M e d i c a l P hy s i c s a n d I n f o r m a t i c s • R ev i ew

Desjardins et al.
Hacking of DICOM Images

Medical Physics and Informatics

Review
Downloaded from www.ajronline.org by 87.116.181.90 on 01/25/25 from IP address 87.116.181.90. Copyright ARRS. For personal use only; all rights reserved

FOCUS ON:

DICOM Images Have Been Hacked!

Now What?
Benoit Desjardins1 OBJECTIVE. As health care moves into a new era of increasing information vulnerability,
Yisroel Mirsky 2,3 radiologists should understand that they may be using systems that are exposed to altered data or
Markel Picado Ortiz 4 data that contain malicious elements. This article explains the vulnerabilities of DICOM images
Zeev Glozman5 and discusses requirements to properly secure these images from cyberattacks.
Lawrence Tarbox 6 CONCLUSION. There is an important need to properly secure DICOM images from
attacks and tampering. The solutions described in this article will go a long way to achiev-
Robert Horn7
ing this goal.
Steven C. Horii1
early every day in the news, radi- ment, hasty connectivity resulting from mean-

N
Desjardins B, Mirsky Y, Picado Ortiz M, et al.
ologists hear about the latest ingful use requirements [13], and an epidemic
companies that have had their of vulnerabilities. Vulnerabilities were found
private data breached by hackers in computers, networks, medical devices, and
[1–3]. Exposure of such data to the world can humans. Until recently, radiologic images had
lead to possible identity theft, fraud, and mil- not yet been the target of any major attack, de-
lions of dollars in litigation costs resulting spite their known vulnerabilities [14]. Then, in
from class action lawsuits by aggressive law March and April of 2019, two major exploits
Keywords: confidentiality, DICOM, encryption, integrity,
mitigation, security, vulnerabilities firms and disgruntled victims of the breach. of the DICOM radiologic imaging standard
Many of these breaches involve medical re- were reported [15, 16]. These exploits serve to
doi.org/10.2214/AJR.19.21958 cords. In the past 10 years, almost 3000 emphasize the importance of addressing secu-
breaches, each involving more than 500 rity concerns with DICOM images.
Received July 4, 2019; accepted after revision
October 14, 2019.
medical records, have occurred in the United In this article, we introduce radiologists
States, with these breaches mostly caused by to the basic elements of DICOM images and
1
Department of Radiology, University of Pennsylvania, hacking [4–7]. For example, the 2015 breach DICOM servers (e.g., PACS) used in radiol-
3400 Spruce St, Philadelphia, PA 19104. Address of Anthem, a U.S. medical insurance compa- ogy, discuss the basic elements of security,
correspondence to B. Desjardins ([email protected]).
ny, potentially exposed the medical records vulnerabilities, and attacks, and suggest so-
2
Department of Software and Information Systems of 78 million Americans and led to a $115 lutions. This article was written by radiolo-
Engineering, Ben-Gurion University of the Negev, million settlement [8]. gists, top cybersecurity experts, and DICOM
Beersheba, Israel. Radiologists also hear about ransomware, security leaders. The information technology
3
which is software that hackers use to hold hos- (IT) issues are addressed at a technical level
Institute for Information Security & Privacy, Georgia
Institute of Technology, Atlanta, GA.
tage the data of hospitals, companies, and lo- appropriate for the radiology community at
cal government until money is paid to recov- large, so that this community is made aware
4
Cybersecurity Laboratories, Cylera, New York, NY. er access to the data. The city of Baltimore of this new and growing era of digital war-
5
was recently victim of a ransomware attack, fare and its implications for their daily prac-
Brainlab AG, Munich, Germany.
leading to massive disruption in daily mu- tice. Appendix 1 includes definitions of the
6
Department of Biomedical Informatics. University of nicipal business [9]. In May and June of 2017, technical terms used in the article. Although
Arkansas for Medical Sciences, Little Rock, AR. the ransomware Wannacry [10] and NotPetya DICOM data are subject to the same general
[11] spread through thousands of institutions vulnerabilities as other types of data, this ar-
worldwide, including many hospitals, causing ticle strictly focuses on vulnerabilities lim-
7
Fairhaven Technologies, Maynard, MA.

This article is available for credit. a total of $18 billion dollars in damages. ited to the nature of DICOM data and their
In June 2017, a U.S. government task force transmission on networks. We will answer
AJR 2020; 214:727–735 issued its report on the status of cybersecu- the following questions: What are the vul-
0361–803X/20/2144–727
rity in health care in the United States [12]. nerabilities of DICOM images? What is re-
The report revealed a critical situation, which quired for security? How much security is
© American Roentgen Ray Society showed a lack of security talent, legacy equip- currently built into the DICOM standard?

AJR:214, April 2020 727

 Desjardins et al.

