SlideShare ist ein Scribd-Unternehmen logo
1 von 20
Downloaden Sie, um offline zu lesen
THE DICOM 2014 Chengdu Workshop 
August 25, 2014 Chengdu, China 
Keeping It Safe 
Securing DICOM 
Brad Genereaux, Agfa HealthCare 
Product Manager 
Industry Co-Chair, DICOM WG-27, Web Technologies
What is security? 
• Protecting data security (against 
unauthorized access) 
• Protecting data integrity (against 
unauthorized changes) 
• Protecting data loss (against 
unauthorized deletions) 
• Protecting data availability (against 
denial of service)
What are the implications if 
security is compromised? 
• Data corruption and loss 
• Fraud against those victimized 
• Civil penalties (fines and lawsuits) 
• Criminal penalties 
• Serious harm and death
What is NOT security? 
• Changing names of parameters, 
servers or functions to make it harder 
to guess 
• Including dangerous functions in a 
release but not including them in 
documentation
Keeping DICOM Safe 
DICOM 
DICOM 
Simple workflow 
•Modality transmits images to archive 
•Radiologist requests images for reading 
: Out to cause security issues 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 6
DICOM Security Profiles 
• Defined in PS3.15, “Security and 
System Management Profiles” 
• Describes methods to mitigate various 
security concerns 
• Items in red describe solutions that are 
used in the industry but not explicity 
part of the DICOM standard 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 7
DICOM in Transit 
DICOM 
DICOM 
Who sees this image? 
• The modality, who sends the image 
• The archive, who receives the image 
• Anyone on the network between 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 8
DICOM-TLS 
DICOM 
DICOM 
• Transport Level Security encryption (defined 
in PS3.15 Section B.1) 
• Encryption is negotiated as part of TLS 
• Traffic encrypted with public certificate and 
decrypted by private key 
• Network VPN tunnels is another mechanism 
• DICOMweb can leverage HTTPS (TLS based) 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 9
DICOM in Transit 
DICOM 
DICOM 
Who are the actors in transmission? 
• The modality, who sends the image 
• The archive, who receives the image 
• Anyone pretending to be these actors 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 10
Node Identity 
DICOM 
DICOM 
• DICOM-TLS certificates specifies 
identifying information about the 
owner 
• Verification of certificates are done 
against a signing authority 
• AE titles are a less secure alternative 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 11
User Authentication 
DICOM 
DICOM 
Who can retrieve images? 
• Device is validated by DICOM-TLS 
• User can retrieve images 
• Anyone else using device can, too 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 12
User Authentication 
DICOM 
DICOM 
• Defined in PS3.15 B.4-7 
• Authentication of users can occur via 
• Mutual TLS authentication (each side presents certificates) 
• Authentication during association negotiation (SAML, 
Kerberos, etc) 
• Authenticating users at the application level and 
making trusted calls to the imaging backend is an 
alternative approach 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 13
Auditing 
• Described in PS 3.15 Part A.5 
• User should be known 
• Events for authentication, query, 
access, transfer, import/export, and 
deletion 
• This is used in the IHE ITI ATNA profile 
with Radiology option 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 14
DICOM at Rest 
DICOM 
DICOM 
Who ensures the images are genuine as 
the modality provides them? 
• The archive accomplishes this task 
• Anyone else who can manipulate the 
archive 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 15
Digital Signatures 
DICOM 
DICOM 
• DICOM supports digital signatures which provides 
integrity check and other features 
• Defined in PS3.15 Section C 
• Individual fields can also be selectively encrypted 
• Disk-level encryption can also be used to maintain 
integrity at rest 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 16
Media Storage 
• Used when DICOM is transmitted via 
physical media (CD, DVD, USB key) 
• Guarantees confidentiality, integrity, 
and media origin 
• Defined in PS3.15 section D 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 17
Anonymization 
• Anonymization profiles exist to 
support masking of data for various 
purposes 
• Clinical trials 
• Teaching files 
• Defined in PS3.15 section E 
• Addresses removal and replacement of 
DICOM attributes that may reveal 
protected health information 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 18
DICOM’s Stance 
• DICOM enables a very wide variety of 
authentication and access control 
policies, but does not mandate them 
• DICOMweb shares the same position 
through the use of standard internet 
technologies 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 19
Suggestions 
 Use DICOM-TLS, and HTTPS for DICOMweb 
 Use appropriate authentication and 
authorization measures 
 Use appropriate at-rest encryption 
mechanisms 
 Control access via managed environments, 
strong identity management, firewalls 
 Consider security throughout your project 
lifecycle, not at the end 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 20
Keep It Safe! 
DICOM 
Questions? Thank you! 
DICOM 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 21

