Greg Freiherr, Industry Consultant

Greg Freiherr has reported on developments in radiology since 1983. He runs the consulting service, The Freiherr Group.

Sponsored Content | Blog | Greg Freiherr, Industry Consultant | Enterprise Imaging | April 27, 2017

Balancing Needs In The Fight Against Cybercrime

cyber crime cybersecurity

Image courtesy of Pixabay

Radiologists may not consider imaging systems to be at high risk of cyber attack. But it is for exactly this reason that radiologists must be especially careful.

The extension of equipment beyond its expected lifetime, and its reliance on operating systems with out-of-date security can make aging imaging systems an attractive target for hackers. The connection of radiology systems, such as X-ray systems, PET and CT scanners to PACS — and the connection of PACS to electronic medical records systems as part of enterprise imaging initiatives — have upped the ante.

"All it takes is one component — one crimp in the armor — to take down the environment,” said Michael McNeil, head of global product and security services at Philips Healthcare, a leading provider of medical devices and services. A single infected device can spread malware throughout a hospital network, McNeil said.

Increasing the vulnerability of radiology to attack is hesitancy on the part of radiologists to remedy vulnerabilities. “Radiologists may feel they’re not likely to be targeted,” he explained. "Consequently they may look at security measures as an unnecessary burden on their daily routine."

System designers of radiology devices and the IT systems to which they connect must be aware of radiologists' concerns, McNeil said. But they also must do what they can to protect patient data.

 

Ransomware Proliferates

Healthcare providers are especially at risk to one of the fastest proliferating and potentially damaging kinds of cyber attack — ransomware. This digital form of extortion uses malware to encrypt the victim's stored data. The cybercriminals hold this data hostage, refusing to decrypt it until the victim pays a ransom.

In February 2016, Hollywood Presbyterian Medical Center in Los Angeles was the victim of a ransomware attack. Hackers encrypted some of the hospital’s systems and demanded a $17,000 ransom to decrypt it. After paying the ransom in Bitcoin, the healthcare facility regained control of the infected systems. But that was three days later.

The need to access digital patient data creates a strong incentive for hospitals to knuckle under to ransom demands. Healthcare providers are being further compelled to give in to demands by their fiduciary liability. Senior executives may be held liable if their institutions lose sensitive patient data.

Bearing such dark-sounding names as CryptoLocker, CryptoWall, CryptXXX, and TeslaCrypt, ransomware has encrypted the computer systems of thousands of organizations in recent years, yielding ransoms running into the hundreds of millions of dollars. Often these are paid in Bitcoins, the attackers’ preferred currency.

According to the U.S. Department of Justice, the number of cyber attacks has quadrupled since 2015, averaging more than 4,000 per day. The United States has been the hardest hit, accounting for 28 percent of malware infections globally.

A prime institutional target of attackers is healthcare whose providers are 4.5 times more likely to be hit by CryptoWall malware than those in other industries.

 

Assessing Cyber Risk

The industry’s vulnerability to ransomware attacks has put cyber security professionals on notice, according to McNeil. And the manufacturers are responding. “The healthcare industry is going through some growing pains when it comes to (protecting against) ransomware and other threats," he said. "But it is maturing quickly.”

To be effective, cyber security must protect against ransomware as well as other threats. And it must address all medical devices and IT systems within the hospital network, because each connects with others as part of a digital ecosystem. It is, therefore, prudent, according to McNeil, for hospitals and other care providers to partner with medical device manufacturers to create a unified front against cyber attacks.

“At Philips, we provide continuous product security status documents (to customers) indicating the hospital’s potential security vulnerabilities and how to identify, track, and assess these threats,” he said. “We’re focused on ‘security by design,’ meaning we do appropriate risk assessments looking at the different type of threat vectors as they emerge and their potential consequences.”

Among the Philips products receiving special attention is IntelliSpace PACS. This information system is designed not only to facilitate the accuracy and data availability but also the integrity of patient data, according to McNeil. IntelliSpace incorporates high security technical standards so as to maintain confidentiality, integrity, and availability of patient data.

Philips informatics business group, Healthcare Informatics Solution and Service (HISS), has implemented measures that comply with U.S. Department of Defense regulations. These measures, as built into Philips' ISPACS 4.4.550, provide state-of-the-art privacy and security. "We are deploying our solution broadly to everyone, whether you are a military or government organization or not," he said.

