Medical imaging group calls for PACS security checks amid threat 275M exams remain vulnerable
The Medical Imaging & Technology Alliance is encouraging healthcare providers to audit picture archiving and communication systems for vulnerabilities following a recent warning from federal health experts.
Nearly two weeks ago, the Department of Health and Human Services issued an alert indicating more than 275 million medical images are currently exposed due to unsecured PACS. HHS further claimed 130 health organizations are running vulnerable systems, citing DICOM issues and basic security lapses.
Now, MITA is urging institutions to assess their security practices and ensure a solid cybersecurity strategy is in place across the entire enterprise.
“It’s important that all health delivery organizations take the necessary steps to mitigate exposure to cybersecurity threats,” Executive Director Patrick Hope said Thursday in a statement. “We encourage them to evaluate the security documentation provided with their PACS system—such as the Manufacturer Disclosure Statement for Medical Device Security (MDS2)—to determine how best to deploy their equipment in a safe and secure way.”
Disclosure statements detail standardized information for security control features integrated within medical devices. Manufacturers provide product-specific MDS2s at the point of sale.
MITA further suggests scanning DICOM files with anti-virus software and incorporating potential insider threats into a systemwide cybersecurity program.
Any health organization that believes its PACS may be vulnerable, meanwhile, should reach out to the original manufacturer for help.
“The original equipment manufacturer is best positioned to evaluate the risks posed by any potential vulnerability and offer validated remediation or mitigations where appropriate,” Hope said.