"NIST Shares Best Practice Security Guidance for Vulnerable PACS"

The National Institute of Standards (NIST) released cybersecurity guidance for the Picture Archiving Communication System (PACS), which manages medical images. PACS enables the acceptance, transfer, display, storage, and digital processing of medical images. PACS servers are widely used in healthcare delivery organizations. However, reports have revealed that the vulnerabilities contained by PACS have led to the exposure of millions of medical images. One of the vulnerabilities includes the use of the DICOM protocol, which has flaws that could allow attackers to hide malware in medical images and infect patient data. NIST Special Publication (SP) 1800-24 addresses these security risks and provides guidance to help healthcare providers organizations strengthen the security of their PACS and DICOM technologies and prevent patient data exposure. The NIST guide was built through a risk assessment of PACS based on NIST standards. NIST's National Cybersecurity Center of Excellence (NCCoE) also developed an example implementation that demonstrates how healthcare entities can use standards-based, commercially available technologies to bolster the PACS ecosystem's security. This article continues to discuss the cybersecurity guidance released by NIST for PACS, the flaws in this technology, and how securing PACS presents challenges. 

HealthITSecurity reports "NIST Shares Best Practice Security Guidance for Vulnerable PACS"