This article provides an overview on the literature published on the topic of cybersecurity for PACS (Picture Archiving and Communications Systems) and medical imaging. From a practical perspective, PACS specific security measures must be implemented together with the measures applicable to the IT infrastructure as a whole, in order to prevent incidents such as PACS systems exposed to access from the Internet. Therefore, the article first offers an overview of the physical, technical and organizational mitigation measures that are proposed in literature on cybersecurity in healthcare information technology in general, followed by an overview on publications discussing specific cybersecurity topics that apply to PACS and medical imaging and present the “building blocks” for a secure PACS environment available in the literature. These include image de-identification, transport security, the selective encryption of the DICOM (Digital Imaging and Communications in Medicine) header, encrypted DICOM files, digital signatures and watermarking techniques. The article concludes with a discussion of gaps in the body of published literature and a summary.
Cybersecurity issues have been on the rise for years, increasingly affecting the healthcare sector. In 2019, several attacks have been published that specifically aim at medical network protocols and file formats, in particular digital imaging and communications in medicine. This article describes five attack scenarios on picture archiving and communications systems (PACS) and medical imaging networks: the import of patient data from storage media containing malware, a compromise of the hospital network, malware embedded in digital imaging and communications in medicine images or reports, a malicious manipulation of medical images and a network infiltration of malicious health level seven messages. Prevention and mitigation measures for each of these attacks exist, some of which can be implemented by the system user (e.g., hospital), while others require implementation in the PACS and medical imaging devices by the vendors. In practice, however, many of these are not in common use. What is missing today are PACS network security guidelines for practitioners that support users in keeping their network secure. Furthermore, integrating the healthcare enterprise integration profiles and test tools might be needed to address the deployment of public key infrastructure and digital signatures in the PACS environment.
Cybersecurity is increasingly affecting the healthcare sector. In a recent article, the authors analyzed specific attacks against picture archiving and communications systems (PACS) and medical imaging networks and proposed security measures. This article discusses issues that require consideration when deploying these proposed measures and provides recommendations on how to implement them. Hospitals should deploy virus scanners on systems where permitted, with high priority on devices that are part of the central IT infrastructure of the hospital. They should introduce a systematic management of software updates on operating system, application software and virus scanner level and clarify the provision of security updates for the intended duration of use when purchasing a new device. They should agree with the PACS vendor on a long-term strategy for implementing access rights, and enable encrypted network communication where possible. This requires an agreement on the encryption algorithms to be used, and a public-key infrastructure. For most of these tasks, standards and profiles exist today. There are, however, some gaps: Implementation of cybersecurity measures would be facilitated by integration profiles on certificate and signature management, and access rights in a PACS environment.
A configurable framework has been developed that can receive, modify, and export images in different picture archiving and communication system scenarios. The framework has three main components: a receiver for Digital Imaging and Communications in Medicine (DICOM) objects, a processing pipeline to apply one or more modifications to these objects, and one or more senders to send the processed objects to predefined addresses. The toolbox programming was implemented as an open source project in Java. The processing pipeline uses the concept of configurable plug-ins. One plug-in is user programmable by means of extensible stylesheet language files and allows conversion of DICOM objects to extensible markup language documents or other file types. Input and output channels are the DICOM Storage service, DICOM compact disks-read-only memory (CD-ROMs), and the local file system. The toolbox has been successfully applied to different clinical scenarios, including the correction of DICOM objects from non-Integrating the Healthcare Enterprise (IHE) conform modalities, pseudonaming of DICOM images, and use of the IHE Portable Data for Imaging profile with import and export of CD-ROMs. The toolbox has proved reliability in the clinical routine. Because of the open programming interfaces, the functionality can easily be adapted to future applications.
The progressive use of digital image-generating devices and digital communication technology in clinical and practice environments implies changes in radiological workflow and asks for adequate quality assurance in the whole process of radiology report preparation. This improvement potential has to be rigorously reinvestigated with regard to up-to-date procedures and the full exploitation of supporting technologies like linguistic analysis, help desk and trouble ticket systems, competitive allocation algorithms, time-and-event monitoring, and intelligent agents. These approaches are to be evaluated in combination with business process analysis and shall help to reduce turnaround times for radiology reports while maintaining or even increasing quality-assurance levels.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.