DICOM (Digital Imaging and Communications in Medicine) is a ticking bomb in healthcare – updated for the COVID-19 pandemic

Updated in view of the COVID-19 pandemic (Feb-Mar 2020)
Medical imaging results saved in DICOM files is emerging to be an acute healthcare vulnerability. Patients continually undergo medical imaging tests, but during the COVID-19 pandemic there is a requirement to limit patient access to clinics. Furthermore, once a patient undergoes the evaluation, there are scenarios where the results are stored on a CD/DVD. These physical devices can be inherent COVID-19 carriers due to handling by both patients and medical staff.
These concerns add to existing risks inherent with the DICOM protocol and CD/DVD usage, leading DICOM to be considered as a ticking bomb in healthcare:
- CD/DVDs can contain media based attacks (either unknowingly or with malicious intent).
- The CD/DVDs often contain a viewer software (an executable) that can be compromised.
- The DICOM protocol has known vulnerabilities that enable injecting malicious code that can compromise the PACS system.
- Due to their complexity, it is challenging to scan DICOM files for threats – threats can be easily embedded inside of DICOM files and evade detection by traditional AV scanners and other security solutions.
An overview of DICOM vulnerabilities:
- June 11th ’19. The US ICS CERT has alerted to a vulnerability exposed in the DICOM protocol for medical imaging files.
- The CVE-2019-11687 exploit demonstrates the ability of an attacker to embed malicious code into image files used by medical imaging devices. This latest vulnerability joins a long list of concerns in the DICOM protocol, read here.
- Sasa Software, together with Sasa APAC, has created a whitepaper on DICOM vulnerabilities, read here.
The solution: Sasa Software GateScanner DICOM Protector provides security by:
- Enabling patients to remotely upload DICOM files.
- Limits the usage of CD/DVDs
- Scans the viewing software.
- Uses a proprietary technology to scan the DICOM file for vulnerabilities and malicious code.
Read more about the solution, here
Watch a short video on our Youtube channel: https://youtu.be/SSSmazFJiHg