No policies address PACS security flaws

Article

Events of last August -- when three widespread infestations of computer worms attacked Windows-based systems -- illustrated the vulnerabilities of many medical applications, including PACS. The pressing need for software patches was also revealed. Yet

Events of last August - when three widespread infestations of computer worms attacked Windows-based systems - illustrated the vulnerabilities of many medical applications, including PACS.

The pressing need for software patches was also revealed. Yet no clear policy addresses medical device software patch management, according to a scientific paper presented at the SCAR annual meeting.

"The application of software patches on medical devices requires a risk assessment to balance network risk verses the medical/legal risk of altering an FDA-regulated medical device," said Michael A. Nielsen, a clinical engineer with the U.S. Air Force's Medical Logistics Office.

Lack of directive policy on how security vulnerabilities associated with software fixes must be handled and what security standards apply to medical device OEMs creates further confusion and risk, Nielsen said.

Complexities associated with networked environments, current world events, and the OEM shift to Windows-based systems further exacerbate the problem, he said.

Neilsen appeared at SCAR to sound the alarm and raise awareness. He said the healthcare technology community must work with both OEMs and the FDA to develop a working model for software maintenance and validation.

Ideally, as vulnerabilities and advisories are released, OEMs would implement a process to immediately initiate an assessment of alerts from watchdog bodies such as the Computer Emergency Response Team.

Once a patch is validated, the OEM would have a global mechanism, such as a secure Web site, for customer downloads, Nielsen said.

"Failure to recognize the need for vulnerability assessments and security patch response on medical devices platforms as part of the overall device life cycle puts the healthcare community at undue risk for catastrophic failure," he said.

A culture paradigm shift must occur, according to Nielsen.


Newsletter

Stay at the forefront of radiology with the Diagnostic Imaging newsletter, delivering the latest news, clinical insights, and imaging advancements for today’s radiologists.

Recent Videos
SNMMI: Emerging PET Insights on Neuroinflammation with Progressive Apraxia of Speech (PAOS) and Parkinson-Plus Syndrome
Improving Access to Nuclear Imaging: An Interview with SNMMI President Jean-Luc C. Urbain, MD, PhD
SNMMI: 18F-Piflufolastat PSMA PET/CT Offers High PPV for Local PCa Recurrence Regardless of PSA Level
SNMMI: NIH Researcher Discusses Potential of 18F-Fluciclovine for Multiple Myeloma Detection
SNMMI: What Tau PET Findings May Reveal About Modifiable Factors for Alzheimer’s Disease
Emerging Insights on the Use of FES PET for Women with Lobular Breast Cancer
Can Generative AI Reinvent Radiology Reporting?: An Interview with Samir Abboud, MD
Mammography Study Reveals Over Sixfold Higher Risk of Advanced Cancer Presentation with Symptom-Detected Cancers
Combining Advances in Computed Tomography Angiography with AI to Enhance Preventive Care
Study: MRI-Based AI Enhances Detection of Seminal Vesicle Invasion in Prostate Cancer
Related Content
© 2025 MJH Life Sciences

All rights reserved.