5 tips for safeguarding PACS and imaging devices against cyberattacks

Cyberattacks targeting hospitals and healthcare systems have dramatically increased in recent years, and radiology departments are among the many entry points for these virtual intrusions.

In fact, one report put out in March by enterprise security firm Palo Alto Networks found that 83% of imaging devices are running on outdated platforms and are “particularly susceptible” to attack.

Information technology experts from Germany set out to help providers shore up such vulnerabilities, sharing their own tips for protecting imaging devices and picture archiving and communication systems. 

Cybersecurity is a complex topic that requires significant effort to address, on different layers (physical, technical and organizational),” Marco Eichelberg, PhD, with the OFFIS-Institute for Information Technology, and colleagues wrote. “Hospitals in general and PACS operators in particular will have to address this topic, since healthcare is increasingly recognized as an important part of a society's critical infrastructure that requires protection, including protection from cyber threats.”

They noted that many tools for implementing such a plan are available and just need to be planned out, put into use, and maintained. Eichelberg et al. shared a few tips Saturday in Academic Radiology.

  1. Physical security measures—such as locking rooms when not in use, keeping cable network ports out of unsupervised areas, and physically securing network plugs—should not be overlooked.
  2. Updating the software used for operating systems, applications and/or firmware and virus scanners is critical. Organizations should work with vendors to clarify the provision of these updates prior to buying a new device and agree on a strategy to develop and deploy such updates. For example, phasing out outdated algorithms.
  3. Using malware and/or virus scanners is a “core” cybersecurity recommendation, the authors noted. Implementing such anti-spam software should be top priority for devices connected to the central IT infrastructure, such as health information systems, PACS and medical devices. This is commonly done for Radiology Information Systems, but less so for imaging modalities.  
  4. Employee are one of the most common security vulnerabilities, Eichelberg et al. explained. Agreeing with the PACS vendor on implementing long-term access rights protocols, including user authentication, is important. The Integrating the healthcare enterprise and Secure Retrieve profiles offer starting points for achieving this.
  5. Enabling TLS encryption for network interfaces ensures that data can be transferred safely, among others benefits, and should be used with bi-directional authentication, when possible. Providers must make sure new devices support encrypted communication and audit trail compatibility.

You can read a more in-depth analysis from the authors here.

""

Matt joined Chicago’s TriMed team in 2018 covering all areas of health imaging after two years reporting on the hospital field. He holds a bachelor’s in English from UIC, and enjoys a good cup of coffee and an interesting documentary.

Around the web

CCTA is being utilized more and more for the diagnosis and management of suspected coronary artery disease. An international group of specialists shared their perspective on this ongoing trend.

The new technology shows early potential to make a significant impact on imaging workflows and patient care. 

Richard Heller III, MD, RSNA board member and senior VP of policy at Radiology Partners, offers an overview of policies in Congress that are directly impacting imaging.