Why Radiology should be worried about their data and ways to secure it from getting breached.
An Image may say a hundred words. But in the case for radiology, if an image can’t be securely moved across a network, you might have a standstill. Today, I want to talk about the challenges that radiologists face when digitized images can’t be transmitted.
In Radiology departments across rural and critical care hospitals, computerized systems play an increasingly vital role in providing care for nearly all patients. Long have passed the days when x-rays were developed in a dark room and viewed on light boxes. Nowadays, nearly every single image produced to diagnose treatments across the spectrum of healthcare, radiology is nearly 100% dependent on digital images—and on the ways in which digital images get transmitted and stored securely on hospital networks.
One of the most critical ways doctors and providers utilized and maintain digital pictures is through a sophisticated computer system called the Picture Archiving and Communication System, or PACS for short. PACS had been developed for radiology services over 20 years ago to take medical imaging into the digital age. Many contemporary means of diagnosing patients critically depend on digital images from radiographs, ultrasounds, CT scans and MRIs.
While PACS technology has made image visualization easier for both radiologists and collaborating doctors caring for patients, image transmission capabilities can easily go offline if IT support teams do not properly understand radiology vendor technologies. And patient care can be compromised if communication to PACS stops working.
On top of the crippling effects to your hospital operations and care if PACS stops working, your PACS system may not be as secure as you may think!
If you think your patient’s information is secure through PACS, you may want to stop and take a closer look. Medical devices on hospital networks are just as vulnerable to attacks as workstations.
In fact, a recent case study into hacking hospital devices showed that hackers are able to search out computers and devices using specific software. Whether your healthcare system is large or small, healthcare security experts are worried that PACS and specific imaging systems may be easier to hack into than once thought.
Medical devices—including imaging devices—often have three critical vulnerabilities:
Weak Administrative Credentials— nearly 80% of radiologists don’t realize that their administrative credentials onto their imaging machines are often factory set. That means easy and common passwords—or passwords that can be found with a little snooping (but nothing that can’t stop a hack or data breach from happening!).
Administrative passwords should be hard to crack, should be unique to a machine and need to be stored in a safe place to restrict access. Healthcurity automatically monitors and tracks admin passwords and their usage on ALL devices on your network. If you have any suspicions about how safe your passwords are on your network, many security experts recommend pursuing a 3rd party network security assessment.
Software Vulnerabilities—just like Microsoft’s regular release of patches (they’ve been consistently releasing patches on Tuesdays for a while now!), your radiology-specific software have releases and updates to ensure your software is safe from hackers.
We recommend that you monitor all your devices for software updates. This entails (1) identifying all software on your network (including software used on devices), (2) tracking software updates for each piece of software used in your hospital (including Radiology!), and (3) applying and testing updates to make sure that your software is safe and functional.
Transmission of Unencrypted Data—when images get sent from a device—say an X-Ray or CT scanner—many times, these images are not securely transmitted. That means that the files are not adequately encrypted and that hackers are able to penetrate and pilfer information from those files. The big concern with having unencrypted images getting transferred to PACS is that hackers are able to glean enough information from an image to completely steal a medical identity.
We recommend that your IT Support monitor for traffic going across your network—paying specific attention to places where sensitive information (like PHI) is moving across the network. Ensure that when information moves off network that it is in an encrypted state to prevent data leaks, identity thefts and potential legal battles down the line.
The problem with having unprotected radiology devices is that hackers can learn a lot from image files. More than simply obtaining specific medical records (which in and of itself could lead to identity theft), hackers can learn a lot about a specific healthcare provider and radiology department, including employee names and even the exact room number where the equipment is located.
These hackers could even go to lengths of changing settings on your machines, leading to mis-interpretations of images, misdiagnosis and hefty lawsuits.
My questions to you are not really complicated: Are you sure your PACS and radiology equipment is protected on network? Can you reliably send images to PACS and can providers consistently have access for speedy diagnoses?
