IT Lapse Exposes 275 Million Medical Images

HHS recently alerted medical facilities to prioritize repair of PACS vulnerabilities

By Chris Miller, Assistant Editor, Facility Market


Over 275 million medical images are currently exposed due to unsecured picture archive communication systems (PACS), according to the Department of Health and Human Services (HHS). The department alerted medical facilities to prioritize the repair of a two-year-old vulnerability. PACS are utilized for the interchange and storage of health scans and images like MRIs, CT Scans, breast imaging, and ultrasounds. The weaknesses within PACS software include known default passwords, hardcoded credentials and lack of authentication inside third party software. 

HHS also stated that 130 health facilities are running systems susceptible to cyberattacks, mentioning Digital Imaging and Communications in Medicine (DICOM) issues and fundamental security lapses. Because ultrasound, CT, MRI and other radiology files are stored and exchanged on PACS servers, they rely on the DICOM formatting standard. DICOM was developed 30 years ago as the standard for the communication and management of medical imaging information and is also vulnerable to exploitation.

These security lapses and issues leave healthcare systems open to attack by hackers over the internet. This means that the vulnerable information could be easily detected and compromised by hackers from anywhere. Cybercriminals who can exploit PACS vulnerabilities could expose medical information like patient names, examination dates, images, physician names, dates of birth, procedure types, procedure locations and social security numbers," according to HC3. If a hacker got ahold of DICOM-based information that could allow for the manipulation of medical diagnoses scan falsifications, malware deployment or sabotage.

Healthcare facilities have been advised by HHS to patch their servers and review their inventory to see if they are running any PACS software. If they are, then the PACS security check should start with the validation of connections to guarantee that access is limited to authorized users only. 

The HHS’s Health Sector Cybersecurity Coordination Center (HC3) suggested that systems should be configured in harmony with the documentation that accompanies them from their manufacturer. Additionally, systems and servers connected to the internet should be encrypted by enabling HTTPS.  

The Medical Imaging & Technology Alliance (MITA) is also encouraging healthcare facilities to take the necessary steps to reduce their exposure to cybersecurity threats. It pointed to the manufacturer disclosure statement for medical device security (MDS2) as a starting point to establish how to ideally deploy their PACS systems in a safe and secure way. Proper healthcare data management and security is vital to protect the information of patients and providers everywhere.



July 27, 2021


Topic Area: Information Technology


Recent Posts

17 Million Patient Records Stolen in PIH Health Ransomware Attack

A ransomware attack halted operations across three of PIH’s hospitals.


Holidays are Prime Times for Healthcare Cyberattacks

A study found that 86 percent of organizations that experienced ransomware attacks were targeted on a holiday or weekend.


Hartford Healthcare Forms Partnership to Open Health Equity Clinic

The new clinic will open in January 2025.


UCHealth Reveals Plans for Memorial Hospital North Expansion

Construction on the patient tower is slated for 2026 with a projected opening to patients in 2029.


What Are 'Hospi-tels'?

Hospitals and hotels are partnering to better cater to patients and families.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.