• AI
  • Molecular Imaging
  • CT
  • X-Ray
  • Ultrasound
  • MRI
  • Facility Management
  • Mammography

No policies address PACS security flaws

Article

Events of last August -- when three widespread infestations of computer worms attacked Windows-based systems -- illustrated the vulnerabilities of many medical applications, including PACS. The pressing need for software patches was also revealed. Yet

Events of last August - when three widespread infestations of computer worms attacked Windows-based systems - illustrated the vulnerabilities of many medical applications, including PACS.

The pressing need for software patches was also revealed. Yet no clear policy addresses medical device software patch management, according to a scientific paper presented at the SCAR annual meeting.

"The application of software patches on medical devices requires a risk assessment to balance network risk verses the medical/legal risk of altering an FDA-regulated medical device," said Michael A. Nielsen, a clinical engineer with the U.S. Air Force's Medical Logistics Office.

Lack of directive policy on how security vulnerabilities associated with software fixes must be handled and what security standards apply to medical device OEMs creates further confusion and risk, Nielsen said.

Complexities associated with networked environments, current world events, and the OEM shift to Windows-based systems further exacerbate the problem, he said.

Neilsen appeared at SCAR to sound the alarm and raise awareness. He said the healthcare technology community must work with both OEMs and the FDA to develop a working model for software maintenance and validation.

Ideally, as vulnerabilities and advisories are released, OEMs would implement a process to immediately initiate an assessment of alerts from watchdog bodies such as the Computer Emergency Response Team.

Once a patch is validated, the OEM would have a global mechanism, such as a secure Web site, for customer downloads, Nielsen said.

"Failure to recognize the need for vulnerability assessments and security patch response on medical devices platforms as part of the overall device life cycle puts the healthcare community at undue risk for catastrophic failure," he said.

A culture paradigm shift must occur, according to Nielsen.


Recent Videos
Emerging Research at SNMMI Examines 18F-flotufolastat in Managing Primary and Recurrent Prostate Cancer
Could Pluvicto Have a Role in Taxane-Naïve mCRPC?: An Interview with Oliver Sartor, MD
New SNMMI President Cathy Cutler, PhD, Discusses Current Challenges and Goals for Nuclear Medicine
Where the USPSTF Breast Cancer Screening Recommendations Fall Short: An Interview with Stacy Smith-Foley, MD
A Closer Look at MRI-Guided Transurethral Ultrasound Ablation for Intermediate Risk Prostate Cancer
Improving the Quality of Breast MRI Acquisition and Processing
Can Fiber Optic RealShape (FORS) Technology Provide a Viable Alternative to X-Rays for Aortic Procedures?
Does Initial CCTA Provide the Best Assessment of Stable Chest Pain?
Making the Case for Intravascular Ultrasound Use in Peripheral Vascular Interventions
Can Diffusion Microstructural Imaging Provide Insights into Long Covid Beyond Conventional MRI?
Related Content
© 2024 MJH Life Sciences

All rights reserved.