Hackers may turn patient PHI into malware in medical image files

Jackie Drees - Print  | 

Hackers could disguise malware as patient protected health information in MRI and CT scan images saved in the digital imaging and communications in medicine file format, Bleeping Computer reports.

Three notes:

1. Markel Picado Ortiz, a software engineer at medical device cybersecurity company Cylera, researched the cybersecurity vulnerability by manipulating a DICOM format design flaw that can modify the preamble, which is the 128-byte section at the beginning of the file.

2. The DICOM files serve as an efficient place to hide malware because they appear inconspicuous to medical staff and are under HIPAA regulation, which adds "an extra degree of risk" when dealing with them, according to the report.

3. Cylera refers to malware-infected DICOM files with patient information as PEDICOM files. These files allow "attackers to effectively turn patient information into malware by embedding fully-functioning executable code into image files used by medical devices such as CT and MRI machines," Mr. Ortiz said in the Bleeping Computer report.

Mr. Ortiz concluded that while adding a malicious component into DICOM files is possible, PEDICOM files cannot be used as sole actors in a healthcare system cyberattack. The files would need to be executed by a third party, which has already accessed the specific health system, to infect HIPAA-protected data or would need to be used as part of a multi-stage malware attack, according to the report.

More articles on cybersecurity:
Hackers tried to reroute payments of 5,600 Blue Cross of Idaho members
Palmetto Health alerts 23,000 patients of phishing attack
MD Anderson appeals $4.3M HIPAA penalty

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.