September 25, 2017 By Salwa Rafee 3 min read

In health care, cyberthreats pose a substantial risk to patient safety, systems of care and business continuity. The security of electronic medical information has a tremendous impact on data access, which directly affects quality of care, patients’ rights to privacy and the professional standing of health care organizations.

Practitioners can only make the best decisions for diagnosis and treatment plans when they have full access to all relevant information in their patients’ medical histories. Medical imaging security threats that limit physicians’ access to patient data can delay clinical management decisions and adversely impact patient care. A significant part of the data classified as protected health information (PHI) is medical imaging.

Cause for Concern

Following the recent Petya attack against a number of hospitals in the U.K., the Royal College of Radiologists and the British Institute of Radiology highlighted the major risk to time-sensitive cancer patient treatments due to blocked access to images and scan reports, which can affect appointments for radiotherapy and chemotherapy sessions. A breached medical image can lead to clinical errors, medical identity theft, insurance and claims inaccuracies, and prescription fraud.

Medical imaging procedures such as X-ray and ultrasonography are essential diagnostic tools at all major levels of health care. In public health, primary care, and both curative and palliative care, critical decisions depend on these images for correct diagnoses, to assess courses of many diseases and to evaluate how patients are responding to treatment. As medical equipment gets progressively more advanced, safer and more widely available, imaging-based procedures are increasing considerably. Effective and high-quality imaging can reduce unnecessary invasive procedures.

Standards for Medical Imaging Security

Picture archiving and communication systems (PACS) and reporting solutions enable health care practices to efficiently perform diagnostic imaging while providing end users with access to the system anytime, anywhere. Digital Imaging and Communications in Medicine (DICOM) is the standard for communication and management of medical imaging information and related data. The framework is maintained by the DICOM Standards Committee, which specifies security and system management profiles to which implementations may claim conformance. These are defined by referencing externally developed standard protocols, such as Lightweight Directory Access Protocol (LDAP), Transport Layer Security (TLS) and Integrated Secure Communication Layer (ISCL).

Imaging centers use the DICOM standard to incorporate protocols for imaging techniques such as radiography, CT, MRI, ultrasonography and radiation therapy for image exchange, compression, 3-D visualization, presentation and results reporting. Secure communication is critical when transmitting PHI and associated data between devices and recipients, whether internal to the organization or with external parties.

The fastest-growing industry trend is migrating medical data to secure and compliance-enabled cloud platforms for increased collaboration. As the digital imaging space is embraced across the health care enterprise, the swift transition from terabytes to petabytes of data has put radiology on the brink of information overload, increasing security vulnerabilities and risk of data loss in interoperable systems. Cloud computing and end-to-end data encryption offer the tools to manage data much more securely and efficiently.

Enhanced Visibility Into Data Activity

Medical imaging has become a significant tool in clinical trials because it enables accurate diagnosis with visualization and quantitative assessment. Clinical trials have multiple phases that can take several years to complete. Since intellectual property (IP) is the pharmaceutical industry’s most valuable resource, medical imaging security is key to the a company’s future success.

To safeguard these sensitive assets, health care security teams require a data activity monitor that centralizes risk controls, enhances visibility into user activity and supports various data source types. IBM Security Guardium supports Merge PACS and other modules, monitors and audits data activity for all data platforms and protocols, and enforces security policies in real time. It also creates a normalized repository of audit data for compliance, reporting and forensics.

The image below shows Guardium in action, monitoring and protecting multiple imaging solutions, such as PACS, vendor neutral archive (VNA), radiological information system (RIS), dashboards, cardio, eye care and financials.

Health care organizations should take an enterprisewide approach to implementing security strategies and embrace a health care security immune system to address the industry’s major pain points. Additionally, cognitive and augmented intelligence has become an essential tool to transform defense capabilities and help health care organizations win the war on cybercrime.

Read the white paper: Guard your organization’s data with intelligent IBM encryption

More from Healthcare

Cost of a data breach 2023: Healthcare industry impacts

3 min read - Data breaches are becoming more costly across all industries, with healthcare in the lead. The 2023 Cost of a Data Breach Report analyzes data collected from March 2022 to March 2023. Healthcare remains a top target for online criminal groups. These data breach costs are the highest of any industry and have increased for the 13th consecutive year. Healthcare is a highly regulated industry that the U.S. government considers critical infrastructure. As such, recent federal privacy standards, security standards and…

Cyberattackers target the Latin American health care sector

3 min read - Cyberattacks on the healthcare sector are a growing threat in Latin America, and the large amount of confidential data these organizations handle makes these attacks a top concern. The value of healthcare data in the illegal market, such as the personal, medical and financial information of patients and healthcare companies, creates an appealing target for threat actors. This can have serious consequences for the privacy and information security of these organizations. Cyberattacks could lead to reputational risks, interruption of operations,…

Increasingly sophisticated cyberattacks target healthcare

4 min read - It’s rare to see 100% agreement on a survey. But Porter Research found consensus from business leaders across the provider, payer and pharmaceutical/life sciences industries. Every single person agreed that “growing hacker sophistication” is the primary driver behind the increase in ransomware attacks. In response to the findings, the American Hospital Association told Porter Research, “Not only are cyber criminals more organized than they were in the past, but they are often more skilled and sophisticated.” Although not unanimous, the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today