Cybersecurity Protection for PACS and Medical Imaging: Deployment Considerations and Practical Problems

Eichelberg, Marco; Kleber, Klaus; Kämmerer, M

doi:10.1016/j.acra.2020.09.001

Cited by 8 publications

(7 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To this day ransomware has been affecting considerably in the health sector, these cybercriminals block the communication of medical devices that are being used, and these medical equipment are the ones with more vulnerability to attacks despite their importance to save lives [22], [33]- [35], have also led to the interruption of different scenarios such as the radiotherapies of thousands of patients, mostly on the impact of COVID-19 [36]- [38]. Similarly, the authors mention that there are numerous security concerns, such as denial of service, spoofing, and remote hijacking, these cyber-attacks are associated with internet connectivity in medical things, and such devices mostly have security and privacy issues as they have very limited computing power [39], [40].…”

Section: What Are the Most Frequent Cyberattacks In The Healthcare Se...mentioning

confidence: 99%

Cybersecurity in health sector: a systematic review of the literature

Herrera¹,

Valcárcel²,

Díaz-Reátegui³

et al. 2023

IJEECS

View full text Add to dashboard Cite

Currently, health centers are being affected by various cyberattacks putting at risk the confidential information of their patients and the organization because they do not have a plan or tools to help them mitigate these cyberattacks, which is important to know what measures to take to protect the privacy of personal data. The present work was carried out under a systematic literature review, which aims to show the importance of cybersecurity in the health sector knowing which tools are the most used and efficient to prevent a cyberattack. A systematic review of 301 articles was carried out, 79 of which are aligned with the objective set, fulfilling the inclusion and exclusion criteria. The search for information was carried out in the Scopus and Dimensions databases. The analysis carried out has resulted in good information that was compiled for the development of this topic, being favorable thanks to the different research of different authors.

show abstract

Section: What Are the Most Frequent Cyberattacks In The Healthcare Se...mentioning

confidence: 99%

Cybersecurity in health sector: a systematic review of the literature

Herrera¹,

Valcárcel²,

Díaz-Reátegui³

et al. 2023

IJEECS

View full text Add to dashboard Cite

show abstract

“…\end{equation*}$$ Scenario II . The second scenario is a hospital with high cyber protection by keeping devices updated with the most recent patches, using authentication credentials, removing default passwords, and implementing any other cybersecurity protection methods (Eichelberg et al., 2021). Multiple settings for the low probability of edge contagion are characterized by

p_{i}=q_{i}

for each component in the following

\begin{align*} &p_{IMW} = q_{IMW} = 0.10, &&p_{DW} = q_{DW} = 0.15, \\ &p_{PM} = q_{PM} = 0.20, &&p_{IP} = q_{IP} = 0.25 \end{align*}

and varying values for the edges between the PACS and HIS system by having

\begin{equation*} p_{PACS} = q_{PACS} \in \lbrace 0.40, 0.35, 0.30, 0.25, 0.20, 0.15\rbrace \end{equation*}

and between the HIS system and CNS by letting

$$\begin{equation*} p_{CNS} = q_{CNS} \in \lbrace 0.35, 0.30, 0.25, 0.20, 0.15, 0.10 \rbrace .

…”

Section: Numerical Implicationsmentioning

confidence: 99%

“…The second scenario is a hospital with high cyber protection by keeping devices updated with the most recent patches, using authentication credentials, removing default passwords, and implementing any other cybersecurity protection methods (Eichelberg et al, 2021). Multiple settings for the low probability of edge contagion are characterized by p i = q i for each component in the following p IMW = q IMW = 0.10, p DW = q DW = 0.15, p PM = q PM = 0.20, p IP = q IP = 0.25 and varying values for the edges between the PACS and HIS system by having p PACS = q PACS ∈ {0.40, 0.35, 0.30, 0.25, 0.20, 0.15} and between the HIS system and CNS by letting p CNS = q CNS ∈ {0.35, 0.30, 0.25, 0.20, 0.15, 0.10}.…”

