Over 250 Texas Auctions End Tomorrow 05/06 - Bid Now
Over 400 Total Lots Up For Auction at Two Locations - NJ 05/08, WA 05/09

Spanish Spanish

New DICOM design flaw spells potential risks for image storing and sharing

by John R. Fischer, Senior Reporter | April 29, 2019
Cyber Security Health IT
Share

In addition, storage solutions, such as PACS, can be exploited as a "single point of infection", with the malware of the corrupted image spreading to a larger number of clinical devices as patient data is pulled and stored from them during diagnostic and treatment exams.

A second-stage attack to execute the PE/DICOM malware files would then activate the infected PE/DICOM images, increasing the potential for spreading. This risk is further enhanced by the transfer of records to other organizations that a patient attends.

But addressing it is not simple, as the malware effectively fuses with the patient data so that the response team cannot delete it without eliminating the protected health information as well. Those that are not aware of corruption of the file may do this without realizing it, while those that are aware must assess the best course of action for addressing the malware while keeping in mind the cybersecurity, clinical and regulatory risks and challenges involved.

Such limitations they face include not being able to upload the suspected malware to common cloud-based malware analysis solutions without violating the confidentiality of patient data contained within the image, not being able to delete the files without possibly deleting HIPAA-protected patient information, and not being able to retrieve and view the file to contain the malware without hindering clinical operations that require access to patient imaging data for treatment.

Bakoyiannis recommends that DICOM file formats be modified to prevent the insertion of arbitrary data into the preamble areas but says that doing so requires careful consideration so as not to disrupt the interoperability between systems designed for different versions of the specification. He adds that existing systems should be fortified with mechanisms for detecting risks, creating processes for appropriately responding to attacks, and spreading awareness to course-correct future implementations.

“From a technical perspective, creating network- and host-level signatures to detect such files, having tooling in place to neutralize the files and separate the imaging data from malware, and ensuring incident responders are aware of this are all practical steps healthcare organizations should take,” he said. “From a broader perspective, collaboration among industry players is best. This largely starts with antivirus vendors, whose automated analysis and response should be aware of such files and handle them appropriately.”

Back to HCB News
Sign up for Health IT stories Sign up for Weekly Top stories

You Must Be Logged In To Post A Comment

Sign up for Weekly Top stories

Sign up for Health IT stories

 

advertisement

Health IT Homepage

Improving standard of Prostate Cancer Diagnosis and Care while increasing MRI revenues
The consequences of the hack of Lurie Children’s Hospital
Through Edgility acquisition ABOUT aims for end-to-end AI-driven patient flow
Bayer and Google Cloud to accelerate development of AI-powered radiology applications
GE HealthCare closes MIM Software deal
Teleradiology company and CEO admit to unlawful billing, will pay $3.1 million
How Gartner's 2024 cybersecurity trends can guide your cybersecurity efforts
IONIC Health, GE HealthCare announce 510(k)-clearance of nCommand Lite System for multi-vendor, remote imaging
Field service technicians: Unsung heroes in maintaining efficiency and reducing headaches in hospital networks
HHS opens probe into role Change Healthcare may have played in cyberattack