Many institutions have implemented radiology systems such as PACS and RIS that utilize vulnerable protocols -- unencrypted HL7 and DICOM -- due to the false assumption that a hospital network is "secure" and encryption is, therefore, unnecessary, according to presenter Dr. David Harvey of U.K. software developer and consulting firm Medical Connections.
In his presentation, Harvey will point out how easy it is to gain access to a hospital network -- especially in radiology. He will also share how easy it is to use HL7 and DICOM to access protected health information, as well as how intruders can implant false and malicious data into a PACS or overwhelm a system and prevent legitimate use.
There are some potential solutions, however. The DICOM standard has defined how to protect communications using encryption for nearly 20 years, Harvey said. In addition, the Integrating the Healthcare Enterprise (IHE) initiative has required systems to use such encryption at IHE Connectathons for more than 15 years, so virtually all vendors can support it.
"But very few institutions bother to demand and use [encryption]," Harvey said. "Users need to insist that it be enabled and required in their own systems."
Take in this late-morning talk on Monday to learn how your institution can help ward off cybersecurity threats in radiology.