Weitere ähnliche Inhalte

Andere mochten auch

DICOM Structure Basics
DICOM Structure BasicsDICOM Structure Basics
DICOM Structure BasicsGunjan Patel
 
Picture Archiving and Communication System (PACS)
Picture Archiving and Communication System (PACS)Picture Archiving and Communication System (PACS)
Picture Archiving and Communication System (PACS)Shweta Tripathi
 
Introduction to digital radiography and pacs
Introduction to digital radiography and pacsIntroduction to digital radiography and pacs
Introduction to digital radiography and pacsRad Tech
 
Dicom-masterclass_091214
Dicom-masterclass_091214Dicom-masterclass_091214
Dicom-masterclass_091214Piet Hein Zwaal
 
DICOMweb (STOW, WADO, QIDO): Potential and implemntation sample
DICOMweb (STOW, WADO, QIDO): Potential and implemntation sampleDICOMweb (STOW, WADO, QIDO): Potential and implemntation sample
DICOMweb (STOW, WADO, QIDO): Potential and implemntation sampleIRT b-com
 
Mathematics, Statistics and Medical Informatics
Mathematics, Statistics and Medical InformaticsMathematics, Statistics and Medical Informatics
Mathematics, Statistics and Medical InformaticsAsli Yazagan
 
Medical Physics 102 - Clinical Leadership - Prado
Medical Physics 102 - Clinical Leadership - PradoMedical Physics 102 - Clinical Leadership - Prado
Medical Physics 102 - Clinical Leadership - PradoKarl Prado
 
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...Xiaoming Zeng
 
Regenstrief Gopher CPOE 2013: Advances in CDS and Provider Collaboration
Regenstrief Gopher CPOE 2013: Advances in CDS and Provider CollaborationRegenstrief Gopher CPOE 2013: Advances in CDS and Provider Collaboration
Regenstrief Gopher CPOE 2013: Advances in CDS and Provider CollaborationJon Duke, MD, MS
 
Integrating CPOE Orders - A Guide to Moving Mountains
Integrating CPOE Orders - A Guide to Moving MountainsIntegrating CPOE Orders - A Guide to Moving Mountains
Integrating CPOE Orders - A Guide to Moving MountainsBoston Software Systems
 
Presentacionris pacs-dicom-v4-120906201823-phpapp01
Presentacionris pacs-dicom-v4-120906201823-phpapp01Presentacionris pacs-dicom-v4-120906201823-phpapp01
Presentacionris pacs-dicom-v4-120906201823-phpapp01Brisa Roldan
 
Cloud PACS Introductions and Benefits
Cloud PACS Introductions and BenefitsCloud PACS Introductions and Benefits
Cloud PACS Introductions and BenefitsMahmoud Bakhtvar
 
Picture Archiving and Communication Systems (PACS) – A New Paradigm in Health...
Picture Archiving and Communication Systems (PACS) – A New Paradigm in Health...Picture Archiving and Communication Systems (PACS) – A New Paradigm in Health...
Picture Archiving and Communication Systems (PACS) – A New Paradigm in Health...Apollo Hospitals
 
Benefits Of EHR/CPOE
Benefits Of EHR/CPOEBenefits Of EHR/CPOE
Benefits Of EHR/CPOEguestd4bbab
 

Andere mochten auch (20)

DICOM Structure Basics
DICOM Structure BasicsDICOM Structure Basics
DICOM Structure Basics
 
Picture Archiving and Communication System (PACS)
Picture Archiving and Communication System (PACS)Picture Archiving and Communication System (PACS)
Picture Archiving and Communication System (PACS)
 
Dicom
DicomDicom
Dicom
 
Introduction to digital radiography and pacs
Introduction to digital radiography and pacsIntroduction to digital radiography and pacs
Introduction to digital radiography and pacs
 