Fig. 1—DICOM standard. Schematic

shows that DICOM object includes
public and private attributes, followed
by pixel imaging data. Stored format of
attribute includes tag (n, m), data type,
data length, and value. There are typically
approximately 100–200 such DICOM
attributes per image. DICOM message
Downloaded from www.ajronline.org by 87.116.181.90 on 01/25/25 from IP address 87.116.181.90. Copyright ARRS. For personal use only; all rights reserved

is how DICOM object is transmitted over

network (data in motion). It includes
commands (e.g., C-STORE, which
translates to “store this object”) and
DICOM object. DICOM file is how DICOM
object is stored on media (data at rest).
It includes 128-byte preamble, indicator
DICM, and DICOM object. Preamble
is usually empty but can be used by
non-DICOM software to point to alternate
non-DICOM versions of image.

What security features are missing? What represents an image. A DICOM object in- age), imaging parameters (e.g., slice thick-
are the risks and potential attacks? How can cludes public and private imaging attributes, ness and numbers of rows and columns), and
we make DICOM more secure? followed by pixel data [17]. The public attri- patient parameters (e.g., name, age, sex, and
butes contain imaging device parameters (e.g., identifiers). The public attributes can be un-
DICOM Standard name of device, radiation dose, and tube volt- derstood by most devices. A DICOM object
In the 1980s, the American College of Ra-
diology and the National Electrical Man-
ufacturers Association joined forces to
develop a standard for radiologic image stor-
age and transmission that enabled integra-
tion among imaging devices, data archives,
PACS, workstations, printers, and other sys-
tems produced by multiple manufacturers.
Early versions of the standard were released
in 1983 and 1985 and have been continuous-
ly refined since then. This standard is called
DICOM (Digital Imaging and Communica-
tions in Medicine) [17, 18]. DICOM speci-
fies how images are transmitted on networks
between devices and how images are stored Fig. 2—DICOM server. Schematic shows DICOM server, computers that can exchange and store DICOM
on portable media such as CDs [17]. DICOM objects. Server offers DICOM service, which is software that can send and receive DICOM messages. Such
service runs via specific computer ports (i.e., communications channels). Two main unsecured DICOM services
does not specify how images are stored in- are known as acr-nema (port 104) and dicom (port 11112). These services can be queried by hackers. These
ternally within archives or devices. Some ba- services send and receive unencrypted DICOM messages that can be intercepted and read by hackers.
sic security features have been added to the Secured DICOM service is known as dicom-tls (port 2762), which uses Transport Layer Security (TLS) for
standard, starting in 1999 [19]. negotiations, authentication, and encryption. This service cannot be queried by hackers because it uses
strong authentication mechanisms. This service sends and receives encrypted DICOM messages that cannot
The basic element of the DICOM standard be read by hackers. However, this is only true for manufacturers that have chosen to implement its strong
is the DICOM object (Fig. 1), which ­typically authentication and encryption features. Arrows show direction of data transmission.

728 AJR:214, April 2020

 Hacking of DICOM Images

Fig. 3—Illustration of main terms

involved in confidentiality and integrity.
Arrows show direction of data
transmission.
A, Key is long number, generalization
of password. Schematic shows
examples of 1024-bit RSA (Rivest-
Shamir-Adleman) private and public
Downloaded from www.ajronline.org by 87.116.181.90 on 01/25/25 from IP address 87.116.181.90. Copyright ARRS. For personal use only; all rights reserved

keys, as stored on computer. RSA

is popular encryption algorithm
used to protect web [35]. Certificate
is endorsed copy of public key or
electronic document containing public
key and officially proving its ownership.
It includes serial number, period of
validity, user identification, public key,
and identification and signature of
certification authority. RSA public key
inside this certificate is represented
by modulo and exponent, which are
alternate way to represent public key.
B, Hash is fixed-size number generated
by mathematic function. Hash is used to
assess integrity. Schematic shows 160-
bit hash produced by SHA-1 (Secure
Hash Algorithm 1) hash function on
random DICOM file. SHA-1 is popular
hash function used by DICOM and
most of web [36]. Digital signature is
simply encrypted hash. It is used to
assess integrity and for authentication.
It indicates that owner of that public
key encrypted that hash with his or her
private key. Hash shown was encrypted
by RSA algorithm to generate digital
signature.

