About Us

Laser Focus World is an industry bedrock—first published in 1965 and still going strong. We publish original articles about cutting-edge advances in lasers, optics, photonics, sensors, and quantum technologies, as well as test and measurement, and the shift currently underway to usher in the photonic integrated circuits, optical interconnects, and copackaged electronics and photonics to deliver the speed and efficiency essential for data centers of the future.

Our 80,000 qualified print subscribers—and 130,000 12-month engaged online audience—trust us to dive in and provide original journalism you won’t find elsewhere covering key emerging areas such as laser-driven inertial confinement fusion, lasers in space, integrated photonics, chipscale lasers, LiDAR, metasurfaces, high-energy laser weaponry, photonic crystals, and quantum computing/sensors/communications. We cover the innovations driving these markets.

Laser Focus World is part of Endeavor Business Media, a division of EndeavorB2B.

Laser Focus World Membership

Never miss any articles, videos, podcasts, or webinars by signing up for membership access to Laser Focus World online. You can manage your preferences all in one place—and provide our editorial team with your valued feedback.

Magazine Subscription

Can you subscribe to receive our print issue for free? Yes, you sure can!

Newsletter Subscription

Laser Focus World newsletter subscription is free to qualified professionals:

The Daily Beam

Showcases the newest content from Laser Focus World, including photonics- and optics-based applications, components, research, and trends. (Daily)

Product Watch

The latest in products within the photonics industry. (9x per year)

Bio & Life Sciences Product Watch

The latest in products within the biophotonics industry. (4x per year)

Laser Processing Product Watch

The latest in products within the laser processing industry. (3x per year)

Get Published!

If you’d like to write an article for us, reach out with a short pitch to Sally Cole Johnson: [email protected]. We love to hear from you.

Photonics Hot List

Laser Focus World produces a video newscast that gives a peek into what’s happening in the world of photonics.

Following the Photons: A Photonics Podcast

Following the Photons: A Photonics Podcast dives deep into the fascinating world of photonics. Our weekly episodes feature interviews and discussions with industry and research experts, providing valuable perspectives on the issues, technologies, and trends shaping the photonics community.

Social Media

BlueskyFacebookInstagram LinkedIn • YouTube

Meet the Laser Focus World Team

Editorial

Sales

Editorial Advisory Board

  • Professor Andrea M. Armani, University of Southern California
  • Ruti Ben-Shlomi, Ph.D., LightSolver
  • James Butler, Ph.D., Hamamatsu
  • Natalie Fardian-Melamed, Ph.D., Columbia University
  • Justin Sigley, Ph.D., AmeriCOM
  • Professor Birgit Stiller, Max Planck Institute for the Science of Light, and Leibniz University of Hannover
  • Professor Stephen Sweeney, University of Glasgow
  • Mohan Wang, Ph.D., University of Oxford
  • Professor Xuchen Wang, Harbin Engineering University
  • Professor Stefan Witte, Delft University of Technology
My Watchlist
Indicators
Industrial Laser Index
Markets
Stocks
ETFs
Tools
Markets:
Overview
News
Currencies
International
Treasuries

Hacking DICOM Medical Images

By: Syndication Cloud
Medical ImagePhoto from Pexels

Originally Posted On: https://bluegoatcyber.com/blog/hacking-dicom-medical-images/

Hacking DICOM Medical Images

Digital Imaging and Communications in Medicine, or DICOM, is the industry standard for medical imaging formats. This format has expanded functionality compared to typical image formats, as it can store patient data and procedure information along with the actual image. Typically, a specialized DICOM server will parse DICM files, or a Picture Archiving and Communication System (PACS) server. This data can be passed physically on a CD or drive, or digitally via TCP. DICOM images also have support for transfer to more common image formats, such as PNG.

Hacking DICOM Images

Security researchers may not be as familiar with DICOM as with other protocols due to the narrow use cases and lack of application in day-to-day life outside of the medical field. This is a double-edged sword, as it means that hackers will typically understand it poorly, but it also means the same for defenders. The DICOM format rarely changes due to the massive overhaul that would be needed in hospitals around the world.

