- Medical Device Security Begins with Health IT Infrastructure
Another attack vector could be infecting devices used by patients with malware. The malware could remain hidden on infected devices for a long time, fooling the antivirus software into thinking it is an image file and therefore not executable.
“Using this technique an attacker could hide executable binaries in DICOM images, which could lead to a new way of distributing malware targeting hospitals. It would also be a way for an attacker to remain hidden in a system,” Ortiz wrote.
Ortiz explained that this is a proof-of-concept vulnerability and that it has not yet been seen in the wild.
DICOM Helps Enable Vendor Neutral Archives
DICOM is a standard developed by American College of Radiology and National Electrical Manufacturers Association to address technical interoperability issues in medical imaging.
The DICOM standard is used by a wide variety of imaging devices, including computed tomography (CT), magnetic resonance imaging (MRI), ultrasound, X-ray, fluoroscopy, angiography, mammography, breast tomosynthesis, positron emission tomography (PET), single photon emission computed tomography (SPECT), endoscopy, microscopy, whole slide imaging, and optical coherence tomography (OCT).
DICOM is also used by imaging workflow systems, such as PACS, image viewers and display stations, computer-aided detection/diagnosis systems, 3D visualization systems, clinical analysis applications, image printers and scanners, media importers and burners, electronic health record systems, radiology reporting systems, and vendor-neutral archives (VNAs).
The DICOM standard has helped enable VNAs, which are considered important for providers to access medical images from different PACS.
VNAs enable hospitals and other healthcare organizations to integrate the viewing and storage of digital images, regardless of vendor restrictions. VNAs decouple the PACS and workstations at the archival layer by developing an application engine that receives, integrates, and transmits the data using the DICOM format.
With VNA, different data migration techniques are available to facilitate transfer of data from an old PACS to a new one. The choice of technique depends on the speed of migration desired by the organization and the importance of the data.
Image data is one of the most common forms of data silos in health IT infrastructure.
“Today's move toward collaborative care means more physicians need to have access to these images and image data, like radiology reports,” IDC researchers explained in a report. “Providers making care management decisions want longitudinal records that provide a 360-degree patient view.”
“This 360-degree view makes it easier for providers to identify, or use decision support tools to help identify, the most effective treatments and care plans for individual patients (or specific populations) derived from the combination and the analysis of structured and unstructured information,” the researchers explained.
VNAs provide a unified viewing experience, reducing the number of systems physicians need to use, which reduces errors, saves time, and lowers training costs.
In today's medical environment, clinicians need rapid access to image files, and VNAs allow them to view and compare images quickly.
