Eichelberg, Marco and Kleber, Klaus and Kämmerer, Marc
Academic Radiology
Cybersecurity issues have been on the rise for years, increasingly affecting the healthcare sector. In 2019, several attacks have been published that specifically aim at medical network protocols and file formats, in particular digital imaging and communications in medicine. This article describes five attack scenarios on picture archiving and communications systems (PACS) and medical imaging networks: the import of patient data from storage media containing malware, a compromise of the hospital network, malware embedded in digital imaging and communications in medicine images or reports, a malicious manipulation of medical images and a network infiltration of malicious health level seven messages. Prevention and mitigation measures for each of these attacks exist, some of which can be implemented by the system user (e.g., hospital), while others require implementation in the PACS and medical imaging devices by the vendors. In practice, however, many of these are not in common use. What is missing today are PACS network security guidelines for practitioners that support users in keeping their network secure. Furthermore, integrating the healthcare enterprise integration profiles and test tools might be needed to address the deployment of public key infrastructure and digital signatures in the PACS environment.