Presentatie dicom
Presentatie dicomPresentatie dicom
Presentatie dicom
 
Dicom-masterclass_091214
Dicom-masterclass_091214Dicom-masterclass_091214
Dicom-masterclass_091214
 
DICOMweb (STOW, WADO, QIDO): Potential and implemntation sample
DICOMweb (STOW, WADO, QIDO): Potential and implemntation sampleDICOMweb (STOW, WADO, QIDO): Potential and implemntation sample
DICOMweb (STOW, WADO, QIDO): Potential and implemntation sample
 
Mathematics, Statistics and Medical Informatics
Mathematics, Statistics and Medical InformaticsMathematics, Statistics and Medical Informatics
Mathematics, Statistics and Medical Informatics
 
Medical Informatics
Medical InformaticsMedical Informatics
Medical Informatics
 
Medical Physics 102 - Clinical Leadership - Prado
Medical Physics 102 - Clinical Leadership - PradoMedical Physics 102 - Clinical Leadership - Prado
Medical Physics 102 - Clinical Leadership - Prado
 
It health applications
It health applicationsIt health applications
It health applications
 
PACS from MedPac Systems
PACS  from  MedPac SystemsPACS  from  MedPac Systems
PACS from MedPac Systems
 
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...
 
Cpoe Timeline
Cpoe TimelineCpoe Timeline
Cpoe Timeline
 
Regenstrief Gopher CPOE 2013: Advances in CDS and Provider Collaboration
Regenstrief Gopher CPOE 2013: Advances in CDS and Provider CollaborationRegenstrief Gopher CPOE 2013: Advances in CDS and Provider Collaboration
Regenstrief Gopher CPOE 2013: Advances in CDS and Provider Collaboration
 
Integrating CPOE Orders - A Guide to Moving Mountains
Integrating CPOE Orders - A Guide to Moving MountainsIntegrating CPOE Orders - A Guide to Moving Mountains
Integrating CPOE Orders - A Guide to Moving Mountains
 
Presentacionris pacs-dicom-v4-120906201823-phpapp01
Presentacionris pacs-dicom-v4-120906201823-phpapp01Presentacionris pacs-dicom-v4-120906201823-phpapp01
Presentacionris pacs-dicom-v4-120906201823-phpapp01
 
Cloud PACS Introductions and Benefits
Cloud PACS Introductions and BenefitsCloud PACS Introductions and Benefits
Cloud PACS Introductions and Benefits
 
Picture Archiving and Communication Systems (PACS) – A New Paradigm in Health...
Picture Archiving and Communication Systems (PACS) – A New Paradigm in Health...Picture Archiving and Communication Systems (PACS) – A New Paradigm in Health...
Picture Archiving and Communication Systems (PACS) – A New Paradigm in Health...
 
Benefits Of EHR/CPOE
Benefits Of EHR/CPOEBenefits Of EHR/CPOE
Benefits Of EHR/CPOE
 

Ähnlich wie Keeping it safe: Securing DICOM

PCI Compliance in Cloud
PCI Compliance in CloudPCI Compliance in Cloud
PCI Compliance in CloudControlCase
 
PCI Compliance in Cloud
PCI Compliance in CloudPCI Compliance in Cloud
PCI Compliance in CloudControlCase
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the CloudControlCase
 
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingSecurity Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingKnoldus Inc.
 
PCI-DSS Compliance in the Cloud
PCI-DSS Compliance in the CloudPCI-DSS Compliance in the Cloud
PCI-DSS Compliance in the CloudControlCase
 
Cloudera training secure your cloudera cluster 7.10.18
Cloudera training secure your cloudera cluster 7.10.18Cloudera training secure your cloudera cluster 7.10.18
Cloudera training secure your cloudera cluster 7.10.18Cloudera, Inc.
 
Cloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itCloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itHentsū
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_designNCC Group
 
GO GLOBAL ENSURE SEAMLESS DILIGENCE WITH VIRTUAL DATA ROOMS!.pdf
GO GLOBAL ENSURE SEAMLESS DILIGENCE  WITH VIRTUAL DATA ROOMS!.pdfGO GLOBAL ENSURE SEAMLESS DILIGENCE  WITH VIRTUAL DATA ROOMS!.pdf
GO GLOBAL ENSURE SEAMLESS DILIGENCE WITH VIRTUAL DATA ROOMS!.pdfHome
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskPrecisely
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...Ulf Mattsson
 
Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightScale
 
Seguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloudSeguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloudNextel S.A.
 

