Cybersecurity Protection for PACS and Medical Imaging: Deployment Considerations and Practical

Cybersecurity is increasingly affecting the healthcare sector. In a recent article, the authors analyzed specific attacks against picture archiving and communications systems (PACS) and medical imaging networks and proposed security measures. This article discusses issues that require consideration when deploying these proposed measures and provides recommendations on how to implement them. Hospitals should deploy virus scanners on systems where permitted, with high priority on devices that are part of the central IT infrastructure of the hospital. They should introduce a systematic management of software updates on operating system, application software and virus scanner level and clarify the provision of security updates for the intended duration of use when purchasing a new device. They should agree with the PACS vendor on a long-term strategy for implementing access rights, and enable encrypted network communication where possible. This requires an agreement on the encryption algorithms to be used, and a public-key infrastructure. For most of these tasks, standards and profiles exist today. There are, however, some gaps: Implementation of cybersecurity measures would be facilitated by integration profiles on certificate and signature management, and access rights in a PACS environment.