According to CyberMDX field data, around 55 percent of imaging devices run deprecated or otherwise unpatched versions of Windows ostensibly vulnerable to exploits such as BlueKeep or DejaBlue. Among those devices, roughly 25 percent have open RDP ports. These facts and the news that a usable exploit for BlueKeep has been published on Metasploit leave the world of radiology particularly exposed.
Similarly, DICOM processes, developed in an earlier technological era when today’s threat landscape could hardly be imagined, do not incorporate sufficiently robust authentication techniques or encryption. That’s on the technology level. On the management level, few administrators are implementing appropriate communication and port restrictions, which explains Greenbone Networks’ recent findings that 400 million medical radiological images are exposed on the internet.
Making matters worse, with so much AI innovation revolving around advanced pattern recognition and image analysis, radiology is not only the premier testing ground for the technology, but a battleground as well. Consider, for example, a recent study out of Ben-Gurion University, where researchers showed that hackers could intercept and materially manipulate CT and MRI images as they move through cyberspace.
The sophistication of cyberattacks is rising quickly and medical professionals must work diligently to keep patients safe from the consequences.
Best practices for securing connected radiology devices The first step to protecting your equipment from cyber compromise is to reduce the attack surface. That means:
● Conducting staff-wide cyber education and training.
● Digitally inventorying your device fleet — including hardware, OS, software, and network configuration details.
● Mapping out and micro-segmenting the distinct use and risk groups within your network.
● Setting strong firewall/NAC policies to govern the communications between these micro-segments/security groups based on trust relationships
● Preemptively disabling or blocking traffic to ports that will not be used in the course of a device's intended operations.
● Employing MFA and sound password management
● Using end-to-end encryption.
● Cross-referencing your asset inventory against the NVD vulnerability feed to rapidly and confidently identify and locate all their affected devices
● Integrating with vendor support portals to automate the tracking and implementation of relevant software updates and patches
