The picture archiving and communication system (PACS) is an ecosystem that stores images that are gathered from medical imaging technology. This ecosystem offers a convenient platform where medical providers can store and access these vital images. However, this ecosystem is vulnerable to cyberattacks.
In order to provide protection for this confidential data, the NIST National Cybersecurity Center of Excellence recently released proposed guidance to assist healthcare delivery organizations with securing their picture archiving and communication systems. In addition, they also released a project aimed at providing an example solution for building stronger security controls.
The guidance material called, Securing Picture Archiving and Communication System, includes aspects that help health organizations design an approach, architecture, and security elements for the PACS ecosystem, including easy-to-follow how-to guidance.
The Evolution of Digital Capabilities
As image-making technologies have taken a gigantic leap over the last decade, now confidential data and vital imaging are uploaded in a digital format by providers across the globe. This adds a huge level of convenience and gives providers the ability to easily store and share this content. The systems that house these images and data are typically stored in image-intensive areas like the radiology department and are also uploaded to each patient’s electronic health record (EHR).
But as this process adds easier accessibility and organization in a digital format, including limiting the time to takes for doctors to make a diagnosis, the technology has also opened the door to more cyber threats. And many medical providers struggle with auditing user accounts and monitoring them properly to suspect any abnormal behavior. Medical providers also struggle with ensuring that data moves safely across the network and also with monitoring access by its users, which can lead to a drop in system performance.
Goals of the Project
With the project set forth by the NIST National Cybersecurity Center of Excellence, their goals include the following:
- Identify who uses the PACS systems
- Determine the process between the user and system
- Perform a risk assessment
- Identify appropriate mitigating security tools
- Design an example solution
The ultimate goal here is to assist provider organizations with reducing the chance of a cyber breach or substantial data loss, while also minimizing any disruptions with their systems. This also puts emphasis on enabling quick access to imaging and important data without this confidential data becoming vulnerable to an attack, which also offers peace of mind for patient privacy.
Broad Capabilities Equals Broad Threat Landscape
So what makes these systems so vulnerable? This occurs from the broad capabilities of this technology. The PACS connectivity of the ecosystem works with a variety of different technologies that include medical imaging devices and other systems that help to manage and maintain archives of medical images. The role of PACS is to interact with medical imaging devices, connect with other clinical systems, and allow users from multiple locations to review images that lead to faster and higher quality patient care.
With such a broad spectrum of capabilities involved with the PACS ecosystem, the means a broad landscape for threat.