Picture Archiving and Communication System (PACS) is defined by the Food and Drug Administration (FDA) as a Class II device that “provides one or more capabilities relating to the acceptance, transfer, display, storage, and digital processing of medical images. Its hardware components may include workstations, digitizers, communications devices, computers, video monitors, magnetic, optical disk, or other digital data storage devices, and hardcopy devices. The software components may provide functions for performing operations related to image manipulation, enhancement, compression or quantification.”
PACS is nearly ubiquitous in hospitals, prompting the Healthcare Sector Community of Interest to identify securing PACS as a critical need. PACS ties into doctor-patient workflow management, where results based on image interpretation determine patient next steps (e.g., determination of health condition, follow-on visits, patient care, and other actions). Therefore, PACS requires controls that provide significant integrity, availability, and confidentiality assurances.
PACS allows for remote image review, and generally has internet reachability. This exposes a threat vector that could act as a point where an attack may be performed or serve as a pivot point into an integrated healthcare information system.
The goal of this project is to provide a practical solution for securing the PACS ecosystem. The project team will perform a risk assessment, apply the NIST cybersecurity framework, provide guidance based on medical device standards and collaborate with industry and public partners. The result will be a freely available NIST Cybersecurity Practice Guide that includes a reference design and a detailed description of practical steps needed to implement the solution based on standards and best practices
Picture Archiving and Communication System (PACS) is defined by the Food and Drug Administration (FDA) as a Class II device that “provides one or more capabilities relating to the acceptance, transfer, display, storage, and digital processing of medical images. Its hardware components may include...
See full abstract
Picture Archiving and Communication System (PACS) is defined by the Food and Drug Administration (FDA) as a Class II device that “provides one or more capabilities relating to the acceptance, transfer, display, storage, and digital processing of medical images. Its hardware components may include workstations, digitizers, communications devices, computers, video monitors, magnetic, optical disk, or other digital data storage devices, and hardcopy devices. The software components may provide functions for performing operations related to image manipulation, enhancement, compression or quantification.”
PACS is nearly ubiquitous in hospitals, prompting the Healthcare Sector Community of Interest to identify securing PACS as a critical need. PACS ties into doctor-patient workflow management, where results based on image interpretation determine patient next steps (e.g., determination of health condition, follow-on visits, patient care, and other actions). Therefore, PACS requires controls that provide significant integrity, availability, and confidentiality assurances.
PACS allows for remote image review, and generally has internet reachability. This exposes a threat vector that could act as a point where an attack may be performed or serve as a pivot point into an integrated healthcare information system.
The goal of this project is to provide a practical solution for securing the PACS ecosystem. The project team will perform a risk assessment, apply the NIST cybersecurity framework, provide guidance based on medical device standards and collaborate with industry and public partners. The result will be a freely available NIST Cybersecurity Practice Guide that includes a reference design and a detailed description of practical steps needed to implement the solution based on standards and best practices
Hide full abstract
