With imaging now living in a digital world free of films, radiologists must remain vigilant of potential threats from hackers.
The National Cybersecurity Center of Excellence (NCCOE) is well aware of such growing concerns and recently released draft guidelines to help safeguard picture archiving and communication systems. It’s essential the imaging business quickly take action, the group argued, to protect patient records and reduce the likelihood of a breach.
“PACS, by its nature, is a system that cannot operate in isolation,” the center of excellence, part of the National Institute of Standards and Technology, wrote in a summary of the guidelines. “The primary role of PACS is interaction with disparate medical imaging devices, interconnectivity with other clinical systems, and allowing a geographically and organizationally diverse team of healthcare professionals to review medical images to provide quality and timely patient care. Therefore, the threat landscape is broad.”
To help in drafting the guidelines, the NCCOE built a laboratory to mimic a medical imaging environment, assessed potential risks and identified controls to help better secure archiving systems. The center also collaborated with several vendors to develop the draft guidelines, which dropped in September.
NCCOE noted that key ingredients of a PACS cybersecurity solution include:
- “Network zoning” that allows for more precise control of digital traffic and limits communication functions to the bare minimum to support the business’ regular functions
- Mechanisms to control access, such as multifactor authentication for providers and safeguards that limit vendors’ ability to remotely service medical imaging components
- A “holistic” approach to addressing risk that also includes the management of medical device assets and tools that analyze behavior patterns to help manage cyber threats and vulnerabilities in real time