Ähnlich wie Keeping it safe: Securing DICOM (20)

PCI Compliance in Cloud
PCI Compliance in CloudPCI Compliance in Cloud
PCI Compliance in Cloud
 
PCI Compliance in Cloud
PCI Compliance in CloudPCI Compliance in Cloud
PCI Compliance in Cloud
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
 
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingSecurity Fundamentals and Threat Modelling
Security Fundamentals and Threat Modelling
 
PCI-DSS Compliance in the Cloud
PCI-DSS Compliance in the CloudPCI-DSS Compliance in the Cloud
PCI-DSS Compliance in the Cloud
 
3 d secure password
3 d secure password3 d secure password
3 d secure password
 
Secued Cloud
 Secued  Cloud Secued  Cloud
Secued Cloud
 
Cloudera training secure your cloudera cluster 7.10.18
Cloudera training secure your cloudera cluster 7.10.18Cloudera training secure your cloudera cluster 7.10.18
Cloudera training secure your cloudera cluster 7.10.18
 
Cloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itCloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving it
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
 
GO GLOBAL ENSURE SEAMLESS DILIGENCE WITH VIRTUAL DATA ROOMS!.pdf
GO GLOBAL ENSURE SEAMLESS DILIGENCE  WITH VIRTUAL DATA ROOMS!.pdfGO GLOBAL ENSURE SEAMLESS DILIGENCE  WITH VIRTUAL DATA ROOMS!.pdf
GO GLOBAL ENSURE SEAMLESS DILIGENCE WITH VIRTUAL DATA ROOMS!.pdf
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...
 
secued cloud
 secued cloud secued cloud
secued cloud
 
Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public Cloud
 
Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...
 
Seguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloudSeguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloud
 

Kürzlich hochgeladen

CECT NECK NECK ANGIOGRAPHY CAROTID ANGIOGRAPHY
CECT NECK NECK ANGIOGRAPHY CAROTID ANGIOGRAPHYCECT NECK NECK ANGIOGRAPHY CAROTID ANGIOGRAPHY
CECT NECK NECK ANGIOGRAPHY CAROTID ANGIOGRAPHYRMC
 
TEST BANK For Neonatal and Pediatric Respiratory Care, 6th Edition by Brian K...
TEST BANK For Neonatal and Pediatric Respiratory Care, 6th Edition by Brian K...TEST BANK For Neonatal and Pediatric Respiratory Care, 6th Edition by Brian K...
TEST BANK For Neonatal and Pediatric Respiratory Care, 6th Edition by Brian K...mwangimwangi222
 
Health literacies in marginalised communities LILAC 24.pptx
Health literacies in marginalised communities LILAC 24.pptxHealth literacies in marginalised communities LILAC 24.pptx
Health literacies in marginalised communities LILAC 24.pptxPamela McKinney
 
"ANATOMY AND PHYSIOLOGY OF THE SKIN".pdf
"ANATOMY AND PHYSIOLOGY OF THE SKIN".pdf"ANATOMY AND PHYSIOLOGY OF THE SKIN".pdf
"ANATOMY AND PHYSIOLOGY OF THE SKIN".pdfDolisha Warbi
 
Experience the Power of Chiropractic in Maui
Experience the Power of Chiropractic in MauiExperience the Power of Chiropractic in Maui
Experience the Power of Chiropractic in MauiCentral Maui Chiropractic
 
Eating Disorders in Athletes I Sports Psychology
Eating Disorders in Athletes I Sports PsychologyEating Disorders in Athletes I Sports Psychology
Eating Disorders in Athletes I Sports Psychologyshantisphysio
 
Presentation on COUNSELING. 1ST YEAR GNM ,COMMUNITY HEALTH NURSING
Presentation on  COUNSELING. 1ST YEAR GNM ,COMMUNITY HEALTH NURSINGPresentation on  COUNSELING. 1ST YEAR GNM ,COMMUNITY HEALTH NURSING
Presentation on COUNSELING. 1ST YEAR GNM ,COMMUNITY HEALTH NURSINGKREDASONBANGALORE
 
