Thu. Mar 28th, 2024

Content Assessment: NIST on Cybersecurity for the Healthcare Sector - Picture Archiving and Communication System Security

Information - 95%
Insight - 95%
Relevance - 90%
Objectivity - 100%
Authority - 100%

96%

Excellent

A short percentage-based assessment of the qualitative benefit of the recent publication from NIST highlighting cybersecurity in the health sector regarding picture and communication system security.

Editor’s Note: Taken directly from the National Institute of Standards and Technology (NIST) and its National Cybersecurity Center of Excellence (NCCOE), the following information is provided to highlight considerations for Securing Picture Archiving and Communication Systems (PACS) in the healthcare sector. This new cybersecurity-centric practice guide defines and demonstrates how organizations may implement solutions to mitigate cybersecurity and privacy risks and presents reference architecture that features technical and process controls to implement including a defense-in-depth solution, access control mechanisms, and a holistic management approach.

According to the new practice guide, PACS cannot operate in isolation and the overall PACS ecosystem consists of diverse technologies that include medical imaging devices, patient registry systems, and worklist management systems. PACS also rely on systems to manage and maintain medical image archives, which may include cloud storage capabilities. The primary role of PACS is interaction with disparate medical imaging devices, interconnectivity with other clinical systems, and allowing a geographically and organizationally diverse team of healthcare professionals to review medical images to provide quality and timely patient care. Therefore, the threat landscape is broad and allows for a large attack surface.

Extract from NIST Special Publication 1800-24A

Securing Picture Archiving and Communication Systems (PACS): Cybersecurity in the Healthcare Sector

Abstract

Medical imaging plays an important role in diagnosing and treating patients. The system that manages medical images is known as the picture archiving communication system (PACS) and is nearly ubiquitous in healthcare environments. PACS is defined by the Food and Drug Administration (FDA) as a Class II device that “provides one or more capabilities relating to the acceptance, transfer, display, storage, and digital processing of medical images.” PACS centralizes functions surrounding medical imaging workflows and serves as an authoritative repository of medical image information.

PACS fits within a highly complex healthcare delivery organization (HDO) environment that involves interfacing with a range of interconnected systems. PACS may connect with clinical information systems and medical devices and engage with HDO-internal and affiliated health professionals. Complexity may introduce or expose opportunities that allow malicious actors to compromise the confidentiality, integrity, and availability of a PACS ecosystem.

The NCCoE at NIST analyzed risk factors regarding a PACS ecosystem by using a risk assessment based on the NIST Risk Management Framework. The NCCoE also leveraged the NIST Cybersecurity Framework and other relevant standards to identify measures to safeguard the ecosystem. The NCCoE developed an example implementation that demonstrates how HDOs can use standards-based, commercially available cybersecurity technologies to better protect a PACS ecosystem. This practice guide helps HDOs implement current cybersecurity standards and best practices to reduce their cybersecurity risk and protect patient privacy while maintaining the performance and usability of PACS.


Complete Publication on Securing Archiving and Communication Systems: Cybersecurity in the Healthcare Sector

NIST.SP.1800-24

Read more on Cybersecurity from NIST

Additional Reading

Source: ComplexDiscovery

 

Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude, Midjourney, and DALL-E, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).

ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on ComplexDiscovery.com. By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.

 

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.

ComplexDiscovery OÜ is a highly recognized digital publication focused on providing detailed insights into the fields of cybersecurity, information governance, and eDiscovery. Based in Estonia, a hub for digital innovation, ComplexDiscovery OÜ upholds rigorous standards in journalistic integrity, delivering nuanced analyses of global trends, technology advancements, and the eDiscovery sector. The publication expertly connects intricate legal technology issues with the broader narrative of international business and current events, offering its readership invaluable insights for informed decision-making.

For the latest in law, technology, and business, visit ComplexDiscovery.com.