A B

typically also includes manufacturer-specific that enables the computer to send and receive Confidentiality is protected by encryption
private attributes. DICOM images using a specific communi- (Fig. 4), a mathematic transformation of data
DICOM objects are transmitted on net- cation protocol defined in the DICOM stan- to make it unreadable to everyone except its
works (data in motion) as DICOM messages dard. A server that does not run a DICOM intended recipient. Encryption involves an al-
(Fig. 1), which comprise a DICOM command service simply cannot receive DICOM im- gorithm and one or more keys. A key is simply
set and a DICOM object. The command set ages via the DICOM communication proto- a long number, a generalization of the concept
includes basic operations such as “store an im- col. All imaging devices also have computers of a password. There are two types of encryp-
age,” so devices can be instructed what to do with DICOM client software that can send tion: symmetric and asymmetric. Symmetric
with the DICOM object that they receive. images to a DICOM server. encryption involves very fast algorithms and a
DICOM objects are stored on media (data single key shared between the source and re-
at rest) as DICOM files (Fig. 1), which in- Basic Security Concepts cipient of the data. The same key is used for
clude a header and a DICOM object. The The main objectives of information securi- encryption and decryption. Involved parties
header includes a 128-byte preamble, the ty are known as the CIA triad. CIA is an ac- must find a way to privately share that key be-
label DICM, and a few extra DICOM attri- ronym for confidentiality, integrity, and avail- fore exchanging any encrypted data. Asym-
butes. The preamble is usually empty and is ability [20]. The main concepts discussed in the metric encryption involves slower algorithms
used by non-DICOM software to help it read following sections are illustrated in Figure 3. with two mathematically related keys: a pri-
a DICOM image or provide a pointer to an vate key kept by a user and a public key shared
alternative image. DICOM objects stored on Confidentiality with the world. Either of the two keys is used
PACS and archives may use the DICOM file Confidentiality is the assurance that infor- for encryption, and the other key is used for
standard or other storage standards. mation has not been disclosed to unauthorized decryption. To send confidential data securely
DICOM servers (Fig. 2) are computers entities. This is important given that radiologic to a recipient, the sender encrypts it with the
that run a DICOM service, which is software images contain protected health information. public key of the recipient, and the recipient

AJR:214, April 2020 729

 Desjardins et al.

Fig. 4—Schematic of implementation of

confidentiality by encryption, which involves use
of keys for encrypting and decrypting data. Arrows
show direction of data transmission.
A, Symmetric encryption involves single key used for
both encryption and decryption. Sender has copy of
key for encryption, and recipient has copy of same
key for decryption. They must find way to privately
Downloaded from www.ajronline.org by 87.116.181.90 on 01/25/25 from IP address 87.116.181.90. Copyright ARRS. For personal use only; all rights reserved

share that key before exchanging any encrypted data.

B, Asymmetric encryption involves two
A mathematically related keys: private key that is not
shared and public key that is easily shared with
world. To securely send data to recipient, sender
encrypts it with widely available recipient’s public
key and recipient decrypts it with his or her private
key. Parties do not need to privately share key before
exchanging any encrypted data as recipient’s public
key is widely available.

decrypts it with his or her private key. Sym- Availability ed hashes are used to maintain integrity. TLS
metric encryption is thousands of times faster Availability is a guarantee of reliable ac- was not developed by DICOM WG-14, but it is
than asymmetric encryption. cess to the information by authorized people. a standard that is widely used in Internet com-
For example, access to radiologic images can munications (often when “https://” is used).
Integrity be blocked by ransomware. Availability is
Integrity is verification that data have not assured by multiple layers of system defenses Digital Signatures
been altered and that no tampering of an im- established to prevent ransomware from tak- Digital signatures described in the previ-
age has occurred. Integrity is confirmed using ing over these systems and holding the data ous section have been introduced in the DI-
digital signatures (Fig. 5), which are a com- hostage and by redundancy (e.g., backups). COM standard. They are computed for entire
bination of a mathematic transformation of or partial DICOM objects to confirm their in-
data generating a fixed-size long number (i.e., Security Features in the DICOM tegrity and identify who created them. This
a hash), followed by asymmetric encryption of Standard has largely been ignored by manufacturers
that hash, which generates a digital signature. At present, DICOM has 32 working and has not been implemented.
Any variations in the data result in a differ- groups focusing of improving different as-
ent hash, and any variation in the key used to pects of the standard (e.g., Computed To- Security of DICOM Files on Media and in E-Mails
encrypt it results in a different digital signa- mography, Magnetic Resonance, 3D, Phys- Basic security for DICOM files on media
ture. When a sender transmits data to a recipi- ics, Security, and others). DICOM working and in e-mails has been introduced in the
ent and the recipient wants to confirm the in- group 14 (WG-14) handles all aspects related DICOM standard. This uses encryption of
tegrity of the data received, the sender applies to DICOM security, which are found in part DICOM files and specifies the proper han-
the hash function to the data, and the result- 15 of the DICOM standard [17, 19]. Three dling of keys. It has largely been ignored by
ing hash is encrypted with the sender’s private main security features are currently includ- manufacturers and not implemented.
key to produce a digital signature. This digital ed in the DICOM standard by WG-14: secure Security features such as encryption and
signature is transmitted to the recipient, who transmission, digital signatures, and security digital signatures require a system of keys and
decrypts it using the sender’s public key. The of DICOM files on media and in e-mails. certificates that are difficult to manage and re-
recipient also applies the same hash function quire substantial overhead and infrastructural
to the data received. If the result is identical to Secure Transmission complexity. These are the main reasons that
the sender’s decrypted digital signature, this Protocols for secure transmission have such security features have not been imple-
confirms the integrity of the data. been introduced in the DICOM standard. mented by manufacturers. A secure server con-
The concept of integrity also includes au- With time, nearly all have been retired, but taining the keys must be deployed, which will
thentication, which is the assurance that in- one strong protocol remains: transport layer maintain the keys in perpetuity. Two sets of or-
formation is from the source from which security (TLS) (Fig. 2). TLS involves a com- ganizational problems need to be addressed:
it claims to originate. Authentication uses bination of slow, asymmetric encryption for how to store, acquire, and recover keys and how
a digital signature, often in tandem with a negotiating the connection, authenticating the to authenticate people requesting keys.
digital certificate, which is an endorsed ver- parties, and exchanging a shared key and fast The DICOM standard never enforces se-
sion of the sender’s public key from a central symmetric encryption using the shared key curity; it only provides for it. Manufactur-
certifying authority. The digital signature for exchanging the DICOM messages [21]. ers are free to implement parts of the stan-
proves that the owner of the public key is the Certificates for connection guarantee authen- dard as they see fit. Once implemented, these
true source of the data, and the certificate of- tication of the involved parties. Encryption is parts must be used to be effective. There are
ficially confirms who that owner is. used to maintain confidentiality, and encrypt- parts of DICOM that must be implemented,