Basics of Giant Cell Tumor of bone (GCTB)
Basics of Giant Cell Tumor of bone (GCTB)Basics of Giant Cell Tumor of bone (GCTB)
Basics of Giant Cell Tumor of bone (GCTB)bishwabandhuniraula
 
Drug stability and chemical Kinetics UNIT V
Drug stability and chemical Kinetics UNIT VDrug stability and chemical Kinetics UNIT V
Drug stability and chemical Kinetics UNIT VDr Rakesh Kumar Sharma
 
Living Well Every Day: Lyons Wellness Practice | Nurtures Your Complete Health
Living Well Every Day: Lyons Wellness Practice | Nurtures Your Complete HealthLiving Well Every Day: Lyons Wellness Practice | Nurtures Your Complete Health
Living Well Every Day: Lyons Wellness Practice | Nurtures Your Complete HealthLyons Health
 
LARYNGEAL CANCER.pptx Prepared by Neha Kewat
LARYNGEAL CANCER.pptx  Prepared by Neha KewatLARYNGEAL CANCER.pptx  Prepared by Neha Kewat
LARYNGEAL CANCER.pptx Prepared by Neha KewatNehaKewat
 
Calibration and Calibration Curve. lecture notes
Calibration and Calibration Curve. lecture notesCalibration and Calibration Curve. lecture notes
Calibration and Calibration Curve. lecture notesWani Insha
 
Medical Malpractice & Medical Negligence (1).pptx
Medical Malpractice & Medical Negligence (1).pptxMedical Malpractice & Medical Negligence (1).pptx
Medical Malpractice & Medical Negligence (1).pptxanukshadias2
 
Artificial Intelligence: Diabetes Management
Artificial Intelligence: Diabetes ManagementArtificial Intelligence: Diabetes Management
Artificial Intelligence: Diabetes ManagementIris Thiele Isip-Tan
 
Blood(The Applied Physiology) for Nurses.pptx
Blood(The Applied Physiology) for Nurses.pptxBlood(The Applied Physiology) for Nurses.pptx
Blood(The Applied Physiology) for Nurses.pptxNagamani Manjunath
 
LEUKODYSTROPHY FINAL.pptx sms medical jaipur
LEUKODYSTROPHY FINAL.pptx sms medical jaipurLEUKODYSTROPHY FINAL.pptx sms medical jaipur
LEUKODYSTROPHY FINAL.pptx sms medical jaipurdineshdandia
 
ACCA Version of AI & Healthcare: An Overview for the Curious
ACCA Version of AI & Healthcare: An Overview for the CuriousACCA Version of AI & Healthcare: An Overview for the Curious
ACCA Version of AI & Healthcare: An Overview for the CuriousKR_Barker
 
Introduction to Evaluation and Skin Benefits
Introduction to Evaluation and Skin BenefitsIntroduction to Evaluation and Skin Benefits
Introduction to Evaluation and Skin Benefitssahilgabhane29
 
Empathy Is a Stress Response - Choose Compassion instead
Empathy Is a Stress Response - Choose Compassion insteadEmpathy Is a Stress Response - Choose Compassion instead
Empathy Is a Stress Response - Choose Compassion insteadAlex Clapson
 

Kürzlich hochgeladen (20)

CECT NECK NECK ANGIOGRAPHY CAROTID ANGIOGRAPHY
CECT NECK NECK ANGIOGRAPHY CAROTID ANGIOGRAPHYCECT NECK NECK ANGIOGRAPHY CAROTID ANGIOGRAPHY
CECT NECK NECK ANGIOGRAPHY CAROTID ANGIOGRAPHY
 
TEST BANK For Neonatal and Pediatric Respiratory Care, 6th Edition by Brian K...
TEST BANK For Neonatal and Pediatric Respiratory Care, 6th Edition by Brian K...TEST BANK For Neonatal and Pediatric Respiratory Care, 6th Edition by Brian K...
TEST BANK For Neonatal and Pediatric Respiratory Care, 6th Edition by Brian K...
 
