In health care, cyberthreats pose a substantial risk to patient safety, systems of care and business continuity. The security of electronic medical information has a tremendous impact on data access, which directly affects quality of care, patients’ rights to privacy and the professional standing of health care organizations.

Practitioners can only make the best decisions for diagnosis and treatment plans when they have full access to all relevant information in their patients’ medical histories. Medical imaging security threats that limit physicians’ access to patient data can delay clinical management decisions and adversely impact patient care. A significant part of the data classified as protected health information (PHI) is medical imaging.

Cause for Concern

Following the recent Petya attack against a number of hospitals in the U.K., the Royal College of Radiologists and the British Institute of Radiology highlighted the major risk to time-sensitive cancer patient treatments due to blocked access to images and scan reports, which can affect appointments for radiotherapy and chemotherapy sessions. A breached medical image can lead to clinical errors, medical identity theft, insurance and claims inaccuracies, and prescription fraud.

Medical imaging procedures such as X-ray and ultrasonography are essential diagnostic tools at all major levels of health care. In public health, primary care, and both curative and palliative care, critical decisions depend on these images for correct diagnoses, to assess courses of many diseases and to evaluate how patients are responding to treatment. As medical equipment gets progressively more advanced, safer and more widely available, imaging-based procedures are increasing considerably. Effective and high-quality imaging can reduce unnecessary invasive procedures.

Standards for Medical Imaging Security

Picture archiving and communication systems (PACS) and reporting solutions enable health care practices to efficiently perform diagnostic imaging while providing end users with access to the system anytime, anywhere. Digital Imaging and Communications in Medicine (DICOM) is the standard for communication and management of medical imaging information and related data. The framework is maintained by the DICOM Standards Committee, which specifies security and system management profiles to which implementations may claim conformance. These are defined by referencing externally developed standard protocols, such as Lightweight Directory Access Protocol (LDAP), Transport Layer Security (TLS) and Integrated Secure Communication Layer (ISCL).

Imaging centers use the DICOM standard to incorporate protocols for imaging techniques such as radiography, CT, MRI, ultrasonography and radiation therapy for image exchange, compression, 3-D visualization, presentation and results reporting. Secure communication is critical when transmitting PHI and associated data between devices and recipients, whether internal to the organization or with external parties.

The fastest-growing industry trend is migrating medical data to secure and compliance-enabled cloud platforms for increased collaboration. As the digital imaging space is embraced across the health care enterprise, the swift transition from terabytes to petabytes of data has put radiology on the brink of information overload, increasing security vulnerabilities and risk of data loss in interoperable systems. Cloud computing and end-to-end data encryption offer the tools to manage data much more securely and efficiently.

Enhanced Visibility Into Data Activity

Medical imaging has become a significant tool in clinical trials because it enables accurate diagnosis with visualization and quantitative assessment. Clinical trials have multiple phases that can take several years to complete. Since intellectual property (IP) is the pharmaceutical industry’s most valuable resource, medical imaging security is key to the a company’s future success.

To safeguard these sensitive assets, health care security teams require a data activity monitor that centralizes risk controls, enhances visibility into user activity and supports various data source types. IBM Security Guardium supports Merge PACS and other modules, monitors and audits data activity for all data platforms and protocols, and enforces security policies in real time. It also creates a normalized repository of audit data for compliance, reporting and forensics.

The image below shows Guardium in action, monitoring and protecting multiple imaging solutions, such as PACS, vendor neutral archive (VNA), radiological information system (RIS), dashboards, cardio, eye care and financials.

Health care organizations should take an enterprisewide approach to implementing security strategies and embrace a health care security immune system to address the industry’s major pain points. Additionally, cognitive and augmented intelligence has become an essential tool to transform defense capabilities and help health care organizations win the war on cybercrime.

Read the white paper: Guard your organization’s data with intelligent IBM encryption

More from Data Protection

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…