730 AJR:214, April 2020

 Hacking of DICOM Images

Fig. 5—Schematic of implementation of concepts of

integrity and authenticity using digital signatures.
Sender transmits DICOM object to recipient.
Recipient would like to confirm integrity of received
object. Sender applies hash function to object, and
resulting hash (Hash1) is encrypted with sender’s
private key to generate digital signature. This digital
signature is securely transmitted to recipient, who
Downloaded from www.ajronline.org by 87.116.181.90 on 01/25/25 from IP address 87.116.181.90. Copyright ARRS. For personal use only; all rights reserved

decrypts it using sender’s public key. Recipient

also applies same hash function to received DICOM
object, producing hash (Hash2). If this hash is
same as decrypted digital signature, this confirms
integrity of DICOM object. Two different objects
have only one chance in 2160 of producing same
160-bit hash illustrated in Figure 3. If hashes are
same, digital signature also authenticates sender
because sender’s public key was correct key capable
of decrypting digital signature. Certificates can
also be used in tandem with digital signatures for
authentication because they confirm whether sender
really owns that specific public key. Arrows show
directions of data transmission.

such as the low-level communications proto- vulnerabilities and proof-of-concept attacks connection, and 750 were open to discovery
col. Most DICOM images contain no inher- performed by security researchers. of patient information.
ent security. Instead, they depend on the se- In 2018, a researcher from the security com-
curity of institutional networks and archives Data Access Attacks pany McAfee used an Internet scanning tool
for protection from attacks. The security of The networks of several hospitals are known as Shodan to find unprotected DICOM
these networks and archives can fail, open- poorly protected and can be accessed from servers all over the world [24]. He found more
ing the door to attacks on DICOM images. the outside [22]. In 2017, a group at Mas- than 1100 such servers directly connected to
sachusetts General Hospital scanned the the Internet without any protection. Most of
Recent Attacks and Vulnerabilities entire Internet address space (4 billion ad- them were located in the United States. He was
At the time of the writing of this article, dresses) in 22 hours to identify unprotect- able to retrieve DICOM images and was even
four important attacks involving radiologic ed DICOM servers (Pianykh OS, Radiolog- able to print a 3D model of someone’s pelvic
images had been reported in the literature: ical Society of North America 2017 annual bones by using the accessed data.
two of them were access attacks, and the oth- meeting) [23]. They found 2782 unprotected
er two were data injection attacks. Note that servers across the globe, most of them lo- Other Data Access Vulnerabilities
none of these attacks were performed by ne- cated in the United States. Of these servers, Even if a hospital network is well protected
farious agents but, rather, involved reports of 821 of these systems were open to a DICOM from the outside, a hacker can easily enter a

Fig. 6—Creation of fake lung nodules on DICOM

images.
A and B, Original DICOM image (A) and modified
DICOM image with fake lung nodules added (B) show
result of hijacked transmission of DICOM messages
between scanner and PACS. Deep learning was
used to either add or remove lung nodules on DICOM
images. Almost all radiologists who examined
these tampered images were fooled by their altered
content.
A B

AJR:214, April 2020 731

 Desjardins et al.

Fig. 7—Format of PE-DICOM file (with “PE” denoting

Windows portable executable file) after injection
with malware. Schematic shows formats of original
DICOM file (left) and PE-DICOM file (right). In
PE-DICOM file, 128-byte preamble is replaced by
official DOS header at beginning of every PE file. This
header points to actual malware code included in
private attributes. Indicator DICM, public attributes,
Downloaded from www.ajronline.org by 87.116.181.90 on 01/25/25 from IP address 87.116.181.90. Copyright ARRS. For personal use only; all rights reserved

and image pixel data are untouched and are only

shifted if necessary.

