ABSTRACT
Cybersecurity is increasingly affecting the healthcare sector. In a recent article, the authors analyzed specific attacks against picture archiving and communications systems (PACS) and medical imaging networks and proposed security measures. This article discusses issues that require consideration when deploying these proposed measures and provides recommendations on how to implement them. Hospitals should deploy virus scanners on systems where permitted, with high priority on devices that are part of the central IT infrastructure of the hospital. They should introduce a systematic management of software updates on operating system, application software and virus scanner level and clarify the provision of security updates for the intended duration of use when purchasing a new device. They should agree with the PACS vendor on a long-term strategy for implementing access rights, and enable encrypted network communication where possible. This requires an agreement on the encryption algorithms to be used, and a public-key infrastructure. For most of these tasks, standards and profiles exist today. There are, however, some gaps: Implementation of cybersecurity measures would be facilitated by integration profiles on certificate and signature management, and access rights in a PACS environment.
Subject(s)
Radiology Information Systems , Algorithms , Computer Security , Humans , Radiography , SoftwareABSTRACT
This article provides an overview on the literature published on the topic of cybersecurity for PACS (Picture Archiving and Communications Systems) and medical imaging. From a practical perspective, PACS specific security measures must be implemented together with the measures applicable to the IT infrastructure as a whole, in order to prevent incidents such as PACS systems exposed to access from the Internet. Therefore, the article first offers an overview of the physical, technical and organizational mitigation measures that are proposed in literature on cybersecurity in healthcare information technology in general, followed by an overview on publications discussing specific cybersecurity topics that apply to PACS and medical imaging and present the "building blocks" for a secure PACS environment available in the literature. These include image de-identification, transport security, the selective encryption of the DICOM (Digital Imaging and Communications in Medicine) header, encrypted DICOM files, digital signatures and watermarking techniques. The article concludes with a discussion of gaps in the body of published literature and a summary.
Subject(s)
Computer Security , Diagnostic Imaging , Humans , Radiography , Radiology Information SystemsABSTRACT
Cybersecurity issues have been on the rise for years, increasingly affecting the healthcare sector. In 2019, several attacks have been published that specifically aim at medical network protocols and file formats, in particular digital imaging and communications in medicine. This article describes five attack scenarios on picture archiving and communications systems (PACS) and medical imaging networks: the import of patient data from storage media containing malware, a compromise of the hospital network, malware embedded in digital imaging and communications in medicine images or reports, a malicious manipulation of medical images and a network infiltration of malicious health level seven messages. Prevention and mitigation measures for each of these attacks exist, some of which can be implemented by the system user (e.g., hospital), while others require implementation in the PACS and medical imaging devices by the vendors. In practice, however, many of these are not in common use. What is missing today are PACS network security guidelines for practitioners that support users in keeping their network secure. Furthermore, integrating the healthcare enterprise integration profiles and test tools might be needed to address the deployment of public key infrastructure and digital signatures in the PACS environment.
Subject(s)
Radiology Information Systems , Computer Security , Humans , RadiographyABSTRACT
A configurable framework has been developed that can receive, modify, and export images in different picture archiving and communication system scenarios. The framework has three main components: a receiver for Digital Imaging and Communications in Medicine (DICOM) objects, a processing pipeline to apply one or more modifications to these objects, and one or more senders to send the processed objects to predefined addresses. The toolbox programming was implemented as an open source project in Java. The processing pipeline uses the concept of configurable plug-ins. One plug-in is user programmable by means of extensible stylesheet language files and allows conversion of DICOM objects to extensible markup language documents or other file types. Input and output channels are the DICOM Storage service, DICOM compact disks-read-only memory (CD-ROMs), and the local file system. The toolbox has been successfully applied to different clinical scenarios, including the correction of DICOM objects from non-Integrating the Healthcare Enterprise (IHE) conform modalities, pseudonaming of DICOM images, and use of the IHE Portable Data for Imaging profile with import and export of CD-ROMs. The toolbox has proved reliability in the clinical routine. Because of the open programming interfaces, the functionality can easily be adapted to future applications.
Subject(s)
Computer Communication Networks , Radiographic Image Enhancement , Radiology Information Systems , SoftwareABSTRACT
RATIONALE AND OBJECTIVE: Today, the exchange of medical images and clinical information is well defined by the digital imaging and communications in medicine (DICOM) and Health Level Seven (ie, HL7) standards. The interoperability among information systems is specified by the integration profiles of IHE (Integrating the Healthcare Enterprise). However, older imaging modalities frequently do not correctly support these interfaces and integration profiles, and some use cases are not yet specified by IHE. Therefore, corrections of DICOM objects are necessary to establish conformity. The aim of this project was to develop a toolbox that can automatically perform these recurrent corrections of the DICOM objects. MATERIALS AND METHODS: The toolbox is composed of three main components: 1) a receiver to receive DICOM objects, 2) a processing pipeline to correct each object, and 3) one or more senders to forward each corrected object to predefined addressees. The toolbox is implemented under Java as an open source project. The processing pipeline is realized by means of plug ins. One of the plug ins can be programmed by the user via an external eXtensible Stylesheet Language (ie, XSL) file. Using this plug in, DICOM objects can also be converted into eXtensible Markup Language (ie, XML) documents or other data formats. DICOM storage services, DICOM CD-ROMs, and the local file system are defined as input and output channel. RESULTS: The toolbox is used clinically for different application areas. These are the automatic correction of DICOM objects from non-IHE-conforming modalities, the import of DICOM CD-ROMs into the picture archiving and communication system and the pseudo naming of DICOM images. CONCLUSION: The toolbox has been accepted by users in a clinical setting. Because of the open programming interfaces, the functionality can easily be adapted to future applications.
