M Kämmerer scite author profile

Until recently there has been no standard for an interoperable and manufacturer-independent protocol for secure teleradiology connections. This was one of the main reasons for the limited use of teleradiology in Germany. Various teleradiology solutions have been developed in the past, but the vast majority have not been interoperable. Therefore an ad hoc teleradiology connection was impossible even between partners who were already equipped with teleradiology workstations. Based on the evaluation of vendor-independent protocols in recent years the IT Working Group (AGIT) of the German Radiology Society set up an initiative to standardize basic teleradiology. An e-mail based solution using the Dicom standard for e-mail attachments with additional encryption according to the OpenPGP standard was found to be the common denominator. This protocol is easy to implement and safe for personalized patient data and fulfills the legal requirements for teleradiology in Germany and other countries. The first version of the recommendation was presented at the 85th German Radiology Convention in 2004. Eight commercial and three open-source implementations of the protocol are currently available; the protocol is in daily use in over 50 hospitals and institutions.

Cybersecurity in PACS and Medical Imaging: an Overview

Eichelberg

Kleber²,

2020

J Digit Imaging

This article provides an overview on the literature published on the topic of cybersecurity for PACS (Picture Archiving and Communications Systems) and medical imaging. From a practical perspective, PACS specific security measures must be implemented together with the measures applicable to the IT infrastructure as a whole, in order to prevent incidents such as PACS systems exposed to access from the Internet. Therefore, the article first offers an overview of the physical, technical and organizational mitigation measures that are proposed in literature on cybersecurity in healthcare information technology in general, followed by an overview on publications discussing specific cybersecurity topics that apply to PACS and medical imaging and present the “building blocks” for a secure PACS environment available in the literature. These include image de-identification, transport security, the selective encryption of the DICOM (Digital Imaging and Communications in Medicine) header, encrypted DICOM files, digital signatures and watermarking techniques. The article concludes with a discussion of gaps in the body of published literature and a summary.

Cybersecurity Challenges for PACS and Medical Imaging

Eichelberg

Kleber²,

2020

Academic Radiology

Cybersecurity issues have been on the rise for years, increasingly affecting the healthcare sector. In 2019, several attacks have been published that specifically aim at medical network protocols and file formats, in particular digital imaging and communications in medicine. This article describes five attack scenarios on picture archiving and communications systems (PACS) and medical imaging networks: the import of patient data from storage media containing malware, a compromise of the hospital network, malware embedded in digital imaging and communications in medicine images or reports, a malicious manipulation of medical images and a network infiltration of malicious health level seven messages. Prevention and mitigation measures for each of these attacks exist, some of which can be implemented by the system user (e.g., hospital), while others require implementation in the PACS and medical imaging devices by the vendors. In practice, however, many of these are not in common use. What is missing today are PACS network security guidelines for practitioners that support users in keeping their network secure. Furthermore, integrating the healthcare enterprise integration profiles and test tools might be needed to address the deployment of public key infrastructure and digital signatures in the PACS environment.

E-Learning in der Radiologie - praktischer Einsatz des Content-Management-Systems Ilias

Schütze¹,

Mildenberger²,

2006

Fortschr Röntgenstr

Cybersecurity Protection for PACS and Medical Imaging: Deployment Considerations and Practical Problems

Eichelberg

Kleber²,

2021

Academic Radiology

Cybersecurity is increasingly affecting the healthcare sector. In a recent article, the authors analyzed specific attacks against picture archiving and communications systems (PACS) and medical imaging networks and proposed security measures. This article discusses issues that require consideration when deploying these proposed measures and provides recommendations on how to implement them. Hospitals should deploy virus scanners on systems where permitted, with high priority on devices that are part of the central IT infrastructure of the hospital. They should introduce a systematic management of software updates on operating system, application software and virus scanner level and clarify the provision of security updates for the intended duration of use when purchasing a new device. They should agree with the PACS vendor on a long-term strategy for implementing access rights, and enable encrypted network communication where possible. This requires an agreement on the encryption algorithms to be used, and a public-key infrastructure. For most of these tasks, standards and profiles exist today. There are, however, some gaps: Implementation of cybersecurity measures would be facilitated by integration profiles on certificate and signature management, and access rights in a PACS environment.