Cyber Threats to Medical Imaging Systems and How to Address Them
upstart writes:
Submitted via IRC for SoyCow9088
Cyber Threats to Medical Imaging Systems and How to Address Them
Healthcare continues to see staggering growth in breaches to patient health information. In the first half of 2019 alone, 32 million health records were breached, compared to 15 million records in the entire year of 2018. However, this trend of growing cyber breaches in healthcare is likely to persist due to the following characteristics of the healthcare industry:
[...] Medical imaging is a critical aspect in the delivery of patient care. Imaging records are now digitized and often stored on picture archiving communication systems (PACS), which enables the sharing of medical images to facilitate the delivery of care. However, cybersecurity measures to protect patient health information are often not implemented.
A recent report by ProPublica showed that medical imaging data of over 5 million patients in the United States are publicly available on the internet. As a result of 187 misconfigured servers, medical imaging data, often containing identifiable patient information that should be protected, is "sitting unprotected on the internet and available to anyone with basic computer expertise." Researchers discovered over 13.7 million medical tests, including 400,000 with downloadable images. These imaging records were stored on servers, including systems used for archiving medical images, without a robust solution in place to monitor for unauthorized changes or to ensure the servers were securely configured and in compliance with regulatory standards. These medical images include MRI, X-Rays and accompanying identifiable patient data that could be used for blackmail.
Due to the vulnerabilities in picture archiving communication systems (PACS), Tripwire partnered with the National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), along with other technology collaborators, to develop cybersecurity guidance for securing PACS. According to the NCCOE, "compromises on PACS could result in significant data loss, could serve as an avenue to cause disruption through a hospital's system, or should the information be altered or misdirected, could impede timely diagnosis and treatment."
Read more of this story at SoylentNews.