The following is a guest article by Jatin (JT) Thakkar, General Manager for Global Services and Solutions at Carestream
Every day patients trust their health to the care of medical providers. They also place their personal health information (PHI) in their care. Sadly, ransomware attacks on healthcare delivery organizations are increasing in frequency and sophistication. The annual number of ransomware attacks on healthcare delivery organizations more than doubled from 2016 to 2021, exposing the PHI of nearly 42 million patients, according to research published in the Journal of the American Medical Association. In the first half of 2023 alone, more than 220 cyberattacks targeted hospitals and health systems, according to the American Hospital Association.
Healthcare facilities, including radiology departments, are a desirable target for hackers because of the high volume of personally identifiable information (PII) handled daily. As imaging centers and departments generate more data, connect more devices to their networks, and expand their digital ecosystems to the cloud, they create larger attack surfaces, which provide hackers with more opportunities for intrusion.
The software applications within your imaging modalities are part of these larger ecosystems. Intrusions that come into your PACS and RIS will impact your modalities and vice versa. Case in point: In May 2021, St James’s Hospital in Dublin was one of 54 public hospitals affected when the Health Service Executive (HSE) was the victim of a cyberattack. The radiology department at St. James’s considered itself fortunate; it was without its PACS only six days. Other Irish healthcare sites were without PACS for almost five weeks.
The fight against cybercriminals is a relentless arms race and defenses vary depending on your department’s digital footprint. Although there is no silver bullet, I would like to share some recommendations specific to strengthening the defenses in the software embedded in the modalities in your imaging department.
Domain Authentication
Connecting the medical device to the domain is one way to guard against cyberattacks. This connection enables centralized user administration, shared credentials with other systems, single sign-on, multifactor authentication, and adherence to other security standards of your site.
Encryption
Utilizing technology with patient data encryption is strongly recommended to help stop cybercriminals who attempt to access this highly sensitive information. Make sure your software provides Standard Grade and Military Grade encrypted Data at Rest (DAR) and Data in Transit (DIT) protection options. This level of security helps ensure that even if a breach occurs, the patients’ data remains safe and unreadable to cybercriminals.
Continuous Monitoring
Continuous monitoring of medical imaging systems is critical to reveal possible intrusions and prevent them from doing damage. Leverage software for regular scanning for vulnerabilities and information assurance. Also, regularly monitor any notifications from security agencies such as US-CERT, Defense Information Systems Agency (DISA), and Information Assurance Vulnerability Management (ACAS).
De-Identification of Patient Files
Always keep patients’ PHI secure from cyberattacks by de-identification of patient files. Check your medical imaging software to ensure that no electronic patient health information exists in service log files. This type of software certifies that the medical imaging system can be serviced without exposing any patient data.
Stay Current with Software Upgrades
Vendors frequently update their software. Some upgrades address a known vulnerability; others incorporate stronger cybersecurity features. Be sure to install the latest version of the software.
I hope your facility is never infected with a cyberattack. Should this happen, however, you might want to read the best practices for recovering from an attack in this blog by St. James’s Hospital.
In today’s digital era where cyberthreats are constantly evolving, staying ahead of the curve in radiology cybersecurity is crucial to protect both the patients and the healthcare organizations that care for them. I hope you find these recommendations useful.
About Jatin (JT) Thakkar
Jatin (JT) Thakkar is a seasoned leader with over 20 years of experience in global service operations and strategic business transformation. In his current role as General Manager for Global Services and Solutions at Carestream, he oversees the services P&L globally across all lines of business and is responsible for development and implementation of service strategy and long-term growth plans. JT also leads the service commercialization of all products and solutions. Over his career. he has worked across all functions of customer service and successfully deployed enterprise-wide programs and globally harmonized processes to drive operational efficiency and customer value. He has been a recurring speaker for the Technical Service Professional Association and Field Service Medical and is currently on the WBR Field Service Advisory Board.
