IT Lapse Exposes 275 Million Medical Images

By Chris Miller, Assistant Editor, Facility Market
July 27, 2021

Over 275 million medical images are currently exposed due to unsecured picture archive communication systems (PACS), according to the Department of Health and Human Services (HHS). The department alerted medical facilities to prioritize the repair of a two-year-old vulnerability. PACS are utilized for the interchange and storage of health scans and images like MRIs, CT Scans, breast imaging, and ultrasounds. The weaknesses within PACS software include known default passwords, hardcoded credentials and lack of authentication inside third party software. 

HHS also stated that 130 health facilities are running systems susceptible to cyberattacks, mentioning Digital Imaging and Communications in Medicine (DICOM) issues and fundamental security lapses. Because ultrasound, CT, MRI and other radiology files are stored and exchanged on PACS servers, they rely on the DICOM formatting standard. DICOM was developed 30 years ago as the standard for the communication and management of medical imaging information and is also vulnerable to exploitation.

These security lapses and issues leave healthcare systems open to attack by hackers over the internet. This means that the vulnerable information could be easily detected and compromised by hackers from anywhere. Cybercriminals who can exploit PACS vulnerabilities could expose medical information like patient names, examination dates, images, physician names, dates of birth, procedure types, procedure locations and social security numbers," according to HC3. If a hacker got ahold of DICOM-based information that could allow for the manipulation of medical diagnoses scan falsifications, malware deployment or sabotage.

Healthcare facilities have been advised by HHS to patch their servers and review their inventory to see if they are running any PACS software. If they are, then the PACS security check should start with the validation of connections to guarantee that access is limited to authorized users only. 

The HHS’s Health Sector Cybersecurity Coordination Center (HC3) suggested that systems should be configured in harmony with the documentation that accompanies them from their manufacturer. Additionally, systems and servers connected to the internet should be encrypted by enabling HTTPS.  

The Medical Imaging & Technology Alliance (MITA) is also encouraging healthcare facilities to take the necessary steps to reduce their exposure to cybersecurity threats. It pointed to the manufacturer disclosure statement for medical device security (MDS2) as a starting point to establish how to ideally deploy their PACS systems in a safe and secure way. Proper healthcare data management and security is vital to protect the information of patients and providers everywhere.

See the latest posts on our homepage Share

Topic Area: Information Technology

Recent Posts
Recent Posts

How HVAC Codes Must Adapt to Ever-Changing Science

Many hospitals are over-ventilating indoor spaces, resulting in wasted energy and dollars


3D Printed Walls Promise Efficiency in Construction

Walls can be printed with integrated electrical, mechanical, and HVAC services, reducing labor-intensive interior finishing process


NEMA Offers Motors and Generators Standard for Free

Standard provides guidance for motor manufacturers, state and local codes, repair shops, contractors, facilities managers and original equipment manufacturers


Case Study: Intercom System Improves Visitor and Patient Experience

Communication system also provides video monitoring of suspicious activity


New Construction Projects Expand Austin’s Healthcare Market

Women’s Center four-story vertical expansion project will consist of 166,369-square-foot addition


Post Comment


News & Updates • Webcast Alerts • Building Technologies

All fields are required.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.