Greg Freiherr, Industry Consultant
Greg Freiherr, Industry Consultant

Greg Freiherr has reported on developments in radiology since 1983. He runs the consulting service, The Freiherr Group.

Blog | Greg Freiherr, Industry Consultant | Cybersecurity| February 04, 2019

How to Boost Cybersecurity in Medical Imaging

Cyber hackers pose a worsening threat to radiology and the rest of medical imaging. This risk might be reduced, however, by applying best practices developed by professional organizations such as HIMSS (Healthcare Information and Management Systems Society) and government agencies such as HHS (Health and Human Services) and NIST (National Institute of Standards).

This help is coming none too soon, according to Axel Wirth, distinguished technical architect at Symantec and one of the world’s foremost authorities on cybersecurity.

“Attacks are not only becoming more frequent and more sophisticated but they are also becoming much more malicious and purposeful,” said Wirth in an ITN podcast on cybersecurity in medical imaging and health care.

Wirth, who has spoken often on health IT topics, including medical device cyber safety, will deliver the keynote speech February 11 at the Cybersecurity forum during the annual HIMSS convention in Orlando.

 

Why Hackers Target Medical Imaging

Medical imaging presents easy targets to attackers. This is one of the prime reasons it has been attacked, Wirth said during ITN’s podcast on cybersecurity. Scanners “and things like PACS and PACS workstations were exploited by attackers as a beachhead,” Wirth said in the podcast, noting that cyber attacks on imaging equipment and imaging networks have been done to access “higher valued information.”

But cyber attackers may also target medical imaging and health care for other reasons, he said. Nation states and nation-sponsored groups may be after information about the design of medical devices and formularies for new pharmaceuticals, as well as clinical trial data.

Or they may use malware to encrypt patient data, and then offer to sell the decryption code to victims. Health care is not the only industry susceptible to ransomware, but it is especially vulnerable. Wirth said, “I can’t tell a patient that arrives in the emergency room with chest pain that unfortunately we are dealing with a cyber attack: ‘Can you come back next week?’ ”

The good news is that cybersecurity in health care is maturing “at a fairly rapid pace,” Wirth said in the podcast. The key to continuing that pace is making sure cybersecurity is applied throughout health care — “not just (to) a few select thought leaders and large hospitals.”

 

Where To Find Best Practices in Cybersecurity

An HHS document detailing cybersecurity practices in health care notes the cybersecurity risks and how different size practices might address them. “What is good about this document is that they really broke it down, based on size … and maturity of the organization,” said Wirth, who cited similarly crafted HIMSS guidances “for various types of organizations based on size and maturity level.”

Wirth also cited a NIST publication that establishes a generic cybersecurity framework.  “Different industries and individual organizations (can) take that framework, adapt it to their needs and circumstances, and then develop a roadmap for a path to security,” he said.

As the interconnectivity of medical imaging increases due to cloud computing, analytics and data storage, as well as the expansion of enterprise imaging, the threat from cyber criminals is growing. “More connectivity always creates more opportunity (for cyber attackers),” Wirth said.

In the podcast, Wirth describes steps that providers might take in concert with equipment manufacturers to counter this rising threat. Some “would depend on the type of equipment you are purchasing,” he said.  In the podcast, he contrasts how considerations differ when purchasing ultrasound scanners, for example, versus PET/CTs.

 

Additional Reading:

FDA and DHS Expand Partnership on Medical Device Cybersecurity 

How To Stop (Or Slow) Hackers 

Agents of Change: Cybersecurity In A World Of Old And New 

 

Greg Freiherr is a contributing editor for Imaging Technology News (ITN). Over the past three decades, Freiherr has served as business and technology editor for publications in medical imaging, as well as consulted for vendors, professional organizations, academia and financial institutions.

 

Editor's note: In preparation for the upcoming HIMSS (Healthcare Information and Management Systems Society) Conference on Feb. 11, contributing editor Greg Freiherr begins the show coverage with this exclusive podcast and accompanying blog. This is the first podcast in a series of three.

Related Content

Sponsored Content | Videos | Radiology Imaging | June 13, 2019
In an interview with itnTV, Henry Izawa, vice president, modality solutions and clinical affairs, Fujifilm Medical Sy
A static image drawn from a stack of brain MR images may illustrate the results of a study. But a GIF (or MP4 movie), created by the Cinebot plug-in, can scroll through that stack, providing teaching moments for residents and fellows at Georgetown University

A static image drawn from a stack of brain MR images may illustrate the results of a study. But a GIF (or MP4 movie), created by the Cinebot plug-in, can scroll through that stack, providing teaching moments for residents and fellows at Georgetown University. Image courtesy of MedStar Georgetown University Hospital

Feature | Information Technology | June 13, 2019 | By Greg Freiherr
Editor’s note: This article is the third in a content series by Greg Freiherr covering the Society for Imaging In
Studycast PACS Adds Two-factor Authentication to Improve Data Privacy and Security
News | Cybersecurity | June 12, 2019
Core Sound Imaging announced the addition of two-factor authentication (2FA) to the security measures available for the...
Medivis SurgicalAR Gets FDA Clearance
Technology | Virtual and Augmented Reality | June 10, 2019
Medivis announced that its augmented reality (AR) technology platform for surgical applications, SurgicalAR, has...
At ACC 2019, Siemens unveiled a version of its go.Top CT optimized for cardiovascular imaging. The newly packaged scanner can generate data needed to do  CT-based FFR (fractional flow reserve).

At ACC 2019, Siemens unveiled a version of its go.Top CT optimized for cardiovascular imaging. The newly packaged scanner can generate data needed to do
CT-based FFR (fractional flow reserve).

Feature | Cardiac Imaging | May 31, 2019 | By Greg Freiherr
The fingerprints of value-added medicine were all over products and works-in-progress on the exhibit floor of the ann
Einstein Healthcare Network found that use of automated power injectors reduced CT contrast extravasation rates over a 30-month period.

Einstein Healthcare Network found that use of automated power injectors reduced CT contrast extravasation rates over a 30-month period.

Feature | Computed Tomography (CT) | May 30, 2019 | By Jeff Zagoudis
As of 2015, approximately 79 million computed tomography (CT) scans were performed each year in the U.S.
Sponsored Content | Webinar | Computed Tomography (CT) | May 30, 2019
This webinar will explain technical considerations when performing cardiac CT angiography in pediatric patients.
Sponsored Content | Webinar | Computed Tomography (CT) | May 30, 2019
Chest pain is one of the most frequent reasons for an evaluation in the emergency room.There are multiple imaging mod
Brain images that have been pre-reviewed by the Viz.AI artificial intelligence software to identify a stroke. The software automatically sends and alert to the attending physician's smartphone with links to the imaging for a final human assessment to help speed the time to diagnosis and treatment. Depending on the type of stroke, quick action is needed to either activate the neuro-interventional lab or to administer tPA. Photo by Dave Fornell.

Brain images that have been pre-reviewed by the Viz.AI artificial intelligence software to identify a stroke. The software automatically sends and alert to the attending physician's smartphone with links to the imaging for a final human assessment to help speed the time to diagnosis and treatment. Depending on the type of stroke, quick action is needed to either activate the neuro-interventional lab or to administer tPA. Photo by Dave Fornell.

Feature | Artificial Intelligence | May 17, 2019 | Inga Shugalo
With its increasing role in medical imaging,...
Videos | Advanced Visualization | May 16, 2019
This is an example of how virtual reality is being used in neuro-radiology to better evaluate patients using advanced