Vulnerabilities in the DICOM Protocol: A Call to Fortify Medical Imaging Security

In the realm of medical imaging, the Digital Imaging and Communications in Medicine (DICOM) standard is indispensable. It streamlines the transfer of medical imaging and patient data among healthcare providers. However, recent research by Team82 has uncovered a series of vulnerabilities in various DICOM implementations, raising significant security concerns.

These vulnerabilities, including CVE-2022-2120 and CVE-2022-2119, pose a threat to DICOM servers, primarily Picture Archiving and Communications Systems (PACS) machines, potentially leading to denial-of-service and remote code execution attacks. Such breaches could jeopardize the confidentiality, integrity, and availability of critical services, directly impacting patient care.

DICOM, used globally in hospitals, clinics, and radiology centers, ensures compatibility across medical imaging equipment, regardless of the manufacturer. Its importance in safeguarding medical information in the digital domain cannot be overstated.

The study identified potential attacks on DICOM servers that expose their services to the internet. These include exploiting security flaws for unauthorized access to imaging devices, which could lead to the manipulation or loss of sensitive patient data.

Researchers discovered thousands of publicly accessible cloud storage buckets containing unencrypted DICOM files. Moreover, approximately 4,150 PACS servers worldwide expose their DICOM services to the internet, increasing their vulnerability to cyber-attacks.

An unauthenticated remote code execution vulnerability, tracked as CVE-2023-40150, was found in Softneta MedDream’s PACS installation. This flaw could allow attackers to take control of PACS machines and the entire DICOM network.

While the DICOM protocol is precise in data handling, it lacks robust security mechanisms. This oversight leaves crucial medical information exposed to unauthorized access and manipulation. The report highlights the need for heightened security measures in medical imaging protocols, especially as healthcare organizations increasingly digitize patient data and treatments.

The revelations of these vulnerabilities in DICOM’s protocol and software libraries underscore the urgency of bolstering cybersecurity in medical devices. As healthcare delivery organizations continue to connect more devices to the internet, awareness and proactive measures against these vulnerabilities become critical to ensuring patient safety and privacy.