Cyber attacks on radiological systems

Abstract

The base of today’s radiological devices are computers and networks. The radiology department has a specific way of working and there are standards such as DICOM for medical image records, PACS for archiving and communication, and HL7 for information exchange in the medical system. As radiology becomes an economically interesting branch, it becomes a target for cyber-attacks. At the same time, radiological systems contain a lot of personal data that are valuable. The reasons for the attacks are often financial gain, political, ideological or personal. The start of an attack can be physical access to radiological devices or network access. DICOM files can be the trigger of an attack. We divide attacks into those that directly affect patients, those that have an indirect impact, and those that affect the infrastructure. Well known types are Denial-Of-Service, malware, cryptographic attacks and making changes of device settings. When defending against cyber-attacks, it is important to secure communication by e-mail and to keep software updated. The IT department of the radiology department should observe accounts of all users and check the authorizations. Networks must have access restrictions according to workplaces and purposes to prevent unwanted access. Web proxy protection restricts access to Internet sites that are potentially dangerous. The basics of the department’s network, such as servers, must be physically secured from access. DICOM files should be encrypted with the most secure algorithms available. In response to cyber-attacks, it is necessary to have standard procedures and such a system must always be on standby. Known attacks on radiological systems are Kwampiris, Petja/NotPetya, Ryuk, Wannacry, Conti group and BianLian.