hospital and connect a laptop to the hospital In April 2019, a security researcher de- Other Data Injection Vulnerabilities
network via any standard Ethernet jack. From veloped a technique to hide malware with- There are many additional injection vulnera-
there, simple queries can be executed to re- in DICOM files [16, 26–28] (Fig. 7). He did bilities that can affect DICOM objects, DICOM
trieve DICOM files from DICOM servers and this by misusing the DICOM file preamble, files, and DICOM messages. Identity spoofing
archives. Some hospitals restrict such queries which is used to make DICOM images un- involves modification of the public attributes
to well-identified destinations associated with derstandable to non-DICOM imaging soft- of a DICOM object to change the name and
legitimate users using specific parameters, but ware [29]. The preamble is a useful feature, identifiers of a patient and send the file to the
these parameters are easy to spoof [25]. but it can be exploited. He created the PE- wrong record. A denial-of-service attack sends
DICOM hybrid format (with “PE” denoting millions of DICOM messages to overwhelm a
Data Injection Attacks a Windows portable executable file) by re- DICOM server, leading to denial of service. A
In March 2019, a security researcher showed placing the 128-byte preamble with a head- buffer overflow sends corrupted DICOM mes-
how an attacker can use deep learning to auto- er capable of executing code and then re- sages to overfill the server memory space re-
matically inject or remove abnormal findings on placing or creating private attributes in the served to receive them, leading to potential
CT and MRI scans in DICOM messages during DICOM file with malware code. The pub- well-known buffer overflow attacks [30] that
transfer from the scanner to the PACS [15] (Fig. lic attributes and the imaging data were can take full control of a workstation. Finally,
6). The attack used two deep neural networks: untouched. The modified file behaved as a there is CD autoload tampering, which modifies
one for injection and the other for removal. The regular DICOM file; it could be read by a autoloading code on a CD with DICOM files to
realism of the altered images fooled 99% of ra- PACS and workstation, displaying its im- take over a computer when the CD is loaded on
diologists who reviewed the images. Although aging data with no evidence of corruption. a computer in a physician’s office.
deep learning has been used in the past to gen- However, when executed from the Windows
erate fake videos and imagery, this was the first command prompt, malware code was exe- Mitigations of Vulnerabilities
time it had been used in the medical domain to cuted, leading to compromise of the com- The recent DICOM attacks performed by
secretly tamper with 3D DICOM images. puter system. security researchers are proofs of concept in-

732 AJR:214, April 2020

 Hacking of DICOM Images

tended to alert the world about potential vul- and certificates (ACME) have been added to abilities. In addition to these two areas, the
nerabilities before hackers start exploiting the DICOM standard, they should be used local IT team should set up the following
them on a large scale. To mitigate these vul- by manufacturers to help implement digital controls to prevent specific injection attacks:
nerabilities, all major players must do their signatures for the integrity and encryption of rate limiters and the disabling of CD auto-
part, from DICOM security leaders at the media and e-mails for confidentiality. loading. Rate limiters are server controls that
core of the DICOM world to radiologists as The second task involves implementation are put in place to deal with runaway modal-
endpoint users and readers. of a creator digital signature. A creator digi- ities that send too much data. Rate limiters
Downloaded from www.ajronline.org by 87.116.181.90 on 01/25/25 from IP address 87.116.181.90. Copyright ARRS. For personal use only; all rights reserved

