The agency is saying that the DICOM standard of the picture-accessing communication system is open for exploitation when it is connected to the internet.
The US Department of Health and Human Services is warning the hospitals and the health systems. This warning is regarding the PACS security vulnerabilities. The picture archive communication system vulnerability came to light two years ago. It is also facing a problem which needs fixing right away.
In 2019 the cyber researchers found a flaw in some of the PACS. If it gets exploited, it can expose the patient data or put the network at risk of malware. Hackers can easily identify and compromise these systems.
It can also provide unauthorized access to patient records. Thus the healthcare organizations are getting the advice to review their inventory to determine if they are running any PACS system or not.
An ultrasound, MRI, and CT with other radiology files stored and exchanged on the PACS servers. They rely on Digital Imaging and Communications in Medicine formatting.
DICOM developed 30 years ago. It is also very vulnerable to exploitation, as the HC3 officials think. Another study has found that this problem is about to increase with the additional system.
Cybercriminals can easily expose all the medical data. This exploit can even allow for the manipulation of the medical diagnosis, scan falsification, and the deployment of malware or sabotage.
Too many PACS are available for exploitation which can affect 130 health systems. HC3 has listed the name of some of the potential PACS devices. It includes the Optima520, Optima 540, Optima 640, Optima 680, Discovery NM530c, Discovery NM750b, Discovery XR656, and Discovery XR656 Plus. It also includes the Centricity PACS server, Centricity PACS RA1000, Centricity PACS -1W, Centricity DMS, etc. Also, there are the eNTEGRA, CADstream, Optima MR360, Image Vault 3x GEMNet License Server, and many more.
PACS can be very useful for image management. It leads to multiple benefits for quality care and cost savings. But the imaging system needs to have proper configuration to work more optimally and safely with security. It is now the first time that federal agencies have warned about connected imaging devices. It needs monitoring regularly for threat mitigation.