In-depth approach needed for PACS security

Erik L. Ridley
Jan 19, 2005

PACS networks must provide several levels of security to offer the best protection against external and internal attacks, according to researchers from the University of Texas M. D. Anderson Cancer Center (MDACC) in Houston.

Network security has become a mission-critical task in radiology departments, said Charles Suitor of MDACC, who spoke during a presentation at the 2004 RSNA meeting in Chicago. Even film-based departments often employ networked film printers, utilize a RIS, and transfer exams over the network; of course, filmless departments can't operate at all without the network and computers.

Often, modalities, workstations, and administrative PCs are placed on the same network. Security isn't always monitored on these devices, and even if it is, it's not always performed in the same fashion, Suitor said.

For the modalities, system configuration and software are usually handled by the vendor. Workstations are also controlled by vendors, who don't like institutions applying security patches, antivirus software, or other security methods directly to the workstation software, Suitor said. Administrative PCs, on the other hand, are typically maintained by the hospital.

Edge protection

In an edge-protection security approach, a firewall at the end of the network blocks unexpected incoming network connections. This stops many external attacks, Suitor said. It's also important to add e-mail virus scanning to block e-mail-borne viruses, the most frequent cause of attacks. But edge protection can't protect against internal attacks.

"Modality security is something that the IT industry just sort of doesn't even acknowledge," he said, adding that the industry is "pretty much completely unaware of the issues."

Imaging modality vendors are required by the U.S. Food and Drug Administration (FDA) to test their security patches before applying them to their modalities, and they have to internally define procedures for doing that, Suitor said. Modalities and workstations may not be getting the latest security patches.

"Many (vendors) just have decided that they're not going to attempt to keep up," he said. "They just want to rely on the fact that security will be provided by somebody else, or they rely on the fact that many modalities are built on Unix servers that aren't the target of frequent attack."

Modality access must be maintained to allow for image transfer and remote service, Suitor said.

Administrative PCs are often the target of worms and viruses, and have the potential to be the most vulnerable systems on the network, he said. This problem is amplified by the large number of these systems.

"Applying security patches helps protect these computers," he noted.

Internal attacks can come from infected laptops or home machines connected via virtual private network (VPN). These infections can arise from downloaded programs, CDs and other removal media, and any compromised machine beyond the firewall, Suitor said.

Defense in-depth

To guard against these attacks, institutions must adopt security in-depth, with security in place at multiple levels to ensure network integrity in the event of an attack, Suitor said.

A network segmentation approach separates devices into different subnets or virtual networks. Then, limit network conversations into and out of subnets and the network as a whole, he said.

Other internal protection approaches include using private IP addresses that are not routable to the Internet for modalities and other subnets. In addition, firewalls should be placed between internal subnets, Suitor said.

"Your average secretary's PC isn't connecting to the modalities. There's really no reason for that," he said. "And your administrative PCs generally are just client PCs, and shouldn't be acting as servers."

Individual virus protection should also be included, along with security patch management, Suitor said.

Other internal protection mechanisms include using proxy servers to limit Web downloads, and limiting access to public e-mail servers. Intrusion detection should also be employed to keep the network safe. Limit remote access and VPN connections as well, Suitor said.

The multilayered security system must include tough edge security, a segmented internal network, and a strong internal security program, he said.

By Erik L. Ridley
AuntMinnie.com staff writer
January 20, 2005

Related Reading

NEMA releases patching white paper, December 16, 2004

HIPAA, data deluge driving U.S. storage market, December 7, 2004

HIPAA security: IHE guidelines help ensure compliance, November 26, 2004

Security in the wired or wireless world: users are the weakest link, May 24, 2004

New wireless network options offer benefits, despite security concerns, April 2, 2004

Copyright © 2005 AuntMinnie.com

Latest in PACS/VNA
Business Deal Handshake
InsiteOne acquires Brit Systems
November 30, 2023
Cyber Informatics 400
What are the benefits of using an AI server downstream of PACS?
November 28, 2023
Amy Thompson of Signify Research.
Enterprise imaging: What is the market opportunity beyond radiology?
October 18, 2023
Gamingmouse
How to hack a gaming mouse for PACS: Group offers guide for rads
October 6, 2023
Related Stories
Pac
PACS/VNA
PACS technology benefits from new clinical applications
Uselectronics
PACS/VNA
U.S. Electronics
Storagetek
PACS/VNA
StorageTek
Stentor
PACS/VNA
Stentor
More in PACS/VNA
InsiteOne acquires Brit Systems
By AuntMinnie.com staff writers
Cloud-based clinical image management company InsiteOne will acquire BRIT Systems.
November 30, 2023
Business Deal Handshake
What are the benefits of using an AI server downstream of PACS?
By Liz Carey
Funneling image studies through a private AI server creates opportunities for big data research and speeds AI analysis time to reporting.
November 28, 2023
Cyber Informatics 400
Enterprise imaging: What is the market opportunity beyond radiology?
By Amy Thompson
Amy Thompson of Signify Research assesses the future prospects for the enterprise imaging market.
October 18, 2023
Amy Thompson of Signify Research.
How to hack a gaming mouse for PACS: Group offers guide for rads
By Will Morton
High-performance gaming mice offer radiologists multiple custom buttons and superior tracking features that can streamline radiology tasks.
October 6, 2023
Gamingmouse
Sectra posts growth in net sales, revenue in Q1
By AuntMinnie.com staff writers
Enterprise imaging firm Sectra reported strong net sales and revenue growth in the first quarter of 2023, citing deployment of it cloud services for diagnostic imaging.
September 4, 2023
2020 02 20 17 57 8385 Sectra Rsna 2019 400
Rad AI to launch its Omni Reporting software
By AuntMinnie.com staff writers
Rad AI plans to formally launch its Omni Reporting software on September 27.
August 21, 2023
2018 08 01 23 13 1733 Artificial Intelligence Ai 400
Qure.ai and xWave establish strategic partnership
By AuntMinnie.com staff writers
Radiology AI software developer Qure.ai and xWave Technologies have established a strategic partnership focused on improving radiology workflows.
August 15, 2023
2022 06 28 17 16 2885 Hands Shaking3 20230509203239
Sectra inks $227M deal with U.S.-based health system
By AuntMinnie.com staff writers
Enterprise imaging firm Sectra said it has inked a deal valued at $227 million to provide its Sectra One Cloud subscription service for diagnostic imaging to a large U.S.-based health system.
August 15, 2023
2020 02 20 17 57 8385 Sectra Rsna 2019 400
US Radiology Specialists begins recruiting for Connexia
By AuntMinnie.com staff writers
US Radiology Specialists is beginning recruitment for US Radiology Connexia, the company's new teleradiology organization.
August 14, 2023
2022 07 06 17 35 0405 Computer Doctor Patient Video 400
Segmed platform passed 100M studies
By AuntMinnie.com staff writers
Data management vendor Segmed said its Insight cloud-based platform has now surpassed 100 million imaging studies
August 13, 2023
2020 01 28 20 45 5229 Cloud Computing Laptop 400
Radsource deploys 10 new ProtonPACS
By AuntMinnie.com staff writers
Radsource completed 10 installations of its ProtonPACS software for new customers in the second quarter of 2023, the company said.
August 9, 2023
2016 08 24 09 43 13 537 Hands Shaking V3 400
Amazon Web Services releases imaging data platform
By AuntMinnie.com staff writers
Amazon Web Services has launched an imaging data platform for storing, accessing, and analyzing medical images at petabyte scale.
July 25, 2023
2020 01 28 20 45 5229 Cloud Computing Laptop 400
Page 1 of 775
Next Page