Presentation I gave at the DICOM Workshop, held in Chengdu, China, in August 2014. Topics include: DICOM over TLS, DICOM file encryption, DICOM content in other transports, security profiles, and DICOM anonymization profiles.
Introduced in 2004, the Data Distribution Service (DDS) has been steadily growing in popularity and adoption. Today, DDS is at the heart of a large number of mission and business critical systems, such as, Air Traffic Control and Management, Train Control Systems, Energy Production Systems, Medical Devices, Autonomous Vehicles, Smart Cities and NASA’s Kennedy Space Centre Launch System.
Considered the technological trends toward data-centricity and the rate of adoption, tomorrow, DDS will be at the at the heart of an incredible number of Industrial IoT systems.
To help you become an expert in DDS and exploit your skills in the growing DDS market, we have designed the DDS in Action webcast series. This series is a learning journey through which you will (1) discover the essence of DDS, (2) understand how to effectively exploit DDS to architect and program distributed applications that perform and scale, (3) learn the key DDS programming idioms and architectural patterns, (4) understand how to characterise DDS performances and configure for optimal latency/throughput, (5) grow your system to Internet scale, and (6) secure you DDS system.
Presentation on DICOMweb given at the DICOM Workshop in Chengdu, China, in August 2014. Topics include:
- Delivering imaging results to referring physicians, specialists and patients
- Driving use cases and the role of Web Services in an imaging environment
- Overview of the suite of DICOM Web Services
- Details of WADO, WADO-WS, WADO-RS, STOW, QIDO
- Practical interplay between DICOM information objects, DICOM web services and traditional DICOM services
This source introduce Conquest DICOM server to you and how to connect to it by a free DICOM Viewer (i.e. MIPAV)
This introduction aimed for beginners how have no or little back ground in computer networks.
Introduced in 2004, the Data Distribution Service (DDS) has been steadily growing in popularity and adoption. Today, DDS is at the heart of a large number of mission and business critical systems, such as, Air Traffic Control and Management, Train Control Systems, Energy Production Systems, Medical Devices, Autonomous Vehicles, Smart Cities and NASA’s Kennedy Space Centre Launch System.
Considered the technological trends toward data-centricity and the rate of adoption, tomorrow, DDS will be at the at the heart of an incredible number of Industrial IoT systems.
To help you become an expert in DDS and exploit your skills in the growing DDS market, we have designed the DDS in Action webcast series. This series is a learning journey through which you will (1) discover the essence of DDS, (2) understand how to effectively exploit DDS to architect and program distributed applications that perform and scale, (3) learn the key DDS programming idioms and architectural patterns, (4) understand how to characterise DDS performances and configure for optimal latency/throughput, (5) grow your system to Internet scale, and (6) secure you DDS system.
Presentation on DICOMweb given at the DICOM Workshop in Chengdu, China, in August 2014. Topics include:
- Delivering imaging results to referring physicians, specialists and patients
- Driving use cases and the role of Web Services in an imaging environment
- Overview of the suite of DICOM Web Services
- Details of WADO, WADO-WS, WADO-RS, STOW, QIDO
- Practical interplay between DICOM information objects, DICOM web services and traditional DICOM services
This source introduce Conquest DICOM server to you and how to connect to it by a free DICOM Viewer (i.e. MIPAV)
This introduction aimed for beginners how have no or little back ground in computer networks.
Digital Imaging and Communications in Medicine (DICOM) is a standard for handling, storing, printing, and transmitting information in medical imaging. It includes a file format definition and a network communications protocol. The communication protocol is an application protocol that uses TCP/IP to communicate between systems. DICOM files can be exchanged between two entities that are capable of receiving image and patient data in DICOM format.
DICOM enables the integration of scanners, servers, workstations, printers, and network hardware from multiple manufacturers into a picture archiving and communication system (PACS). The different devices come with DICOM conformance statements which clearly state the DICOM classes they support. DICOM has been widely adopted by hospitals and is making inroads in smaller applications like dentists' and doctors' offices.
