Viruses could level hospital PACs and IT systems. The only way to keep an infestation from happening is for the vendors and users of these systems to work together to shore up their defenses, according to representatives of the medical devices business.
A new white paper, produced with input from medical imaging trade groups from around the world, explains the various software threats, outlines potential vulnerabilities, and suggests practical defense strategies. The document (available at www.nema.org/medical/spc) was written by a trade-based international security and privacy committee, comprising members from the U.S. National Electrical Manufacturers Association, European Coordination Committee of the Radiological and Electromedical Industry, and Japanese Industries Association of Radiological Systems.
The committee's recommendations should be taken seriously by the producers and users of medical IT systems, who share responsibility for protecting patient data, said committee vice chair Dr. Wolfgang Leetz, an executive charged with ensuring data privacy and security for Siemens Medical Solutions. Leetz spoke to delegates at September's joint EuroPACS/Management in Radiology meeting in Trieste, Italy.
"We as vendors are ready to support users of IT systems in many ways," he said. "But users cannot rely on vendors and technology alone. Users must introduce and enforce effective procedures in their organization as well."
Increasingly, the developers of malicious software are combining elements that attack computer systems in different ways, thereby maximizing the chance that their attack will evade IT defenses. IT vendors must ensure that their systems detect every security breach, whenever and wherever it occurs, he said.
There are several ways to do so. Technical solutions include checksum calculations, which indicate whether a file has been modified. System profiles can verify the integrity of entire directories.
Ironically, the most commonly used method for defending against viral attacks, software that scans for the presence of a virus, may do more harm than good. This type of software, which matches known virus patterns to data stored on computer hardware, can itself cause problems when used on medical IT equipment, Leetz said. Software may try to "fix" normal image data or shut down an entire system on the basis of a false alert. IT vendors should turn off any autofix functions and ensure that security patches designed to cover problems don't cause more problems than they solve.
"It is our obligation to offer security updates and technical assistance, but any upgrades to protect against published software vulnerabilities need to be tested carefully before they are distributed to our customers," he said.
The easiest way to prevent malicious software attack is to restrict physical access to medical imaging scanners, workstations, and portable media drives, according to Leetz. For this to work, hospitals and healthcare institutions have to get involved. Connections between medical IT systems and other networks or equipment should be minimized, particularly when wireless hardware is used.
Typical network defenses that healthcare providers should consider installing include firewalls, activity-logging software, strong user-authentication, and demilitarized zones.
Users should not only identify and bolster IT defenses but use the possible consequences of a malicious attack as the basis for establishing a disaster recovery strategy, Leetz said. Use of multiple measures and different IT systems could reduce the impact of an incursion.
"The best approach is to implement a defense in depth philosophy," he said. "That means don't use one tool at one place-use different tools and different mechanisms at different locations in the network. In this way, if an attacker gets through one network security measure, there are additional measures to help thwart the attack."
Can Radiomics and Autoencoders Enhance Real-Time Ultrasound Detection of Breast Cancer?
September 10th 2024Developed with breast ultrasound data from nearly 1,200 women, a model with mixed radiomic and autoencoder features had a 90 percent AUC for diagnosing breast cancer, according to new research.
Researchers Show Higher Breast Cancer Upstaging Rate with 18F-FAPI PET/CT
September 9th 2024The imaging agent 18F-FAPI PET/CT demonstrated greater than a 45 percent higher sensitivity rate in comparison to 18F-FDG PET/CT for the detection of axillary and extraaxillary regional lymph node metastases, according to a lesion-based analysis from a recent study.
Study Assesses Lung CT-Based AI Models for Predicting Interstitial Lung Abnormality
September 6th 2024A machine-learning-based model demonstrated an 87 percent area under the curve and a 90 percent specificity rate for predicting interstitial lung abnormality on CT scans, according to new research.