DOTmed Home MRI Oncology Ultrasound Molecular Imaging X-Ray Cardiology Health IT Business Affairs
News Home Parts & Service Operating Room CT Women's Health Proton Therapy Endoscopy HTMs Pediatrics
Endroit courant :
> This Story

Ouverture ou Registre to rate this News Story
Forward Printable StoryPrint Comment




Health IT Homepage

Three ways internet isolation technology protects healthcare from cyberattacks Taking vulnerability out of the online experience

Why is (almost) no one billing for remote patient monitoring? Using mobile to monitor patients at home can boost care quality — and revenue streams

Simplifying population health management and the identification of social determinants with natural language processing

Vulnerabilities found in infusion pump firmware Could enable dose or infusion rate manipulation

How important is protecting the patient health information (PHI) to your vendors? Outsourcing services comes with risks that must be addressed

Informatics, standardization and the next phase for enterprise imaging Life after silos is coming into focus

Roche and GE Healthcare release NAVIFY Tumor Board 2.0 Supports personalized treatment decision-making

Enterprise content management (ECM) systems are the rise Offering better data security, market may exceed $1.3 billion by 2023

Financial details of nearly 12 million patients at risk following AMCA breach Includes social security numbers, credit cards and medical information

Agfa investigates sale of Hospital IT and Integrated Care business Shedding $213 million unit will position company mainly as imaging vendor

A design flaw in the DICOM standard
risks malware infiltration that could
negatively affect medical image storing
and sharing

New DICOM design flaw spells potential risks for image storing and sharing

par John R. Fischer , Staff Reporter
A design flaw in the DICOM standard has raised a number of potential red flags on the security around the storage and exchange of medical images.

Uncovered by Markel Picado Ortiz, a researcher for medical device cybersecurity firm Cylera, the deficiency enables hackers to embed executable codes of malware within DICOM files to create PE/DICOM files, hybrids that are fully-functioning, Windows executable and specification-compliant DICOM images that can be opened and viewed in any traditional DICOM viewer. Such an addition raises the risk for potential evasion and multistage attacks, with attempts to reduce or eliminate the malware resulting in damages to the quality and the release of protected health patient information.

Story Continues Below Advertisement


Special-Pricing Available on Medical Displays, Patient Monitors, Recorders, Printers, Media, Ultrasound Machines, and Cameras.This includes Top Brands such as SONY, BARCO, NDS, NEC, LG, EDAN, EIZO, ELO, FSN, PANASONIC, MITSUBISHI, OLYMPUS, & WIDE.

"Cyber threats in healthcare should be viewed through the lens of patient safety and clinical continuity,” Paul Bakoyiannis, chief technology officer for Cylera, told HCB News. “We must be aware that mitigation steps could have harmful side effects due to the sensitivity of the data found within healthcare systems, and the importance of uptime. Complex dynamics arise when cyber attacks and clinical care are mixed, as these findings show, and healthcare organizations should be aware of the impacts of both the threats themselves and the attempted remediation steps.”

Comprising the header of the DICOM file format standard is the Preamble, a 128-byte section at the beginning of the file that facilitates access to the images and metadata within the DICOM image. As any random sequence of 128 or fewer bytes can be inserted within the preamble without jeopardizing the image file’s conformance with the DICOM standard, third parties can establish compatibility with non-DICOM image viewers for formats such as JPG and TIFF images, without having to worry about structural requirements.

Attackers, however, can exploit this feature by inserting full PE headers that make the DICOM file appear to be an executable. They also can fully embed a functioning executable into a DICOM image, while maintaining its ability to be executed by the operating system and act as a standards-compliant DICOM image file, thereby allowing the executable file to appear as a DICOM image, a reversal of the true standard which makes DICOM files appear as other formats.

In doing so, the malware can grow into more potent variants that infect and use patient data to hide, protect and spread itself. It is able to evade detection from automated mechanisms in configurations such as A/V software by being executed without changing the ".dcm" file extension and by maintaining the integrity of the DICOM format.
  Pages: 1 - 2 >>

Health IT Homepage

You Must Be Logged In To Post A Comment

La publicité d'email
Développez la notoriété de votre marque
Enchères + Ventes Privées
Obtenir le meilleur prix
Acheter des équipement / pièces
Trouver le meilleur prix
Infos du jour
Lire Les dernières nouvelles
Consulter tous les utilisateurs DOTmed
Éthique concernant DOTmed
Voir notre programme d'éthique
L'or partie le programme de fournisseur
Recevoir des demandes PH
Programme de marchand de service d'or
Recevoir des demandes
Fournisseurs de soins de santé
Voir tous les outils des HCP (abréviation pour les professionnels de la santé)
Trouver / combler un poste
Parts Hunter +EasyPay
Obtenir des devis de pièces
Voir les utilisateurs récemment certifiés
Voir les utilisateurs récemment certifiés
Récemment évalué sur DOTmed
Voir les utilisateurs récemment certifiés
Central de location
Louer de l’équipement à moindre prix
Vendre des équipements / pièces
Obtenir le maximum d'argent
Service Technicians Forum
Trouver de l'aide et des conseils
Simple demande de propositions
Obtenir des devis pour des appareils
Expo Virtuelle
Trouver des services d'appareils
L'Access et l'utilisation de cet emplacement est sujet aux modalités et aux conditions du notre de nos MENTIONS LEGALES & DONNEES PERSONELLES
Propriété de et classe des propriétaires DOTmedà .com, inc. Copyright ©2001-2019, Inc.