By nature of being used for medical imaging, DICOM files store extremely sensitive data. Regulations such as HIPAA have strict guidelines for how medical data is processed. With more well-understood formats, such as PDF or DOCX files, these guidelines may be more straightforward. This is just since far more people are comfortable with these files. DICOM files may be handled improperly far more frequently.

There are many different tools available for processing DICOM files to perform some sort of analysis. This analysis is often done on the image itself to identify potentially dangerous results, such as imaging to detect cancer. When processing like this is done, a commonly forgotten step is anonymizing data. This prevents files from being compromised and patient data from being leaked to the attackers.

A vulnerability specific to the DICOM format is preamble attacking. The DICOM preamble is a section of the file that facilitates transfers to other file formats. This is intended for transfer to other image formats, but it is possible to run executable files through DICOM images. An extremely dangerous part about this is the fact that antivirus is often told to avoid DICOM files due to the risk of PHI getting deleted. This means that attackers can often supply malware through DICOM files without getting detected.

Hacking DICOM Servers

DICOM servers are prone to a myriad of vulnerabilities and misconfigurations. Similar to many other file-share systems, data mishandling is pervasive. DICOM servers need to be well-hardened against attacks to prevent regulatory breaches. Aside from compliance problems, compromise of DICOM files can result in customer distrust. This can be damaging to the image and identity of the company.

In many cases, DICOM servers operate in a similar way to traditional web servers. This means that they are commonly associated with the same vulnerabilities that web servers are associated with. CVEs are regularly assigned to various DICOM servers as vulnerabilities are discovered. Many of these can be extremely dangerous, such as remote command execution or various buffer overflows. Not only will these vulnerabilities lead to compromise of the DICOM server, but they may lead to lateral movement into the internal network.

Misconfigurations are common in DICOM servers. DICOM servers may be exposed to the internet where attackers can attempt to interact with them. If the specific server has known vulnerabilities, this can lead to easy access to the internal network. There are rarely good reasons to expose these servers. Even if the server is fully patched, certain misconfigurations can lead to dangerous situations.

DICOM servers support queries to pass in or pull out data. This allows for seamless transfer of information within a hospital, but when servers are exposed, it may be possible for hackers to extract data. These servers commonly have no form of authentication or very weak authentication. It is often trivial for hackers to simply query the server and receive sensitive patient data.

Another flaw that may be found in DICOM servers relates to how data is processed. Some servers may be configured to pass data over plaintext. When this is the case, a hacker would just need to be in a position to sniff network traffic and they could intercept DICOM transfers and see patient data in the clear. DICOM servers should always be configured to use TLS when transferring data for maximum security.

Securing DICOM

DICOM files should be monitored for malicious preambles. The preamble will be the first bytes of the file with the first four dictating what the file is meant to be transformed to. Seeing anything besides known imaging formats should immediately set off alarms that something is off. DICOM files should also be scanned by antivirus software. To prevent patient data from being deleted, questionable files should be flagged and quarantined.

Any DICOM servers should be confined to the internal network. There will rarely be situations where it is a good idea to leak them to the open internet. Even internal servers should be fully kept up to date and transfer data over encrypted communication channels. This prevents further compromise if an attacker gets into the internal network through other means. DICOM servers should also be configured to use appropriate authentication.

Check out our medical device cybersecurity FDA compliance package.

More News

View More
3 Recession-Ready Stocks That Thrive When the Economy Sputters
Via MarketBeat
Topics Economy Energy
Tickers CHD CHE SR
3 Automation-Focused Stocks Flying Under the Radar
Via MarketBeat
Topics Artificial Intelligence
Tickers NDSN ROK SYM
Why Robinhood Stock Is Soaring—and What Comes Next
Via MarketBeat
Topics Economy
Tickers HOOD
3 High-Yields at 52-Week Lows: Buy, Sell, or Hold
Via MarketBeat
Tickers DEO FDX OKE UPS
Advance Auto Parts is A Great Risk/Reward Play If EPS Delivers
Via MarketBeat
Topics Economy World Trade
Tickers AAP
Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms Of Service.