NIST researchers: medical image archive servers could be used for spreading malware
The Office for Civil Rights in the US calls on health service organizations to review the NIST cybersecurity guidelines for the picture archive and communications system
Ami Rojkes Dombe
| 03/01/2021
Photo: Bigstock
Health services in the US are being called upon by the US Office for Civil Rights to review the National Institute of Standards and Technology (NIST)'s cybersecurity guidelines for the picture archive and communications system (PICS). The best practice insights are designed to secure the vulnerable technology. In healthcare, PACS servers are used widely to archive medical images, as well as to enable entities to share the records with other providers. However, the technology is full of vulnerabilities, including the use of the DICOM protocol. Flaws in DICOM might enable an attacker to install malicious code into imaging files and infect patient data.
In 2019, reports from Greenbone Networks found that PACS leaked billions of medical images. One year later, an exclusive report by HealthITSecurity.com confirmed that healthcare providers in the US have not yet secured millions of medical images. NIST researchers wrote "PACS fits within a highly complex healthcare delivery organization environment that involves interfacing with a range of interconnected systems. PACS may connect with clinical information systems and medical devices and engage with HDO-internal and affiliated health professionals."
The nearly-400-page NIST guide is designed to address these security risks and support providers in ensuring their PACS and DICOM technologies are not exposing patient data.
The Office for Civil Rights in the US calls on health service organizations to review the NIST cybersecurity guidelines for the picture archive and communications system
Photo: Bigstock
Health services in the US are being called upon by the US Office for Civil Rights to review the National Institute of Standards and Technology (NIST)'s cybersecurity guidelines for the picture archive and communications system (PICS). The best practice insights are designed to secure the vulnerable technology. In healthcare, PACS servers are used widely to archive medical images, as well as to enable entities to share the records with other providers. However, the technology is full of vulnerabilities, including the use of the DICOM protocol. Flaws in DICOM might enable an attacker to install malicious code into imaging files and infect patient data.
In 2019, reports from Greenbone Networks found that PACS leaked billions of medical images. One year later, an exclusive report by HealthITSecurity.com confirmed that healthcare providers in the US have not yet secured millions of medical images. NIST researchers wrote "PACS fits within a highly complex healthcare delivery organization environment that involves interfacing with a range of interconnected systems. PACS may connect with clinical information systems and medical devices and engage with HDO-internal and affiliated health professionals."
The nearly-400-page NIST guide is designed to address these security risks and support providers in ensuring their PACS and DICOM technologies are not exposing patient data.