DICOM is dé standaard voor beelden. De DICOM standaard wordt continu aangepast aan nieuwe beeldvormende technieken en aan de veranderende processen rondom het maken, opslaan en delen van beelden. Tijdens de Masterclass neemt Marco Eichelberg u mee in de belangrijkste ontwikkelingen in de DICOM standaard, zoals:
DICOM “extended multiframe” voor met name MRi en CT
DICOM “whole slide imaging” voor pathologie en
DICOM “Structured Reporting” voor gestructureerde verslagen en metingen.
Marco Eichelberg is DICOM expert sinds 1995. Hij is werkzaam bij OFFIS in Duitsland en is daar hoofdontwikkelaar van de OFFIS DCMTK toolkit. Marco is actief in diverse DICOM werkgroepen en volgt de standaard op de voet. Hij geeft regelmatig lezingen en trainingen.
Regenstrief Gopher CPOE 2013: Advances in CDS and Provider CollaborationJon Duke, MD, MS
Regenstrief's AMIA 2013 demonstration of the latest updates to the Gopher CPOE, including preemptive alerts, advanced rule authoring, real-time NLP, dynamic notes, and collaborative timeline.
Healthcare network providers are facing new challenge of integration among affiliated healthcare centers, and Cloud PACS is the best ever-known solution to this challenge.
Picture Archiving and Communication Systems (PACS) – A New Paradigm in Health...Apollo Hospitals
Digitization and transfer of images in Radiodiagnosis and Imaging dates back to to early 70s with the advent of Computerized Tomography Scanning, and, subsequently sending these images to cameras and printers hooked on to the machines through a local “network”. Rapid advancements in Information Technology (IT) as well as in the imaging technology have facilitated the healthcare organizations across the world to manage patient's images, records and other data more efficiently. Today, capturing images, archiving and retrieval have already reached great heights, and, further refinements are in progress. The infrastructural requirements for such a venture have to be very finely and judiciously planned well in advance with a view to go filmless as the ultimate objective. Involvement of all concerned and connected agencies is a must e.g. IT, Radiologists, Clinicians and the Vendors.
ControlCase covers the following: - About the cloud - About PCI DSS - PCI DSS in the cloud - How to keep sensitive data secure as you move to the cloud - Q&A
In this presentation, ControlCase discusses the following:
- About the cloud
- About PCI DSS
- PCI DSS in the cloud
- How to keep sensitive data secure as you move to the cloud
Digital Imaging and Communications in Medicine (DICOM) is a standard for handling, storing, printing, and transmitting information in medical imaging. It includes a file format definition and a network communications protocol. The communication protocol is an application protocol that uses TCP/IP to communicate between systems. DICOM files can be exchanged between two entities that are capable of receiving image and patient data in DICOM format.
DICOM enables the integration of scanners, servers, workstations, printers, and network hardware from multiple manufacturers into a picture archiving and communication system (PACS). The different devices come with DICOM conformance statements which clearly state the DICOM classes they support. DICOM has been widely adopted by hospitals and is making inroads in smaller applications like dentists' and doctors' offices.
DICOM is dé standaard voor beelden. De DICOM standaard wordt continu aangepast aan nieuwe beeldvormende technieken en aan de veranderende processen rondom het maken, opslaan en delen van beelden. Tijdens de Masterclass neemt Marco Eichelberg u mee in de belangrijkste ontwikkelingen in de DICOM standaard, zoals:
DICOM “extended multiframe” voor met name MRi en CT
DICOM “whole slide imaging” voor pathologie en
DICOM “Structured Reporting” voor gestructureerde verslagen en metingen.
Marco Eichelberg is DICOM expert sinds 1995. Hij is werkzaam bij OFFIS in Duitsland en is daar hoofdontwikkelaar van de OFFIS DCMTK toolkit. Marco is actief in diverse DICOM werkgroepen en volgt de standaard op de voet. Hij geeft regelmatig lezingen en trainingen.
