Radiation Isn’t the Only Risk Associated with Medical Imaging Devices

As a patient moves down the small, loud tunnel of an MRI tube, CT scan, or other high-powered radiology device, it’s safe to assume they believe the diagnostic benefits outweigh the risk of radiation exposure (and a possible claustrophobic-induced panic attack). In fact, only after understanding – and accepting — these risks is a patient permitted to proceed with the test. But, what additional risks could you be exposing yourself to while using a diagnostic imaging device?

According to a new project being spearheaded by the National Cybersecurity Center of Excellence (NCCoE) Healthcare Sector Community of Interest, cybersecurity is now considered a significant risk associated with medical imaging that must be better understood and addressed by the healthcare sector. NCCoE has recently decided to help the sector tackle this challenge via collaboration with a select group of cybersecurity vendors.

That said, I am proud to announce that NCCoE has named Tripwire, among a handful of other security vendors, as co-collaborators that will develop an example solution for securing the medical imaging device ecosystem known as Picture Archiving and Communication Systems (PACS).

Otherwise defined by the FDA as Class II devices that provide “one or more capabilities relating to the acceptance, transfer, display, storage, and digital processing of medical images,” PACS provide diagnostic results that determine a patient’s next course of treatment and is one of several networked ecosystems critical to efficient doctor-patient workflow management within a Healthcare Delivery Organization (HDO).

The final outcome of the group’s collaboration will be delivered in the form of a multi-volume NIST Cybersecurity Practice Guide intended to “…help healthcare sector organizations implement more-secure PACS solutions through the use of stronger security controls.” Tripwire products within these solutions will play a vital role in demonstrating how organizations can reduce the likelihood of a breach, (Read more...)