tal signature public attribute already exists in put a maximum cap on how much data can
DICOM Security Leaders the DICOM standard [17] and is to be filled be sent from a source on the network within
DICOM WG-14 is well aware of the cur- by imaging modalities for a lifetime data in- a period. The same controls can be used to
rent vulnerabilities of DICOM messages and tegrity check. Once digital signatures are im- prevent denial-of-service attacks. Disabling
DICOM files and is tracking potential fu- plemented, manufacturers must not only fill autoloading of CDs on most hospital com-
ture vulnerabilities [31]. It meets monthly to that field but must also implement systematic puters mitigates injections of malware from
review and triage security reports and sug- checks for these signatures by all receivers of self-booting CDs.
gested improvements, review work on cor- images and issue warnings if the signature is
rections and improvements to the standard, either missing or cannot be verified. Radiologists and Technologists
and review work on educational material for The third task is to systematically wipe Radiologists and technologists occasion-
implementers and users. Much of the work out undesired preambles from DICOM files ally face corrupted data, incomplete data,
involves reviewing and adding security con- to prevent execution of embedded malware. and issues of data origin. There are proce-
siderations for new features in the DICOM File deconstruction and reconstruction tech- dures in place to deal with such problems,
standard [32]. WG-14 is currently focusing niques have been proposed [14] as a solu- and solutions are often provided by technolo-
on two major initiatives. tion. Preambles are always discarded when gists or IT experts. The new injection vulner-
The first initiative involves management of DICOM messages are transmitted on a net- abilities lead to the same kinds of problems,
keys and certificates. All current DICOM se- work because DICOM messages have no pre- but they are perhaps multiplied by a factor of
curity features require keys and certificates amble (Fig. 1), so only files stored on servers 10 or 100. Access controls, audit flags, and
to maintain confidentiality and integrity, and or media using nonstandard means need to workflow alarms can already identify several
their management is a very complex task. have their preamble wiped out. of these problems, but radiologists must keep
This is the main limitation in the widespread Finally, the implementation of DICOM the CIA triad in mind.
adoption of those security features. WG-14 image validators, which verify the internal First, it is important to maintain confi-
recently proposed using the automatic cer- consistency and bounds of DICOM objects, dentiality. Any medical image on a laptop
tificate management environment (ACME) can help prevent buffer overflows injection or CD should be encrypted or anonymized.
protocol [33], which simplifies distribution and denial-of-service attacks. One should never remotely view or transmit
and management of keys and certificates. medical images on a public Wi-Fi network
The second initiative involves manage- Local Information Technology Experts without the use of a virtual private network,
ment of network security. The National Secu- Local IT experts should continue to monitor which encrypts all communications.
rity Agency proposed a series of milestones their networks for suspicious activities and pe- Second, one must verify integrity. As
that should be met to make an unmanage- riodically review DICOM audit logs for suspi- health care moves into a new era of increasing
able, insecure network more secure and more cious access patterns. Local IT experts should information vulnerability, radiologists should
manageable. It is called the National Secu- focus on three important network security ar- understand that they may be using data that
rity Agency Manageable Network Plan [34]. eas to mitigate DICOM vulnerabilities: user has been altered. If tampering of DICOM
WG-14 is working on adapting this plan for authentication, access control, and network and image pixels is suspected, it should be con-
the DICOM standard. device visibility. User authentication involves firmed by using redundancy in ­datasets. Are
the ability to accurately identify the user mak- the same findings present on coronal or sag-
Manufacturers ing a request. Multifactor authentication should ittal reformatted sequences or on scout imag-
Some security features are already part be used extensively. Access control limits the es? If tampering of DICOM image attributes
of the DICOM standard, but most cannot be activity of legitimate users. It does not elimi- is suspected, use any prior imaging and the
used because they have not been implement- nate the attacks but restricts the scope of the medical history to determine whether the im-
ed by the manufacturers. Several tasks are damage of an attack to the access allowed each ages belong to that patient and whether the
required from the manufacturers. user. In terms of network and device visibili- imaging findings make sense.
The first task is to implement current ty, every internal network, DICOM server, and Third, one must verify authenticity. Are
DICOM security features. Secure transmis- DICOM device should be invisible from the the imaging data coming from a trusted
sion of DICOM messages has been imple- outside world. Limited access for DICOM data source? Loading a CD from an unfamiliar
mented by some manufacturers and should exchange with outside collaborators or vendors source to read images on a local computer for
be extended to all manufacturers. It is most- should be highly secured. a curbside consult is risky because the CD
ly implemented for transmission between The combination of secure transmission, could have been tampered with, enabling it
institutions but should also be implement- user authentication, and access control is to autoexecute malware. Film libraries have
ed for all internal network transmissions. very effective in reducing many data injec- computers that can safely extract DICOM
Once WG-14’s new features to handle keys tion vulnerabilities and data access vulner- images from CDs and load them into a PACS.

AJR:214, April 2020 733

 A major responsibility of radiologists and tage: how they struck and what’s next. New York 23. Stites M, Pianykh OS. How secure is your radiology
Desjardins et al.
radiology administrators is to include avail- Times website. www.nytimes.com/2019/05/22/us/ department? Mapping digital radiology adoption
able DICOM security measures in equipment baltimore-ransomware.html. Published May 22, and security worldwide. AJR 2016; 206:797–804
specifications and purchase contracts. If users 2019. Accessed July 2, 2019 24. Beek C. McAfee researchers find poor security
do not request security features, there is little 10. Greenberg A. The Wannacry ransomware hackers exposes medical data to cybercriminals. McAfee
incentive for manufacturers to include them. made some real amateur mistakes. Wired website. website. securingtomorrow.mcafee.com/other-
www.wired.com/2017/05/wannacry-ransomware- blogs/mcafee-labs/mcafee-researchers-find-poor-
Conclusion hackers-made-real-amateur-mistakes/. Published security-exposes-medical-data-to-cybercriminals/.
Cyberattacks will pervade life in years May 15, 2017. Accessed July 2, 2019 Published March 11, 2018. Accessed July 2, 2019
Downloaded from www.ajronline.org by 87.116.181.90 on 01/25/25 from IP address 87.116.181.90. Copyright ARRS. For personal use only; all rights reserved

