In this month’s blog, I will be covering Cyber Security in Medical Imaging and whether it is something we should be concerned about.
Why would hackers target Medical Imaging?
The main reason hackers target Medical Imaging is to gain access to hospital information systems. This gives them an opportunity to disrupt services in the healthcare organisations. This, in turn affects the daily running of the healthcare environment and can cause major disruptions affecting patient care and potentially put lives at risk.
Previous attacks on the healthcare industry have seen hackers demand substantial amounts of money. It is not just the IT systems that can be hacked however. Medical devices have also been targeted in the past, of which can receive malicious commands, causing harm to patients.
How can we protect ourselves from Cyber Attacks?
One way that ransomware attacks can be prevented is by using a cloud-based image server. The reason for this is that when a hacker breaches and shuts down a system, the cloud-based PACS can be used to navigate around the infected computers and continue operations on separate machines. The instant access to the medical imaging data can allow for work to continue somewhat uninterrupted.
Another potential avenue to protect and increase cybersecurity is to keep your PACS on-site and maintain a reliable series of backups. If you are running your PACS on-site, the software is installed as an application on a specific computer. If hackers take control of that machine and shut it down to hold you ransom, there are very few options. This puts you in a dangerous position in terms of providing patient care.
Backing up the imaging data is essential. Depending on the volume of data being stored, backups should be completed frequently to protect against the possibility of such attacks.
Cybersecurity and PACS is only really now being addressed but there are many PACS at risk. Legacy systems for example, could be seen an easy target due to the previous oversight in security.
By extending the life of a legacy system to save money, hospitals are leaving themselves open to such attacks. This can ultimately be devastating for patient records as well as patient care.
Moving forward, there needs to be a merge between Radiology and IT to share the responsibility between both departments. If the whole responsibility for cybersecurity lays in the hands of the IT department, the key clinical workflows and how to protect PACS fully may not be understood. This then leaves us almost to where we are today.
Thank you for taking the time to read this month’s blog, I would appreciate hearing your thoughts on this topic.