Go-to steps from a senior imaging informatics analyst during SIIM 2020 to bolster security efforts.
In an increasingly digital industry, security has become an ever-present concern. Given the volume of imaging data each facility maintains, it is incumbent for providers and practice administrators to take proactive, protective steps, according to industry experts.
During the Society of Imaging Informatics in Medicine 2020 virtual meeting, Tom Kern, CIIP, senior imaging informatics analyst at Children’s Hospital Colorado, shared his insights on the importance of maintaining proper security and how facilities and practices can maximize it for their imaging informatics.
“We have a really long tail on modalities throughout the industry that we’re still actively using for patient care,” he said, highlighting one of the main security problems that radiology faces. “There are a fair number of machines out there that are still running on old operating systems that, except for a random patch here and there, have had no significant upgrades.”
Without a current operating system that allows for proper protection, he cautioned, facilities are left vulnerable to viruses and hacking. Bad actors are frequently aware of these weaknesses and will actively exploit them. And, once they are inside a facility’s network, he said, they have access to anything on that network as long as it can be reached via IP, potentially becoming a persistent threat.
Safety Steps
There are several things facilities can do, though, to protect themselves, Kern said.
Responsible party: Identify who is responsible for all maintenance and security patches. In some cases, large vendors will automatically push updates to a system, alleviating the need for any action. But, smaller vendors frequently leave actual update installation to the client.
“Knowing who’s responsible for patching and who’s responsible for the care and feeding of your modalities is important,” he said.
Network segmentation: Keep devices that contain personal health information segmented and separated from a standard desktop PC, iPad, or other similar devices. Kern also advised not having them directly connected to the internet unless it is absolutely necessary.
Info-security team: Partner with an info-security team, as well as network administrators outside of imaging, he said.
“Imaging informatics professionals are really good at a lot of things, but we can’t really be good at everything,” he explained. “Engage those resources outside of imaging to make sure your network is set up properly, make sure that you’re doing patching properly, and have a schedule set up.”
Implement firewalls: Limit the targets that are allowed to communicate with each modality. With these firewalls in place, systems must conduct a security review process for any new target, potentially identifying ones that present risks.
Know the Network
Ultimately, Kern said, it is imperative that facilities know exactly what is on their network. With a solid level of familiarity, it will be easier to catch security threats.
“If you have a CT scanner that’s talking to an IP in Southeast Asia or Western Europe, and you don’t have clients in those locations, it’s worth investigating,” he advised. “Be curious – not only about what you have but what your systems are talking to, as well.”
FDA Clears Remote Scanning Support Platform for MRI, CT and PET/CT
March 25th 2024The multimodality system nCommand Lite reportedly facilitates real-time remote imaging guidance on scanning parameters and procedure assessments to licensed technologists for a variety of imaging modalities including CT and MRI.
The Reading Room: Artificial Intelligence: What RSNA 2020 Offered, and What 2021 Could Bring
December 5th 2020Nina Kottler, M.D., chief medical officer of AI at Radiology Partners, discusses, during RSNA 2020, what new developments the annual meeting provided about these technologies, sessions to access, and what to expect in the coming year.
AI Radiology ROI Calculator Study Projects 451 Percent ROI Over Five Years
March 18th 2024Incorporating an artificial intelligence (AI) platform into the radiology workflow at a stroke management-accredited hospital may lead to projected savings of 78 days in triage time and 41 days in reporting time for radiologists over a five-year period, according to new research.
Current Perspectives on Radiology Workforce Issues and Potential Solutions
March 14th 2024Emphasizing the gravity of the ongoing workforce shortage in radiology, these authors recommend a change agenda focusing on expanded numbers of residency positions, reassessment of educational pathways, maintaining a strong presence in hospital settings and practice level initiatives to reduce administrative burden and achieve appropriate reimbursement beyond RVU measurements.