News | Cybersecurity | October 04, 2019

Hyland Healthcare Contributes to New Healthcare Cybersecurity Guide from NIST

Guide focuses on securing medical imaging data; National Institute of Standards and Technology seeks feedback from users

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) is releasing a new practice guide — NIST Special Publication 1800-24, Securing Picture Archiving and Communication System (PACS)

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) is releasing a new practice guide — NIST Special Publication 1800-24, Securing Picture Archiving and Communication System (PACS) — to help healthcare delivery organizations (HDOs) protect patient images and other pertinent medical data. Hyland Healthcare is one of the technology vendors who participated in developing this guide.

The NCCoE is a collaborative hub where industry organizations, government agencies and academic institutions work together to address businesses' most pressing cybersecurity challenges. This practice guide represents the NCCoE's dedication to public interest and the critical cybersecurity matters within the healthcare sector.

This practice guide demonstrates how commercially available technologies, like Hyland Healthcare's Acuo, NilRead and PACSgear can be integrated within existing tools, to implement a secure enterprise imaging ecosystem in support of image acquisition, image management and advanced visualization.

"Hyland Healthcare is proud to lend expertise to this effective new guide where we demonstrate the power of connected healthcare solutions to meet the complexity and risk associated with rapidly proliferating medical imaging content," said Sandra Lillie, global director, enterprise imaging sales and strategy at Hyland.

The project assesses risk for five scenarios and documents consideration of threats, vulnerabilities, likelihoods and impacts on medical imaging operations under these scenarios. The system for this project is broadly identified as the PACS, though, practically, it incorporates a set of processes and other systems that make up a medical imaging ecosystem. Hyland included the viewer workstations that interact with the medical imaging ecosystem, VNA applications, and the clinical systems that interface with modalities and the PACS environment.

The guide can be used by any organization that is deploying PACS and medical imaging systems, and that is willing to perform its own risk assessment and implement controls based on its risk posture. Both standards and best practices were used to develop two reference designs leveraging commercially available technologies. The guide also maps capabilities to NIST guidance and control families, including the NIST Cybersecurity Framework.

To complete this guide, the NCCoE also collaborated with other technology vendors, including Cisco, Clearwater Compliance, Digicert, Forescout, Philips, Symantec, TDI Technologies, Tempered Networks, Tripwire, Virta Labs and Zingbox.

"Collaborating with stakeholders such as members of industry, technology providers, and integrators to produce viable cybersecurity solutions is key to the NCCoE's success. The Securing Picture Archiving and Communication System Practice Guide can help organizations reduce their risk around medical imaging and is another successful example of how stakeholders engage with the NCCoE to produce solutions to real-world problems."

The NCCoE believes the guide helps meet a critical cybersecurity and economic need, but would also like feedback from users to enhance it. To share your thoughts on this step-by-step guide, download the draft guide and provide your feedback on the NCCoE comment page. The public comment period closes on November 18, 2019.

*While the example implementation uses certain products, NIST and the NCCoE do not endorse these products. The guide presents the characteristics and capabilities of those products, which an organization's security experts can use to identify similar standards-based products that will fit within with their organization's existing tools and infrastructure.

For more information: www.hyland.com

Related Content

While electronic medical record systems have helped consolidate most patient data into one location, medical imaging IT systems has proved to be more difficult to replicate by large EMR vendors. This has made room in the market for third-party radiology IT vendors that allow easy integration with the larger EMRs like Epic and Cerner. This image shows Agfa's enterprise imaging system, leveraging its ability to be accessed anywhere with internet connection and pull images from radiology and surgery.

While electronic medical record systems have helped consolidate most patient data into one location, medical imaging IT systems has proved to be more difficult to replicate by large EMR vendors. This has made room in the market for third-party radiology information system vendors that allow easy integration with the larger EMRs like Epic and Cerner. This image shows Agfa's enterprise imaging system, leveraging its ability to be accessed anywhere with an internet connection and able to pull in images from both radiology and surgery. 

Feature | Enterprise Imaging | October 17, 2019 | Steve Holloway
October 17, 2019 — The growing influence and uptake of electronic medical records (EMRs) in healthcare has driven deb
USF Health Expands Digisonics System With Vascular Reporting
News | Cardiac PACS | October 17, 2019
University of South Florida (USF) Health in Tampa, Fla., has enhanced their use of the Digisonics Cardiovascular...
Sectra Adds DePuy Synthes 3-D Templates to Pre-Operative Orthopedic Solution
News | Orthopedic Imaging | October 17, 2019
International medical imaging information technology (IT) and cybersecurity company Sectra is extending its pre-...
Intelerad's nuage Patient Portal

Intelerad's nuage Patient Portal. Image courtesy of Intelerad.

News | Enterprise Imaging | October 17, 2019
Intelerad Medical Systems announced that OneWelbeck, a London operator of specialist facilities for minimally-invasive...
Carestream's Focus 35C digital radiography (DR) detector

The Focus 35C detector. Image courtesy of Carestream

News | Digital Radiography (DR) | October 17, 2019
At the 2019 annual meeting of the Radiological Society of North America (RSNA), Dec. 1-6 in Chicago, Carestream will...
An illustration of radiology department analytics data showing GE Healthcare’s business analytics software.

An illustration of radiology department analytics data showing GE Healthcare’s business analytics software.

Feature | Radiology Business | October 17, 2019 | By April Wilson
According to IBM, the world creates 2.5 quintillion bytes of data daily.
Image courtesy of Bethesda Health

Image courtesy of Bethesda Health

Feature | Radiology Business | October 17, 2019 | By Susan DeCathelineau
Few professions have experienced the dramatic changes that radiologists have over the past few years.
GE Healthcare and Theragnostics Partnering on PSMA PET/CT Imaging Agent
News | Prostate Cancer | October 16, 2019
GE Healthcare and Theragnostics have entered into a global commercial partnership for a new prostate-specific membrane...
Guerbet Signs Agreement With Icometrix for Exclusive Distribution of Icobrain
News | Neuro Imaging | October 16, 2019
Guerbet announced it has signed an exclusive agreement with Icometrix for the distribution in France, Italy and Brazil...