without proper configuration, these systems might allow unintended access to patient records. Teleradiology services, which expanded significantly during the pandemic, require secure transmission protocols to protect data during remote consultations.
When we hear about data breaches, we often imagine skilled hackers penetrating security systems. The reality is often simpler and more preventable. “Exposed” typically means a system is reachable from the public internet due to setup choices, not a sophisticated intrusion.
This happens in real-world healthcare settings for straightforward reasons: rushed deployments to meet clinical deadlines, vendor-supplied default configurations that were never changed, remote support access left open for convenience, and legacy systems that were connected to modern networks without proper security reviews.
The scale is significant. Research has identified over 1.2 million reachable devices and systems globally, including MRI scanners, X-ray systems, and related medical infrastructure. These are not theoretical vulnerabilities. They represent actual systems that can be found and accessed from anywhere with an Internet connection.
What gets exposed is more than images
Medical imaging files are not simply pictures. They carry identifiers and metadata that can connect scans directly to real people. Patient names, dates of birth, identification numbers, and clinical details often travel alongside the diagnostic images themselves.
This matters for several reasons. Beyond the obvious privacy violation, exposed patient imaging data creates risks of identity fraud, potential coercion or blackmail, serious reputational damage to healthcare institutions, and erosion of the trust patients place in their medical providers.
Security monitoring platforms have documented cases where exposed systems allowed direct access to both images and patient data—offering a level of detail that should never be open to anyone outside the clinical team.
Why this keeps repeating worldwide
Hospitals everywhere use similar device types and manage comparable data flows. The result is that the same setup mistakes appear repeatedly across different countries and healthcare systems. What starts as one hospital’s misconfiguration becomes everyone’s common failure mode.
The medical devices themselves often come with similar default settings. Imaging servers, picture archiving systems, and diagnostic viewers are deployed in comparable ways. When basic security steps are skipped during installation, the exposure follows a predictable pattern.
Health sector cybersecurity guidance from international authorities emphasizes the need for repeatable baseline controls precisely because these patterns recur. Reducing exposure requires not innovation, but consistent application of known protective measures.
Healthcare organizations face a common vulnerability pattern. A major healthcare provider addressed similar challenges across hundreds of hospitals, discovering that default passwords, vulnerable firmware, and device misconfigurations created entry points that threatened patient care and hospital operations across more than 500,000 connected medical and operational devices.
The Saudi-specific layer: connectivity at cluster scale
Saudi Arabia’s healthcare transformation includes the expansion of health clusters that connect multiple facilities into integrated networks. This approach improves care coordination and resource sharing, but it also means that one weak link can affect multiple sites.
National interoperability initiatives support the sharing of imaging and diagnostic reports across the healthcare system. The Saudi health ministry has established specifications for imaging data exchange through the national health information exchange platform, enabling providers to access patient scans regardless of where they were originally performed.
This connectivity is essential for modern healthcare delivery. It allows specialists to review scans remotely, supports second opinions, and ensures continuity of care when patients move between facilities. However, it also increases the need for consistent configuration rules and security standards across all connected sites.
When imaging systems within a cluster are not uniformly secured, the exposure risk multiplies. A misconfigured system in one facility can potentially provide access to data from across the entire cluster network.
A practical checklist hospitals can act on
Healthcare institutions can take concrete steps to reduce exposure risk. These are not theoretical recommendations but proven measures that address the most common vulnerabilities.
First, create a complete inventory. Every hospital should maintain a current list of what is connected to its network, including imaging devices, storage servers, viewing stations, web portals, and remote access tools. You cannot protect what you do not know exists.
Second, check external exposure. Verify that nothing sensitive is reachable from the public internet. This requires technical scanning from outside the hospital network to identify systems that respond to external queries. Many organizations discover exposures they did not realize existed.
Third, restrict remote access properly. Remote connections for maintenance and support should be tightly controlled, require strong authentication methods, and be removed entirely when no longer needed. Convenience should never override security when patient data is involved.
Fourth, implement safe setup procedures. Develop standard build guides for imaging systems, change all default passwords and settings, clearly document who owns each system, and establish responsibility for applying security patches and updates. Industry experience shows that default credentials remain one of the lowest barriers for attackers seeking entry into healthcare networks.
Fifth, conduct continuous checks. Exposure scanning should happen after any network changes, not just once annually. Healthcare networks evolve constantly, and new vulnerabilities can appear whenever systems are added or reconfigured.
These steps align with guidance from international cybersecurity authorities and health sector regulators, which emphasize reducing exposed services and strengthening baseline controls as priority actions for healthcare organizations.
