Data stored on CD media show vulnerability to alteration

Article

Physical security issues for CD media used to transfer imaging data from one institution to another have been well documented. Discs tend to stack up in back offices and are frequently lost. A study from Denmark reveals that data on the disc are not well-protected either and are vulnerable to easy alteration (J Digit Imaging 2007 Aug 21; [Epub ahead of print]).

Physical security issues for CD media used to transfer imaging data from one institution to another have been well documented. Discs tend to stack up in back offices and are frequently lost. A study from Denmark reveals that data on the disc are not well-protected either and are vulnerable to easy alteration (J Digit Imaging 2007 Aug 21; [Epub ahead of print]).

"Identification information such as patient name, age, institute name, and date of imaging can be readily altered on DICOM files exported by CD media," said Fintan McEvoy, a computer engineer at the University of Copenhagen.

No alterations to the DICOM readers were required, McEvoy said. Changes were applied only to the data files, and the alterations were not detectable without detailed analysis of the file structure.

"When the altered CD is inserted into a standard computer CD drive, a stand-alone viewer is opened and images are displayed with altered data. The user cannot tell from the performance or behavior of the disc that the data have been altered," he said.

CD media should be considered unsafe in any situation with potential for financial or other gain from altering the data and when the copy cannot be cross-checked with the original data, according to McEvoy. These situations include insurance claims, medical litigation, and certification procedures.

"While equipment makers attach disclaimers to the discs and specify intended use of such media, CDs are often the only practical means of transmitting imaging data," McEvoy said.

Manufacturers may state in an opening window, for example, that the discs are for reference only and are not to be used for diagnostic purposes.

McEvoy recommends that radiologists confine their use of CD media to conform to restrictive limits stated by the manufacturers. The imaging community needs to impress upon machine and media manufacturers that some method for secure transmission of data using portable media is required.

"For instance, while encryption of patient data is possible, it has not been implemented in many current releases of software packages," he said.

Encryption raises DICOM issues. A common approach to encryption is to replace certain characters according to a key, but the resulting special characters may then be unusable since they fall outside the DICOM standard.

One remedy to this issue is described in the literature (Int J Med Inform 2001:64(2-3):429-438). The authors copied data from the DICOM files to a relational database, encrypted them, then replaced patient data with permissible but meaningless information in the DICOM file.

Newsletter

Stay at the forefront of radiology with the Diagnostic Imaging newsletter, delivering the latest news, clinical insights, and imaging advancements for today’s radiologists.

Recent Videos
SNMMI: Emerging PET Insights on Neuroinflammation with Progressive Apraxia of Speech (PAOS) and Parkinson-Plus Syndrome
Improving Access to Nuclear Imaging: An Interview with SNMMI President Jean-Luc C. Urbain, MD, PhD
SNMMI: 18F-Piflufolastat PSMA PET/CT Offers High PPV for Local PCa Recurrence Regardless of PSA Level
SNMMI: NIH Researcher Discusses Potential of 18F-Fluciclovine for Multiple Myeloma Detection
SNMMI: What Tau PET Findings May Reveal About Modifiable Factors for Alzheimer’s Disease
Emerging Insights on the Use of FES PET for Women with Lobular Breast Cancer
Can Generative AI Reinvent Radiology Reporting?: An Interview with Samir Abboud, MD
Mammography Study Reveals Over Sixfold Higher Risk of Advanced Cancer Presentation with Symptom-Detected Cancers
Combining Advances in Computed Tomography Angiography with AI to Enhance Preventive Care
Study: MRI-Based AI Enhances Detection of Seminal Vesicle Invasion in Prostate Cancer
Related Content
© 2025 MJH Life Sciences

All rights reserved.