Radiation Isn’t the Only Risk Associated with Medical Imaging Devices | Cyber Security

As a patient moves down the small, loud tunnel of an MRI tube, CT scan, or other high-powered radiology device, it's safe to assume they believe the diagnostic benefits outweigh the risk of radiation exposure (and a possible claustrophobic-induced panic attack). In fact, only after understanding – and accepting — these risks is a patient permitted to proceed with the test. But, what additional risks could you be exposing yourself to while using a diagnostic imaging device?

According to a new project being spearheaded by the National Cybersecurity Center of Excellence (NCCoE) Healthcare Sector Community of Interest, cybersecurity is now considered a significant risk associated with medical imaging that must be better understood and addressed by the healthcare sector. NCCoE has recently decided to help the sector tackle this challenge via collaboration with a select group of cybersecurity vendors.

That said, I am proud to announce that NCCoE has named Tripwire, among a handful of other security vendors, as co-collaborators that will develop an example solution for securing the medical imaging device ecosystem known as Picture Archiving and Communication Systems (PACS).

Otherwise defined by the FDA as Class II devices that provide “one or more capabilities relating to the acceptance, transfer, display, storage, and digital processing of medical images,” PACS provide diagnostic results that determine a patient's next course of treatment and is one of several networked ecosystems critical to efficient doctor-patient workflow management within a Healthcare Delivery Organization (HDO).

The final outcome of the group's collaboration will be delivered in the form of a multi-volume NIST Cybersecurity Practice Guide intended to “…help healthcare sector organizations implement more-secure PACS solutions through the use of stronger security controls.” Tripwire products within these solutions will play a vital role in demonstrating how organizations can reduce the likelihood of a breach, minimize hospital and medical system disruptions, and protect patient privacy.

NIST standards and security controls have always been foundational to Tripwire products and solutions, so offering our support to NCCoE on this and similar collaborative projects was an easy decision and natural fit.  We are grateful for the opportunity to further our partnership with the National Cybersecurity Center of Excellence (NCCoE) in this ongoing effort to demonstrate how to apply standards and best practices to real-world solutions.

To learn more about the PACS project for the Healthcare Sector, download the project description at: https://www.nccoe.nist.gov/sites/default/files/library/project-descriptions/hit-pacs-project-description-final.pdf

About the NCCoE

The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses' most pressing cybersecurity challenges. This public-private partnership enables the creation of practical cybersecurity solutions for specific industries as well as for broad, cross-sector technology challenges. Through consortia under Cooperative Research and Development Agreements (CRADAs), including technology partners—from Fortune 50 market leaders to smaller companies specializing in IT security—the NCCoE applies standards and best practices to develop modular, easily adaptable example cybersecurity solutions using commercially available technology. Information is available at: https://www.nccoe.nist.gov/.