Section: Scenario IImentioning

confidence: 99%

“…Since medical imaging digital files use DICOM, the DICOM Part 10 File Format had a vulnerability that can "contain the header for an executable file, such as Portable Executable malware" according to CVE 2019-11687 with a CVSS base score of 7.8. Eichelberg et al (2021) analyzed other specific attacks and threat vectors of the PACS system. Such threats could allow an attacker to compromise connected clinical devices and laterally spread malicious code to other devices on the network undetected (Health Sector Cybersecurity Coordination Center, 2020.…”

Section: Pacsmentioning

confidence: 99%

See 1 more Smart Citation

Framework for cyber risk loss distribution of hospital infrastructure: Bond percolation on mixed random graphs approach

2023

View full text Add to dashboard Cite

Networks like those of healthcare infrastructure have been a primary target of cyberattacks for over a decade. From just a single cyberattack, a healthcare facility would expect to see millions of dollars in losses from legal fines, business interruption, and loss of revenue. As more medical devices become interconnected, more cyber vulnerabilities emerge, resulting in more potential exploitation that may disrupt patient care and give rise to catastrophic financial losses. In this paper, we propose a structural model of an aggregate loss distribution across multiple cyberattacks on a prototypical hospital network. Modeled as a mixed random graph, the hospital network consists of various patient‐monitoring devices and medical imaging equipment as random nodes to account for the variable occupancy of patient rooms and availability of imaging equipment that are connected by bidirectional edges to fixed hospital and radiological information systems. Our framework accounts for the documented cyber vulnerabilities of a hospital's trusted internal network of its major medical assets. To our knowledge, there exist no other models of an aggregate loss distribution for cyber risk in this setting. We contextualize the problem in the probabilistic graph‐theoretical framework using a percolation model and combinatorial techniques to compute the mean and variance of the loss distribution for a mixed random network with associated random costs that can be useful for healthcare administrators and cybersecurity professionals to improve cybersecurity management strategies. By characterizing this distribution, we allow for the further utility of pricing cyber risk.

show abstract

“…Our staff who were affected by fraudulent activity appreciated the timely notification, free credit check opportunities, names of contacts in our HR Department, resources for state and police reporting, for credit company notifications and freezes, and for bank notifications. If processes were not already in place to protect your data and that of your patients, these must be prioritized as widespread use of remote clinical, education and communication systems will subject you to cyberattacks (18). There have been a number of recent high profile, high impact attacks on University of California San Francisco (UCSF), Washington DC and U Vermont.…”

Section: Utilize Available Legal and Human Resource Staffmentioning

confidence: 99%

Enabling Your Radiology Business to Thrive Strategic Lessons Learned During the Initial and Subsequent Surges of the Covid-19 Pandemic

et al. 2021

View full text Add to dashboard Cite

The Covid-19 pandemic surges of 2020 resulted in major operational, personal, and financial impacts on US radiology practices. In response, a series of strategic and intentional operational changes were implemented, varying by practice size, structure and model. In reviewing the many business lessons that we learned during the pandemic, it became clear that for a business to be successful, a host of additional supportive factors are necessary. In addition to timely expense reductions, optimizing revenue capture and close monitoring and management of cash and reserves available for use, we also consider effective leadership and communication strategies, maintenance of a healthy and adequately staffed team, support for a remote work environment and flexible staffing models. Other ingredients include effectively embracing digital media for communications, careful attention to current and new stakeholders and the service delivered to them, understanding federal and state regulatory changes issued in response to the pandemic, close collaboration with the Human Resources office, and an early focus on redesigning your future practice structure and function, including disaster and downtime planning. This review aims to share lessons to enable leaders of an imaging enterprise to be better prepared for similar and future surges.

show abstract

Cybersecurity Protection for PACS and Medical Imaging: Deployment Considerations and Practical Problems

Cited by 8 publications

References 11 publications

Cybersecurity in health sector: a systematic review of the literature

Cybersecurity in health sector: a systematic review of the literature

Framework for cyber risk loss distribution of hospital infrastructure: Bond percolation on mixed random graphs approach

Enabling Your Radiology Business to Thrive Strategic Lessons Learned During the Initial and Subsequent Surges of the Covid-19 Pandemic

Contact Info

Product

Resources

About