The governance fix: make secure setup part of how clusters run
Individual hospital efforts are necessary but not sufficient. At the cluster level, governance structures must embed security into standard operations.
This begins with cluster-wide minimum standards for imaging systems and remote access. Every facility within a cluster should follow the same baseline security requirements, ensuring consistent protection regardless of which site a patient visits.
Clear ownership must be established for every system. Someone specific should be responsible for applying patches, approving access requests, and regularly checking for exposure. When accountability is diffuse, critical tasks get overlooked.
Procurement processes offer another leverage point. Purchase agreements should require vendors to provide secure default configurations, enable comprehensive logging capabilities, and commit to supported update cycles for the life of the equipment. Security should be a selection criterion, not an afterthought.
These governance approaches reflect sector framework guidance that encourages structured programs and repeatable controls rather than ad hoc responses to individual incidents.
Saudi Arabia has invested heavily in national cybersecurity frameworks and regulatory oversight across critical sectors, including healthcare. The foundation exists. The next step is ensuring those protections extend fully to the expanding ecosystem of IoT and IoMT devices — where simple configuration gaps can undermine otherwise sophisticated digital progress.
Prevent avoidable incidents
The goal is not perfection. Healthcare systems are complex, and some level of risk will always exist. The goal is removing the easiest path for data exposure: systems sitting openly on the public internet waiting to be found.
In connected healthcare, the quickest wins come from two simple principles: visibility and access control. Know what you have connected, and shut the doors that do not need to be open.
For Saudi Arabia’s health clusters, this represents an achievable objective. The infrastructure investments being made across the Kingdom’s healthcare sector create an opportunity to build security into expansion rather than retrofitting it later.
Medical imaging systems serve an essential clinical purpose. They should not also serve as unintended windows into patient data. With practical steps and consistent governance, hospitals can fix this quiet risk before it becomes a public incident.
In digital healthcare, exposure is rarely a mystery. It is usually a configuration. The question is not whether hospitals can fix it, but whether they will do so before patients pay the price.
Rohit Chowdhary, Head of Advanced Consulting Services at Nokia, sat down with The Integrator to share insights into the company’s vision for enabling the AI supercycle. He outlined how Nokia’s end-to-end portfolio spans everything from AI-ready connectivity and energy-efficient 800G data centre networking to intelligent, self-optimising home Wi-Fi experiences powered by AI.
A key focus of the discussion was Nokia’s shift from strategic advisory to real-world execution through its dedicated Automation Excellence Practice, helping operators translate ambitious transformation roadmaps into measurable outcomes. The conversation also highlighted the growing importance of integrated, intelligent and secure networks that can support rising AI workloads, eliminate infrastructure bottlenecks and unlock tangible business value, while maintaining the highest standards of security, privacy and resilience
Could you begin by telling us about your role at Nokia and the journey that brought you here?
I lead Nokia’s Advanced Consulting Services business across Europe, the Middle East and Africa. My journey with Nokia spans nearly seventeen years, beginning at a time when consulting was largely focused on network transformation initiatives. Over the years, I have worked closely with operators around the world on transformation programmes, analytics adoption, customer experience management and digital modernization.
As the industry evolved, so did our consulting focus. Following the Nokia and Alcatel Lucent merger, we established what is today known as Advanced Consulting Services. The organization now spans several domains, including security, business monetization, cloud and technology transformation, autonomous operations, and data and AI.
More recently, we launched an Automation Excellence Practice. The idea was simple. Customers often appreciated our strategic blueprints but needed practical expertise to implement them. Today, we have specialized engineers who combine telecom expertise, AI capabilities and software development skills to turn strategic visions into real automation pipelines, AI-driven workflows and production-ready use cases. Our role is to help customers move from concept to measurable business outcomes.
Nokia is often associated with connectivity, but the company is increasingly talking about AI readiness. How does Nokia’s infrastructure portfolio support this transition?
AI is creating what we describe as an AI supercycle. It is transforming everything from data centres and cloud infrastructure to network architectures and edge computing. Supporting this shift requires a complete ecosystem rather than isolated technologies.
Nokia’s portfolio addresses this across multiple layers. On the network side, we continue to innovate in radio technologies, including AI-RAN capabilities developed alongside strategic partners such as Nvidia. We also have a strong optical networking and IP portfolio that enables the high-capacity connectivity required between data centres, edge locations and cloud environments.
One area that excites me is our innovation in data centre networking. We are introducing highly efficient coherent optical technologies and advanced switching platforms that significantly reduce infrastructure footprints while improving performance and energy efficiency. These innovations are becoming increasingly important as organizations invest in AI factories, AI grids and large-scale inference environments.