to come, even more than they currently do. 11. Greenberg A. The untold story of NotPetya, the 25. Tanase M. IP spoofing: an introduction. Symantec
They have the power to quickly bring down most devastating cyberattack in history. Wired web- website. www.symantec.com/connect/articles/ip-
entire hospitals, multinational corporations, site. www.wired.com/story/notpetya-cyberattack- spoofing-introduction. Updated March 11, 2003.
cities, and even possibly countries. The pres- ukraine-russia-code-crashed-the-world/. Pub- Accessed July 2, 2019
ent article, written by radiologists and top lished July 22, 2018. Accessed July 2, 2019 26. National Institute of Standards and Technology
cybersecurity experts, provides an accessi- 12. Health Care Industry Cybersecurity Task Force. Re- (NIST). National vulnerability database: CVE-
ble introduction for radiologists to the main port on improving cybersecurity in the health care 2019-11687 detail. NIST website. nvd.nist.gov/
implications of cyberattacks as they relate to industry. Public Health Emergency website. www. vuln/detail/CVE-2019-11687. Modified June 12,
medical images. It also serves as a call to ac- phe.gov/preparedness/planning/cybertf/documents/ 2019. Accessed July 2, 2019
tion, providing recommendations for each report2017.pdf. Published June 2017. Accessed July 27. DICOM. DICOM statement on reported malware
participant in the field to help mitigate the 2, 2019 vulnerability: DICOM security group provides user
vulnerabilities from cyberattacks. 13. Morgan TA, Avrin DE, Carr CD, et al. Meaning- strategies to mitigate risk. www.dicomstandard.org/
ful use for radiology: current status and future di- wp-content/uploads/2019/05/Press-Release-DICOM-
References rections. Radiology 2013; 269:318–321 128-Byte-Preamble-Posted1-2.pdf. Published May
1. CBS News. Hackers are stealing millions of medi- 14. Zaw NT, Soh K. DICOM: A ticking cybersecurity 6, 2019. Accessed July 2, 2019
cal records—and selling them on the dark web. CBS time-bomb in the healthcare industry. Healthcare 28. DICOM. DICOM FAQ response to 128-byte pre-
News website. www.cbsnews.com/news/hackers- Innovation website. www.athenadynamics.com/ amble vulnerability. DICOM website. www.
steal-medical-records-sell-them-on-dark-web/. event/dicom-unknown-vulnerability-cyber-attacks- dicomstandard.org/wp-content/uploads/2019/05/
Published February 14, 2019. Accessed July 2, 2019 global-healthcare-industry. Published November FAQ-DICOM-128-Byte-Preamble-Posted1-1.pdf.
2. Schencker L. Hackers target health data: 82% of 21, 2017. Accessed November 12, 2019 Published May 2019. Accessed July 2, 2019
hospital tech experts reported ‘significant security 15. Mirsky Y, Mahler T, Shelef I, Elovici Y. CT-GAN: ma- 29. Clunie DA. Dual-personality DICOM-TIFF for
incident’ in last year. Chicago Tribune website. licious tampering of 3D medical imagery using deep whole slide images: a migration technique for
www.chicagotribune.com/business/ct-biz-hospital- learning. arXiv website. arxiv.org/abs/1901.03597. Re- legacy software. J Pathol Inform 2019; 10:12
data-breaches-20190307-story.html. Published March vised June 6, 2019. Accessed July 2, 2019 30. Weidman G. Penetration testing: a hands-on in-
8, 2019. Accessed July 2, 2019 16. Picado Ortiz M. HIPAA-protected malware? Ex- troduction to hacking. San Francisco, CA: No
3. Coventry L, Branley D. Cybersecurity in health- ploiting DICOM flaw to embed malware in CT/ Starch Press, 2014
care: a narrative review of trends, threats and ways MRI imagery. Cylera Labs website. labs.cylera. 31. DICOM Security Working Group 14. WG-14: se-
forward. Maturitas 2018; 113:48–52 com/2019/04/16/pe-dicom-medical-malware/. Pub- curity. DICOM Standard website. www.dicom-
4. U.S. Department of Health and Human Services lished April 16, 2019. Accessed July 2, 2019 standard.org/wgs/wg-14/. Published March 10,
(HHS). Breach portal: notice to the secretary of 17. DICOM Standard website. www.dicomstandard. 2003. Accessed July 2, 2019
HHS breach of unsecured protected health infor- org. Accessed July 2, 2019 32. DICOM Working Group 14. Working group 14
mation. HHS website. ocrportal.hhs.gov/ocr/ 18. Bidgood WD Jr, Horii SC, Prior FW, Van Syckle minutes. National Electrical Manufacturers Asso-
breach/breach_report.jsf. Accessed July 2, 2019 DE. Understanding and using DICOM, the data ciation website. dicom.nema.org/Dicom/minutes/
5. Verizon Enterprise. 2018 Data breach investigations interchange standard for biomedical imaging. WG-14/. Updated 2014. Accessed July 2, 2019
report. Verizon Enterprise website. e­nterprise. J Am Med Inform Assoc 1997; 4:199–212 33. Tarbox LR, Horn R. Using the ACME protocol to dis-
verizon.com/resources/reports/2018/DBIR_2018_ 19. DICOM Standard. DICOM supplement overview: tribute TLS certificates for securing DICOM® com-
Report.pdf. Published 2018. Accessed July 2, 2019 complete list. DICOM Standard website. www. munications. cdn.ymaws.com/siim.org/resource/
6. Ronquillo JG, Winterholler JE, Cwikla K, Szyman- dicomstandard.org/News/ftsup/index.html. Ac- resmgr/siim2019/abstracts/BI_EI_New_Tech_
ski R, Levy C. Health IT, hacking, and cybersecu- cessed July 2, 2019 Tarbox.pdf. Published 2019. Accessed July 2, 2019
rity: national trends in data breaches of protected 20. U.S. Government Printing Office. Public Law 34. National Security Agency (NSA). Manageable
health information. JAMIA Open 2018; 1:15-19 113-283: Federal Information Security Modern- network plan guide (version 4.0). NSA website.
7. HIPAA Journal. Healthcare data breach statistics. ization Act of 2014. Govinfo.gov website. www. apps.nsa.gov/iaarchive/library/ia-guidance/security-
HIPAA Journal website. www.hipaajournal.com/ govinfo.gov/app/details/PLAW-113publ283/. Pub- configuration/networks/manageable-network-
healthcare-data-breach-statistics/. Accessed July lished December 18, 2014. Accessed July 2, 2019 plan.cfm. Published December 1, 2015. Accessed
2, 2019 21. Dierks T, Rescorla E. The transport layer security July 2, 2019
8. [No authors listed]. HIPAA Journal. Court approves (TLS) protocol: version 1.2. Internet Engineering 35 Menezes A, van Oorschot PC, Vanstone SA.
Anthem $115 million data breach settlement. Task Force website. tools.ietf.org/html/rfc5246. Handbook of applied cryptography. Boca Raton,
HIPAA Journal website. www.hipaajournal.com/ Published August 2008. Accessed July 2, 2019 FL: CRC Press, 1996
court-approves-anthem-115-million-data-breach- 22. Zhou F, Wang J, Li B, Kim J. Security issues and 36. National Institute of Standards and Technology
settlement/. Published August 20, 2018. Accessed possible solutions in PACS systems through public (NIST). Hash functions. NIST website. csrc.nist.
July 2, 2019 networks. Advanced Science and Technology gov/projects/hash-functions. Updated May 3,
9. Chokshi N. Hackers are holding Baltimore hos- ­Letters 79:118–123 2019. Accessed July 2, 2019