 

Teamwork Matters

Collaboration is essential to reduce the risk of ransomware, McNeil added. Philip’s Security Center of Excellence shares information with leading cyber security researchers and test facilities around the world, assisting them to rapidly eliminate, reduce, and mitigate cyber threats.

This is good news for radiologists and other providers in the chain of patient care. Assured that equipment designers have taken steps to protect patient data as it travels across the hospital’s digital ecosystem, providers can focus on what they do best — providing healthcare.

CEOs and CIOs may decide on purchases, but radiologists are the users of imaging equipment. That makes their experience critically important. When designing radiology equipment, it all comes down to striking an effective balance, according to McNeil.

"We have to make (data flow) as seamless as possible but still secure," he said. "We have to maintain the ability to access information with no degradation in the timing by which those reports and files are accessed."

Related Content

Paige Prostate, is the first artificial intelligence (AI)-based software designed to identify an area of interest on the prostate biopsy image with the highest likelihood of harboring cancer so it can be reviewed further by the pathologist if the area of concern has not been identified on initial review.
News | Digital Pathology | September 22, 2021
September 22, 2021 — The U.S.
This study shows that thanks to deep learning analysis applied to digitized pathology slides, artificial intelligence can classify patients with localized breast cancer between high risk and low risk of metastatic relapse in the next five years.

Getty Images

News | Artificial Intelligence | September 22, 2021
September 22, 2021 — The RACE AI study conducted by Gustave...
HealthMyne, a pioneer in applied radiomics, announced today that peer-reviewed research recently published in the journal Cancers has demonstrated the ability of its radiomics technology to identify biomarkers that predict whether patients with lung adenocarcinoma would benefit from immunotherapy.

Semi-automatic lesion identification: (A) Manual ROI indication. In blue, it is possible to observe the axes that cross the lesion manually delineated by the radiologist on a plane of the MPR. The intensity of the lesion boundary (estimated) is represented with a red outline. (B) Additional axes can be dragged onto other orthogonal MPR views. From left to right, it is possible to observe the initial long axis outlined by the radiologist and the 2D contours on the axial, coronal and sagittal views of the lesion used as a starting point for the RPM algorithms. (C) Resulting 3D contour of the lesion (in blue).

News | Radiomics | September 21, 2021
September 21, 2021 —  HealthMyne, a pioneer in applied radiomics, announced today that peer-reviewed ...
News | Breast Imaging | September 20, 2021
September 20, 2021 — ImageCare Centers is unveiling its new “PINK Better Mammo” service with the addition of...
This is an example of 3-D ultrasound imaging on a breast, designed to help increase efficiency and diagnostic accuracy in any practice. Image courtesy of Hologic.

This is an example of TriVu ultrasound imaging on a breast, designed to help increase efficiency and diagnostic accuracy in any practice. Image courtesy of Hologic.

Feature | Breast Imaging | September 15, 2021 | By Jennifer Meade
The...
While the Mammography Quality Standards Act (MQSA) and the introduction of EQUIP (Enhancing Quality Using the Inspection Program) have been successful in standardizing and enhancing mammographic imaging quality, inadequate breast positioning can dramatically impact the ability of radiologists and technicians to quickly and accurately detect breast cancer and potentially malignant lesions in their patients

Getty Images

Feature | Mammography | September 15, 2021 | By Christopher Austin, M.D. and Randy D. Hicks, M.D., MBA
To get more flexibility and cost savings from storage, healthcare organizations are increasing their investments in the cloud
Feature | Information Technology | September 15, 2021 | By Kumar Goswami
Healthcare organizations today are storing petabytes of medical imaging data — lab slides,...
Revenues for teleradiology reading service providers are forecast to follow a similar profile over this period.

Outlook for 2021 and Beyond. As displayed in the figure below, these six market drivers are projected to result in teleradiology reading service volumes increasing by 21% in 2021 and nearly doubling by 2025. Revenues for teleradiology reading service providers are forecast to follow a similar profile over this period.

Feature | Teleradiology | September 15, 2021 | By Arun Gill
The closely tied relationship between...
Cloud services have been utilized within healthcare organizations for more than a decade. Now with the growth of artificial intelligence (AI) it is very common to see organizations adopting cloud services.

Getty Images

Feature | Information Technology | September 14, 2021 | By Jef Williams