How to Increase the Security of DICOM Servers


The free flow of data across health systems has the potential to revolutionize patient care. Both providers and patients benefit when departments can freely communicate with each other. More sophisticated technology is bringing health systems closer than ever to true enterprise imaging: which makes patient data available to any provider who needs it, regardless of the point of origin or access.

The potential benefits of enterprise imaging include increased efficiency, improved patient care, and more, but all these benefits come with potential risks. Health systems must balance their clinicians’ need for more access to data with increased focus on privacy and security issues. A recent report from the Massachusetts General Hospital (MGH) found that thousands of DICOM servers worldwide lack sufficient protection from external computers. Of the 2,800 vulnerable servers, 25% were completely open to computers outside the health system.

The risks of unsecured imaging data are substantial. Hackers can hold data for ransom, denial-of-service attacks can take networks offline, and patient records can be exposed.

Here are three ways to increase the security of your enterprise imaging data.

1. Cultivate a Culture of Security

The weak link in security is often not hardware or software. It’s people. Every person in a health system should be aware of security risks and responsibilities, no matter what their role.

Create a culture that’s security-conscious:

  • Promote awareness of risks and responsibilities
  • Encourage strong passwords
  • Promote good password hygiene (no giving out or writing down passwords)
  • Use two-factor authentication

2. Use Encryption for Transfers

While DICOM doesn’t mandate encryption, it does support multiple encryption methods. There are different methods available for different uses. These methods are crucial to keep third parties from accessing data in transit:

  1. For data sent via email, use Cryptographic Message Syntax (CMS).
  2. For data sent using traditional DIMSE (DICOM transfer), use Transport Layer Security (TLS).
  3. For data sent using DICOM web services, use the secure internet protocol HTTPS.

3. Use Secure Vendors

The right vendor can help your health system ensure your data is secure and help you recover it if there is a breach. McKesson Radiology(McKesson Technology Solutions is now Change Healthcare) and McKesson Cardiology™ are both designed with the latest security advancements, which makes them trusted choices for both government agencies and commercial health systems.

McKesson Medical Imaging Consulting™ can help health systems develop continuity and disaster recovery plans, which can contribute to increased security. These plans help create architectures that decrease the risk of data breach and accelerate recovery in the event of a worst-case scenario.

4. Make sure your entire infrastructure is secure

Keeping your infrastructure secure is a constant effort that begins with (but isn’t limited to) following a few simple practices:

  1. Use hardened systems.
  2. Disable default access and permissions and open each port and entry point explicitly.
  3. Avoid multipurpose use of workstations (g. reading diagnostic studies and sending/receiving email).
  4. Apply patches regularly. Define and plan dedicated timeslots for updates to guarantee continuity of service. Monitor the age of open vulnerabilities and set limits and targets.
  5. Maintain an audit log and analyze it regularly.

The future of health care relies on the free exchange of data. For clinicians and providers, the challenge is to achieve universal access without opening the door to hackers. As the report from MGH shows, health systems can still improve the security in their environments. Help make your organization secure by cultivating a culture of awareness, using DICOM-compatible encryption, partnering with trusted vendors, and following security practices.

To learn more about how Change Healthcare can help keep your imaging data secure, contact us here.

Leave a Reply