734 AJR:214, April 2020

 Hacking of DICOM Images

APPENDIX 1: Definitions of Technical Terms

DICOM Terms Cryptography Terms Hacking Terms

DICOM Encryption Data injection
Digital Imaging and Communications in Obfuscating data so that only authorized Modifying data in a file or data transmitted
Medicine; the official standard for represen- parties can read it on a network
Downloaded from www.ajronline.org by 87.116.181.90 on 01/25/25 from IP address 87.116.181.90. Copyright ARRS. For personal use only; all rights reserved

tation of medical images

Key Deep learning
DICOM server A large number, the generalization of a pass- An artificial intelligence technique involving
Computer running DICOM services for ex- word, used as a parameter of an algorithm to multilayered neural networks
changing DICOM objects encrypt or decrypt data
Ransomware
DICOM object Symmetric encryption Software that prevents access to data, usually
Basic DICOM structure to represent medi- Uses the same key for encryption and decryp- by encryption, and asks for a ransom to re-
cal images tion cover access to the data

DICOM message Asymmetric encryption Denial of service

How DICOM objects are transmitted on Uses two mathematically related keys for en- An attack that overwhelms a device, prevent-
networks cryption and decryption ing it from responding to normal requests
sent to it
DICOM file Private key
How DICOM objects are stored on media Key that is not shared Buffer overflow
An attack that sends too much data to a com-
Imaging attribute Public key puter, which overfills its allocated memory
Element of a DICOM object representing an Key that is freely shared with the world space to receive the data; it can be used by a
image parameter, such as “patient name” hacker to take complete control of a computer
Certificate
Public attributes Electronic document containing a public key Mitigation
Attributes understandable by every DICOM and proving its ownership Reducing the severity or seriousness of a
device vulnerability
Hash function
Private attributes A function transforming data into fixed
Attributes proprietary to a specific manufacturer (smaller) sized data

WG-14 Hash
Working group responsible for security fea- The output of a hash function, used to verify
tures in the DICOM standard the integrity of data

Preamble Digital signature

The first 128 bytes of a DICOM file, used An encrypted hash used to verify the authen-
by non-DICOM software to help it read a ticity and integrity of data
DICOM image or provide a pointer to an al-
ternative non-DICOM image Transport Layer Security
TLS; a popular protocol for securely trans-
mitting data on networks

F O R YO U R I N F O R M AT I O N
ARRS is accredited by the Accreditation Council for Continuing Medical Education (ACCME) to provide continuing
medical education activities for physicians.
The ARRS designates this journal-based CME activity for a maximum of 1.00 AMA PRA Category 1 Credits™ and
1.00 American Board of Radiology©, MOC Part II, Self-Assessment CME (SA-CME). Physicians should claim only the
credit commensurate with the extent of their participation in the activity.
To access the article for credit, follow the prompts associated with the online version of this article.
The reader’s attention is directed to the commentary on this article, which appears on the following pages.

AJR:214, April 2020 735