Health literacies in marginalised communities LILAC 24.pptx
Health literacies in marginalised communities LILAC 24.pptxHealth literacies in marginalised communities LILAC 24.pptx
Health literacies in marginalised communities LILAC 24.pptx
 
SCOPE OF CRITICAL CARE ORGANIZATION
SCOPE OF CRITICAL CARE ORGANIZATIONSCOPE OF CRITICAL CARE ORGANIZATION
SCOPE OF CRITICAL CARE ORGANIZATION
 
"ANATOMY AND PHYSIOLOGY OF THE SKIN".pdf
"ANATOMY AND PHYSIOLOGY OF THE SKIN".pdf"ANATOMY AND PHYSIOLOGY OF THE SKIN".pdf
"ANATOMY AND PHYSIOLOGY OF THE SKIN".pdf
 
Experience the Power of Chiropractic in Maui
Experience the Power of Chiropractic in MauiExperience the Power of Chiropractic in Maui
Experience the Power of Chiropractic in Maui
 
Eating Disorders in Athletes I Sports Psychology
Eating Disorders in Athletes I Sports PsychologyEating Disorders in Athletes I Sports Psychology
Eating Disorders in Athletes I Sports Psychology
 
Presentation on COUNSELING. 1ST YEAR GNM ,COMMUNITY HEALTH NURSING
Presentation on  COUNSELING. 1ST YEAR GNM ,COMMUNITY HEALTH NURSINGPresentation on  COUNSELING. 1ST YEAR GNM ,COMMUNITY HEALTH NURSING
Presentation on COUNSELING. 1ST YEAR GNM ,COMMUNITY HEALTH NURSING
 
Basics of Giant Cell Tumor of bone (GCTB)
Basics of Giant Cell Tumor of bone (GCTB)Basics of Giant Cell Tumor of bone (GCTB)
Basics of Giant Cell Tumor of bone (GCTB)
 
Drug stability and chemical Kinetics UNIT V
Drug stability and chemical Kinetics UNIT VDrug stability and chemical Kinetics UNIT V
Drug stability and chemical Kinetics UNIT V
 
Living Well Every Day: Lyons Wellness Practice | Nurtures Your Complete Health
Living Well Every Day: Lyons Wellness Practice | Nurtures Your Complete HealthLiving Well Every Day: Lyons Wellness Practice | Nurtures Your Complete Health
Living Well Every Day: Lyons Wellness Practice | Nurtures Your Complete Health
 
LARYNGEAL CANCER.pptx Prepared by Neha Kewat
LARYNGEAL CANCER.pptx  Prepared by Neha KewatLARYNGEAL CANCER.pptx  Prepared by Neha Kewat
LARYNGEAL CANCER.pptx Prepared by Neha Kewat
 
Calibration and Calibration Curve. lecture notes
Calibration and Calibration Curve. lecture notesCalibration and Calibration Curve. lecture notes
Calibration and Calibration Curve. lecture notes
 
Medical Malpractice & Medical Negligence (1).pptx
Medical Malpractice & Medical Negligence (1).pptxMedical Malpractice & Medical Negligence (1).pptx
Medical Malpractice & Medical Negligence (1).pptx
 
Artificial Intelligence: Diabetes Management
Artificial Intelligence: Diabetes ManagementArtificial Intelligence: Diabetes Management
Artificial Intelligence: Diabetes Management
 
Blood(The Applied Physiology) for Nurses.pptx
Blood(The Applied Physiology) for Nurses.pptxBlood(The Applied Physiology) for Nurses.pptx
Blood(The Applied Physiology) for Nurses.pptx
 
LEUKODYSTROPHY FINAL.pptx sms medical jaipur
LEUKODYSTROPHY FINAL.pptx sms medical jaipurLEUKODYSTROPHY FINAL.pptx sms medical jaipur
LEUKODYSTROPHY FINAL.pptx sms medical jaipur
 
ACCA Version of AI & Healthcare: An Overview for the Curious
ACCA Version of AI & Healthcare: An Overview for the CuriousACCA Version of AI & Healthcare: An Overview for the Curious
ACCA Version of AI & Healthcare: An Overview for the Curious
 
Introduction to Evaluation and Skin Benefits
Introduction to Evaluation and Skin BenefitsIntroduction to Evaluation and Skin Benefits
Introduction to Evaluation and Skin Benefits
 
