Avoiding Hacked DICOM Images – What Can You Do?

April 6, 2020

Steps you can take, and what manufacturers should do to increase security.

Over the past decade, data hacking has become a progressive problem. Until relatively recently, however, businesses and governments have been the main victims. Now, the focus is turning more and more to healthcare, putting millions of pieces of patient data at risk.

So far, radiology has been largely spared, but industry experts warn cyber infiltrations are possible, and they’re coming.

In a new study, published in the American Journal of Roentgenology, a team of radiologists, cybersecurity experts, and DICOM security leaders, led by Benoit Desjardins, M.D., Ph.D., associate professor of radiology at the Hospital of the University of Pennsylvania, outlined the potential threats, what manufacturers are doing, and what radiologists can do to protect themselves from outside threats.

Overall, the team asserted, all security efforts should focus on three basic principles – confidentiality, integrity, and availability. In order to maintain the safety of your medical information – as well as your patients’ privacy – you should feel sure that no unauthorized parties have infiltrated your data, that nothing has been changed, and that the data is only available to individuals with proper permissions.

What Vulnerabilities Exist

To date, radiology has been relatively lucky. No attacks focused on medical imaging have been perpetrated. But, that doesn’t mean vulnerabilities don’t exist, Desjardins warned. Recent research efforts have unearthed two different types of potential attacks – access attacks and data injection attacks – that could lead to either hijacked or altered patient images.

In an access attack, your system is breached by an outside party who gains entry in your DICOM server to retrieve private images. This possibility could catch many facilities off-guard.

“The networks of several hospitals are poorly protected and can be accessed from the outside,” he said.

According to a 22-hour investigation by Massachusetts General Hospital in 2017, researchers identified 2,782 unprotected DICOM servers globally. Most of these were located in the United States. Of those, 821 systems were open to a DICOM connection, and 750 were open to patient information discovery.

In addition, in another study conducted a year later, a researcher associated with the security firm McAfee used an Internet scanning tool called Shodan to pinpoint more than 1,100 DICOM servers – again, mainly in the United States – that were directly connected to the Internet without any protection. As part of the investigation, he was able to access and retrieve DICOM images, enabling him to print a 3D model of a patient’s pelvic bones.

As unsettling as access attacks are, leaving your patients vulnerable to having private medical information stolen, the data injection attack could be far more frightening. In a March 2019 test, a security researcher demonstrated for the first time how an attacker can use deep learning to add or remove abnormal findings on CT and MRI scans in DICOM messages during the transfer from scanner to PACS. The changes slipped by 99 percent of radiologists who reviewed the altered images.

In another research effort, in April 2019, an investigator hid malware in DICOM files. Although the files appeared normal and could be read by a PACS and workstation, upon execution, the malware activated and compromised the computer system.

On top of these efforts, Desjardins warned, attackers can engage in identity spoofing where a patient’s name and identifiers could be changed or sent to the wrong records. Denial-of-service attacks could also create problems by sending millions of messages to a DICOM server, filling server memory space and overwhelming it.

Needed Manufacturers Steps

In an effort to side-step these proof-of-concept attacks from becoming reality, there are protective steps manufacturers could take, Desjardins said. But, so far, they largely haven’t.

“Some security features are already part of the DICOM standard, but most cannot be used because they have not been implemented by the manufacturers,” he explained.

To change this, he said, manufacturers should do four things.

As a first step, all manufacturers should implement current DICOM security features for transmission between institutions and for all internal networks, including both symmetric and asymmetric encryption for negotiating the connection, as well as authenticating all sending and receiving parties.

Second, manufacturers should employ a creator digital signature to confirm the identity and integrity of the party responsible for sending the images. They must also routinely check the accuracy of these signatures by all receivers and allow for warnings if the signatures are missing or can’t be verified.

Third, Desjardins suggested, manufacturers must make provisions to delete any undesired preambles in DICOM files that allow any malware to be activated. And, lastly, manufacturers should use DICOM image validators to verify image consistency.

What You Should Do

Although much of the technical work behind protecting your images and the channels through which you share them falls to manufacturers and information technology staff, Desjardins said, some responsibility does rest on your shoulders.

“Radiologists and technologists occasionally face corrupted data, incomplete data, and issues of data origin,” he said. “Access controls, audit flags, and workflow alarms can already identify several of these problems, but radiologists must keep the [confidentiality, integrity, and availability] triad in mind.”

There are three tactics you can employ to ensure you’re taking the proper steps to secure your DICOM images, he advised.

First, be sure you’ve maximized confidentiality. Any images on a laptop or CD should be encrypted or anonymized. Avoid remotely viewing or transmitting any medical images over a public Wi-Fi network without using a virtual private network (VPN). This step ensures the images will be encrypted.

Second, as the hacking threat to DICOM images increases, you must stay on high alert that any images you view now could have been altered. If you suspect any problems, make use of any redundancies in data sets – do you see the same findings on coronal or sagittal reformatted sequences or on scout images? If you determine that the images have been compromised, refer to prior images and the patient’s medical history to figure out if the images do, in fact, belong to that patient, as well as if they make sense based on his or her other medical records.

Lastly, verify you can trust the source of the images, Desjardins said. If you load a CD from an unfamiliar source, you could be opening your system up to a potential malware attack.

In addition to using these strategies to maintain the safety of your images and your facility’s system, he said, you and your colleagues can encourage the further development of security technologies by discussing your institution’s requirements with vendors.

“A major responsibility of radiologists and radiology administrators is to include available DICOM security measures in equipment specifications and purchase contracts,” he said. “If users do no request security features, there is little incentive for manufacturers to include them.”