- Healthcare Organizations Partner with Fujifilm for PACS, VNAs
- Health System Consolidation, Mergers Impact PACS Vendor Selection
“It appears that the information held by MobileXUSA was made accessible due to sloppy cybersecurity practices—no software vulnerabilities were involved, and no explicit hacking was required,” Warner wrote in his letter.
While it is not always clear from HIPAA rules who bears responsibility for securing medical image storage and transform, “it is certainly the responsibility of companies like yours to control and secure sensitive medical data, maintain an audit trail of medical images, and to ensure the information is not publicly accessible,” Warner added.
Warner requested that that TridentUSA answer the following questions regarding the medical imaging breach:
1) HIPAA requires audit trails for PACS, which stores the data in centralized auditing databases with multiple audit layers. What audit and monitoring tools do you use to analyze the data to remain HIPAA compliant?
2) PAC server vulnerabilities are well known, however, their use of the DICOM protocol makes them easily accessible via the Internet. DICOM also enables PACS to communicate with neighboring systems in a medical or clinical process within a network of IP-enabled devices? Does your company require neighboring systems to comply with current standards and use access management controls?
3) What are your identity and access management controls for IP-addresses and/or port filters?
4) Do you require VPN or SSL to communicate with your PACS?
5) What is the frequency of your vulnerability scans and HIPAA-compliance audits?
6) What are your server encryption practices?
7) Do you have an internal security team or do you outsource it?
Warner gave TridentUSA until Oct. 9, 2019, to submit answers to those questions.
TridentUSA filed for Chapter 11 bankruptcy protection in February of this year. TridentUSA, which also owns American Diagnostic Services, Diagnostic Laboratories & Radiology, Schryver Medical, and US Laboratories, said its senior lender was providing $50 million in financing to maintain operations during the restructuring process.
“Our goal with this financial restructuring is to reduce the company's debt and provide the financial flexibility to invest in to enhance our competitive position. We are confident that the company will emerge from this process stronger than ever,” concluded CEO Andrei Soran