Empathy Is a Stress Response - Choose Compassion instead
Empathy Is a Stress Response - Choose Compassion insteadEmpathy Is a Stress Response - Choose Compassion instead
Empathy Is a Stress Response - Choose Compassion instead
 

Keeping it safe: Securing DICOM

  • 1. THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Securing DICOM Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM WG-27, Web Technologies
  • 2. What is security? • Protecting data security (against unauthorized access) • Protecting data integrity (against unauthorized changes) • Protecting data loss (against unauthorized deletions) • Protecting data availability (against denial of service)
  • 3. What are the implications if security is compromised? • Data corruption and loss • Fraud against those victimized • Civil penalties (fines and lawsuits) • Criminal penalties • Serious harm and death
  • 4. What is NOT security? • Changing names of parameters, servers or functions to make it harder to guess • Including dangerous functions in a release but not including them in documentation
  • 5. Keeping DICOM Safe DICOM DICOM Simple workflow •Modality transmits images to archive •Radiologist requests images for reading : Out to cause security issues August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 6
  • 6. DICOM Security Profiles • Defined in PS3.15, “Security and System Management Profiles” • Describes methods to mitigate various security concerns • Items in red describe solutions that are used in the industry but not explicity part of the DICOM standard August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 7
  • 7. DICOM in Transit DICOM DICOM Who sees this image? • The modality, who sends the image • The archive, who receives the image • Anyone on the network between August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 8
  • 8. DICOM-TLS DICOM DICOM • Transport Level Security encryption (defined in PS3.15 Section B.1) • Encryption is negotiated as part of TLS • Traffic encrypted with public certificate and decrypted by private key • Network VPN tunnels is another mechanism • DICOMweb can leverage HTTPS (TLS based) August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 9
  • 9. DICOM in Transit DICOM DICOM Who are the actors in transmission? • The modality, who sends the image • The archive, who receives the image • Anyone pretending to be these actors August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 10
  • 10. Node Identity DICOM DICOM • DICOM-TLS certificates specifies identifying information about the owner • Verification of certificates are done against a signing authority • AE titles are a less secure alternative August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 11
  • 11. User Authentication DICOM DICOM Who can retrieve images? • Device is validated by DICOM-TLS • User can retrieve images • Anyone else using device can, too August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 12
  • 12. User Authentication DICOM DICOM • Defined in PS3.15 B.4-7 • Authentication of users can occur via • Mutual TLS authentication (each side presents certificates) • Authentication during association negotiation (SAML, Kerberos, etc) • Authenticating users at the application level and making trusted calls to the imaging backend is an alternative approach August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 13
  • 13. Auditing • Described in PS 3.15 Part A.5 • User should be known • Events for authentication, query, access, transfer, import/export, and deletion • This is used in the IHE ITI ATNA profile with Radiology option August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 14
  • 14. DICOM at Rest DICOM DICOM Who ensures the images are genuine as the modality provides them? • The archive accomplishes this task • Anyone else who can manipulate the archive August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 15
  • 15. Digital Signatures DICOM DICOM • DICOM supports digital signatures which provides integrity check and other features • Defined in PS3.15 Section C • Individual fields can also be selectively encrypted • Disk-level encryption can also be used to maintain integrity at rest August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 16
  • 16. Media Storage • Used when DICOM is transmitted via physical media (CD, DVD, USB key) • Guarantees confidentiality, integrity, and media origin • Defined in PS3.15 section D August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 17
  • 17. Anonymization • Anonymization profiles exist to support masking of data for various purposes • Clinical trials • Teaching files • Defined in PS3.15 section E • Addresses removal and replacement of DICOM attributes that may reveal protected health information August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 18
  • 18. DICOM’s Stance • DICOM enables a very wide variety of authentication and access control policies, but does not mandate them • DICOMweb shares the same position through the use of standard internet technologies August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 19
  • 19. Suggestions  Use DICOM-TLS, and HTTPS for DICOMweb  Use appropriate authentication and authorization measures  Use appropriate at-rest encryption mechanisms  Control access via managed environments, strong identity management, firewalls  Consider security throughout your project lifecycle, not at the end August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 20
  • 20. Keep It Safe! DICOM Questions? Thank you! DICOM August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 21