Beyond connectivity, we also provide intelligent automation layers through our autonomous networking platforms, enabling operators to manage complex, multi-vendor environments more efficiently and intelligently.
What are some of the biggest infrastructure bottlenecks you see operators and enterprises facing as AI adoption accelerates?
One of the biggest challenges is understanding that AI infrastructure is not just about compute power. Organizations often focus heavily on GPUs and processing capabilities, but connectivity can quickly become the limiting factor.
You can deploy the most powerful AI infrastructure available, but if the network cannot support the required data movement between racks, data centres and edge locations, performance suffers. This is where intelligent networking becomes critical.
At Nokia, we are helping customers design what we call AI-ready connectivity. This includes high-capacity optical networking, intelligent routing and the seamless interconnection of compute environments. As AI workloads become increasingly distributed, the ability to move data efficiently becomes just as important as the ability to process it.
On the consumer side, Nokia has been showcasing AI-driven Wi-Fi management capabilities. How does this improve the end-user experience?
The home network has become far more complex than it was a few years ago. Consumers expect flawless connectivity across multiple devices, applications and services.
Our AI-enabled Wi-Fi solutions continuously monitor network performance and user experience. They can identify coverage gaps, detect congestion, analyze interference patterns and even recommend or automatically implement corrective actions.
The goal is to create a self-optimizing network environment where many issues can be resolved autonomously before they impact the user. This reduces support requirements for service providers while delivering a more consistent and reliable experience for customers.
The Middle East is witnessing an unprecedented surge in data centre investments. How do you see this shaping Nokia’s opportunities in the region?
The Middle East has emerged as one of the most dynamic markets globally for AI infrastructure investments. Governments and enterprises are actively investing in sovereign AI capabilities, advanced data centres and digital ecosystems.
This creates significant opportunities, not only for Nokia but for the broader technology industry. The success of these initiatives depends on having secure, scalable and efficient connectivity between compute resources, cloud environments and end users.
Our role is to help customers build these foundations. Whether it is data centre interconnectivity, optical networking, intelligent routing or autonomous operations, Nokia’s technologies are designed to support the scale and performance requirements of AI-driven economies.
As data volumes continue to grow, security and data sovereignty are becoming increasingly important. How is Nokia addressing these concerns?
Security is deeply embedded into Nokia’s strategy and innovation roadmap. As a European technology company, trust, resilience and security have always been fundamental principles in how we design and operate our solutions.
While we continue to invest heavily in AI innovation, we are equally focused on strengthening security capabilities across our portfolio. This includes advanced network security architectures, AI-driven threat detection and preparations for future technologies such as quantum-safe networking.
We are actively engaged with industry bodies, standards organizations and ecosystem partners to help define the next generation of secure digital infrastructure. As AI becomes increasingly pervasive, security must evolve alongside it, and that is an area where Nokia continues to invest significantly.
Looking ahead, what excites you most about the future of AI-driven networks?
What excites me most is the convergence of AI, automation and connectivity. Networks are evolving from passive transport layers into intelligent platforms that can learn, adapt and optimize themselves.
The future will be defined by autonomous operations, AI-native networks and real-time decision-making at scale. Organizations that successfully combine these capabilities will unlock entirely new business models and levels of operational efficiency.
For us, the opportunity is not just about deploying technology. It is about helping customers transform the way they operate, innovate and create value in an increasingly AI-driven world.
Tech Features
WHY AUDIO CLARITY MATTERS FOR THE CONTINUITY OF EDUCATION, WORSHIP, AND COLLABORATION IN THE MIDDLE EAST
Spokesperson – Yassine Mannai, Associate Sales Director at Shure MEA
Across the Middle East, continuity is being shaped by the quality of connection people experience every day. In classrooms, places of worship, and collaborative workspaces, that connection often begins with one essential factor: audio clarity. At Shure, we recognised this gap early and understood its growing importance across these environments.
When sound is clear, people stay present. Students follow lessons more easily, engage with greater confidence, and absorb information with less strain. This becomes especially important in hybrid learning environments, where every participant needs to feel equally included, whether they are in the room or joining remotely. Research cited by Shure shows that poor audio affects one-third of all virtual meetings, while four out of five common video conferencing frustrations are linked to audio issues such as background noise, echo, dropouts, and difficulty hearing others.
The same reality carries into places of worship. The ability to hear with clarity shapes how messages are received, how people remain attentive, and how connected they feel to the moment itself. In these spaces, sound supports focus, presence, and the overall quality of the experience.
