We’re continuing our Q&A series with reporters who have written powerful stories. This week, we’re talking to ProPublica reporter Jack Gillum, who exposed how millions of peoples’ personal medical images and data are available online for *anyone* to see. ProPublica identified 187 servers that store and retrieve medical data. The computer systems are used in doctors’ offices, medical-imaging centers and mobile X-ray devices. Gillum traced the problem to health care’s shift from analog to digital.
How did you get the story?
We were approached by the German broadcaster Bayerischer Rundfunk, which had been looking into computer servers that were apparently exposing sensitive medical data: names, dates of birth and even images of their radiology scans. Because BR’s initial reporting found many U.S. servers, they reached out to us to collaborate. We began looking at the American angle amid the backdrop of other high-profile medical and retail hacks domestically.
What were the challenges of reporting, and how did you navigate them?
The main challenge was taking a list of servers, which we confirmed through open-source records, and identifying which belonged to whom. That was a fairly painstaking process, requiring searching of multiple databases that contain historical DNS records and website archives. We also had to determine the scope of the problem and if these radiology companies were aware their systems were compromised.
All told, we confirmed nearly 200 servers in the U.S. had some sort of easy access. Another challenge was time, since we wanted to tell people about this problem quickly while also being able to verify our findings. It was also my first TV interview, which I found requires its own skill to pace questions for an interview subject.
The takeaway: These stories are successful when you are highly organized and have a group of smart data journalists to divvy up reporting tasks.