Friday, September 27, 2019

Widespread lack of security found in medical imaging archiving systems

PARCA eNews – Sept. 17, 2019 – Millions of medical images are vulnerable to hackers according to a joint report by ProPublica and Bayerischer Rundfunk, a public broadcaster in Munich Germany.

The joint research project identified 187 servers used to store and retrieve medical data in the US that were unprotected by passwords or basic security precautions. The computer systems from Florida to California were primarily used by doctor’s offices, medical imaging centers and mobile x-ray services.

The security on these servers was found to be so lax that Jackie Singh, a cybersecurity expert said it didn’t even require hacking to view images on some of the servers.

Blockchain: What is it, how will it be used in healthcare and medical imaging?

Woojin Kim, MD, is a diagnostic radiologist with fellowship training in musculoskeletal radiology and imaging informatics. As an entrepreneur, he co-founded Montage Healthcare Solutions, a healthcare search and analytics company that provided enterprise search and data mining within healthcare systems for clinical decision support, research, business intelligence & business analytics, and clinical quality analytics. When the company was acquired by Nuance Communications in 2016, Kim became Chief Medical Information Officer for Nuance Communications. A recognized expert in imaging informatics with a focus on healthcare search, data mining, business intelligence and analytics, clinical quality analytics, blockchain, and machine learning/deep learning. He serves on the Board of Directors for the Society of Imaging Informatics in Medicine (SIIM) and is a much sought-after speaker for imaging informatics and blockchain technology with more than 170 abstracts, presentations, and talks. He spoke with PARCA eNews by phone about blockchain in healthcare.

Senate Bill maintains ban on unique patient identifier

PARCA eNews – Sept. 26, 2019 – The ban on a national patient identifier is expected to continue for at least another year. 

The ban first placed on the Health and Human Services in 1999, has been extended in the Senate version of the bill funding Departments of Labor, Health, and Human Services, and Education through September 2020. 

Account Takeover email attacks on the rise

PARCA eNews – Aug. 15, 2019 – A number of cybersecurity companies are warning that the use of email account takeover is a rising security threat. 

Agari a cybersecurity company specializing in email cyber threats issued a report in April 2019 showing a 126 percent increase month to month in targeted email attacks that exploit account takeover tactics since the beginning of 2018.

Survey finds cyber risk prioritization but lower confidence in resilience

PARCA eNews – Sept. 19, 2019 – While companies have prioritized cybersecurity to a greater degree over the past two years, confidence in their ability to to manage cyber risk has declined, according to a report by Marsh and Microsoft.

The 2019 Global Cyber Risk Perception Survey released Sept. 18, 2019, is based on a biennial survey of business leaders from a range of countries and industries including healthcare, to assess the cyber risk perceptions and risk management have shifted over time.

Hackers target healthcare info that can be monetized

PARCA eNews – Sept. 24, 2019 – A total of 169 million Americans had personal information compromised in 1,461 data breaches at healthcare organizations over the last 10 years, a news study shows.

The study in the Sept. 24, 2009 Annals of Internal Medicine analyzed healthcare data breaches that occurred between October 2009 and July 2019 that impacted more than 500 individuals and were reportable incidents under the HIPAA and HITECH Act.

Thursday, September 26, 2019

DICOM Cyber security threats: Myths and Truths.

by Herman Oosterwijk

A report by Cylera labs identified a potential cyber security threat in DICOM files that are exchanged on media such as CD, DVD, flash or through email, as well as through DICOM web service communications (DICOMWeb).

The threat was taken seriously enough by the DICOM committee that it issued a FAQs document to address this potential issue. This threat exploits the additional header that is created for media, email and web exchange. Before discussing the potential threat and what to do about it, let’s first discuss what this header looks like and how it is used.