In workplaces and institutional settings, audio has become central to how teams communicate and make decisions. Strong collaboration depends on being able to hear and respond without friction. As hybrid work continues to reshape professional life, the need for dependable communication systems has become more visible. [1] Shure’s regional insight, referencing IDC research, notes that 67% of professional workers are now at least partially remote, underlining how important it is for institutions to support communication across distributed teams. That understanding has been reflected in the solutions across our portfolio, including the MXA920 Ceiling Array Microphone for hybrid learning, the MXA320 Table Array Microphone for collaboration environments, and the DCA901 Broadcast Microphone Array for places of worship, where audience capture can bring greater depth to livestream experiences.
Across the region, institutions are moving toward smarter, more adaptable spaces where audio performance, system simplicity, and digital integration work together more effectively. Reliable audio has become part of how organisations sustain engagement, support participation, and deliver a better experience for the people who rely on them every day.
Expert commentary by Andreas Hassellöf, CEO of Ombori, on how enterprises are turning AI investment into measurable operational value and shifting from experimentation to disciplined adoption centred on workflows, governance, and business outcomes.
Large enterprises are beginning to speak more openly about the growing gap between AI adoption and measurable business outcomes, as companies reassess whether rising AI costs are translating into meaningful productivity gains.
Uber President and COO Andrew Macdonald recently said the company is finding it “harder to justify” increasing AI spending after internal discussions highlighted the difficulty of linking higher usage of AI coding tools such as Claude Code to a proportional increase in useful consumer-facing features. The comments followed reports that Uber had exhausted its 2026 budget for Claude Code within the first four months of the year, while CEO Dara Khosrowshahi confirmed the company is slowing hiring as it increases investment in AI initiatives.
At the same time, Microsoft has reportedly begun reducing internal use of Anthropic’s Claude Code within parts of its business, shifting developers toward GitHub Copilot CLI instead. Reports suggested the move was tied to Microsoft’s broader push toward its own AI ecosystem and internal tooling strategy rather than a retreat from AI adoption itself.
The developments have triggered wider debate around whether enterprises are entering a more measured phase of AI adoption, with greater focus on operational value, integration, and cost management rather than usage alone.
However, Andreas Hassellöf, CEO of Ombori, believes the issue is less about the capability of AI and more about how organisations are adapting to it.
“The real challenge has nothing to do with whether AI can increase productivity. It clearly can,” Hassellöf said. “The harder part is getting people and organisations to adapt how they actually work so the technology delivers results.”
According to Hassellöf, many companies are seeing high adoption rates and surging token consumption but are struggling to convert that activity into measurable business value. “The bottleneck is rarely the technology itself,” he said. “It is how teams change their processes, measure real outcomes, and build new habits around the tools.”
He added that the industry is now entering a more mature phase of enterprise AI adoption, where businesses are beginning to move beyond experimentation and focus instead on operational discipline, governance, and measurable outcomes. Companies that succeed, he said, will be the ones that redesign workflows around AI rather than simply layering tools onto existing processes.
“Just chatting casually with an AI coding tool and expecting it to handle everything is not enough,” Hassellöf said. “It wastes tokens and often creates more problems than it solves.”
Instead, he argues that successful AI implementation requires structured workflows where multiple AI agents handle specialised tasks such as coding, reviewing, testing, and formatting, while humans remain responsible for setting goals, reviewing outputs, and ensuring alignment with business outcomes.
“The technology is powerful, but the human side of adoption will decide whether a company succeeds with AI or whether it becomes just another expensive experiment,” he said.
WHY PERSONALISATION IS THE NEW CURRENCY IN WEALTH MANAGEMENT
ZAHRA’S KITCHEN SHARES ITS GUIDE TO EASIER SUMMER EATING IN THE UAE
MOONWALK INTO JUNE
-
News11 years ago
SENDQUICK (TALARIAX) INTRODUCES SQOOPE – THE BREAKTHROUGH IN MOBILE MESSAGING
-
Tech News2 years agoDenodo Bolsters Executive Team by Hiring Christophe Culine as its Chief Revenue Officer
-
Trending8 months agoOPPO A6 Pro 5G Review: Reliable Daily Driver
-
VAR1 year agoMicrosoft Launches New Surface Copilot+ PCs for Business
-
Tech Interviews2 years ago
Navigating the Cybersecurity Landscape in Hybrid Work Environments
-
Automotive2 years agoAGMC Launches the RIDDARA RD6 High Performance Fully Electric 4×4 Pickup
-
Tech News11 months agoNothing Launches flagship Nothing Phone (3) and Headphone (1) in theme with the Iconic Museum of the Future in Dubai
-
VAR2 years agoSamsung Galaxy Z Fold6 vs Google Pixel 9 Pro Fold: Clash Of The Folding Phenoms