Regenstrief Gopher CPOE 2013: Advances in CDS and Provider CollaborationJon Duke, MD, MS
Regenstrief's AMIA 2013 demonstration of the latest updates to the Gopher CPOE, including preemptive alerts, advanced rule authoring, real-time NLP, dynamic notes, and collaborative timeline.
Healthcare network providers are facing new challenge of integration among affiliated healthcare centers, and Cloud PACS is the best ever-known solution to this challenge.
Picture Archiving and Communication Systems (PACS) – A New Paradigm in Health...Apollo Hospitals
Digitization and transfer of images in Radiodiagnosis and Imaging dates back to to early 70s with the advent of Computerized Tomography Scanning, and, subsequently sending these images to cameras and printers hooked on to the machines through a local “network”. Rapid advancements in Information Technology (IT) as well as in the imaging technology have facilitated the healthcare organizations across the world to manage patient's images, records and other data more efficiently. Today, capturing images, archiving and retrieval have already reached great heights, and, further refinements are in progress. The infrastructural requirements for such a venture have to be very finely and judiciously planned well in advance with a view to go filmless as the ultimate objective. Involvement of all concerned and connected agencies is a must e.g. IT, Radiologists, Clinicians and the Vendors.
ControlCase covers the following: - About the cloud - About PCI DSS - PCI DSS in the cloud - How to keep sensitive data secure as you move to the cloud - Q&A
In this presentation, ControlCase discusses the following:
- About the cloud
- About PCI DSS
- PCI DSS in the cloud
- How to keep sensitive data secure as you move to the cloud
This slideshow discusses the following:
- About the cloud
- About PCI DSS
- PCI DSS in the cloud
- How to keep sensitive data secure as you move to the cloud
- Q&A
ControlCase discusses the following: - About the cloud - About PCI DSS - PCI DSS in the cloud - How to keep sensitive data secure as you move to the cloud -
ControlCase discusses the following:
- About the cloud
- About PCI DSS - PCI DSS in the cloud
- How to keep sensitive data secure as you move to the cloud
Security Fundamentals and Threat ModellingKnoldus Inc.
This session will take you through the basic fundamentals and terminologies of security in our applications along with the latest security and threat trends. We will also discuss what is Threat Modelling and how we can perform it on our architectures without being an actual expert.
Cloudera training secure your cloudera cluster 7.10.18Cloudera, Inc.
Exclusively through Cloudera OnDemand, Cloudera Security Training introduces you to the tools and techniques that Cloudera's solution architects use to protect the clusters our customers rely on for critical machine learning and analytics workloads. This webinar will give you a sneak peek at our new on-demand security course and show you the immense scope of Cloudera training. From authentication and authorization to encryption, auditing, and everything in between, this course gives you the skills you need to properly secure your Cloudera cluster.
Cloud Security for Regulated Firms - Securing my cloud and proving itHentsū
As a regulated cloud user, security and compliance are two of your primary concerns, a workshop on how to keep secure and demonstrate your compliance to key stakeholders.
Specifically, what can be done to secure cloud resources and show compliance for auditors, investors, DDQs, SSAE16, covering:
- Strategies for securing data in transit and at rest
- Federating with your internal directory for role based access to your cloud
- Capturing and processing audit logs for security event notifications
- Fun with Infrastructure as Code – detecting and reverting misconfigurations and manual changes
Social Distance Your IBM i from Cybersecurity RiskPrecisely
The continuous news of personal information stolen from major retailers and financial institutions have driven consumers and regulatory bodies to demand that more action be taken to ensure data protection and privacy. Regulations such as PCI DSS, HIPAA, GDPR, and FISMA require that personal data be protected against unauthorized access using technologies like encryption, tokenization, masking, secure file transfer and more. With all the options available for securing IBM i data at rest and in motion, how do you know where to begin?
Register to get up to speed on the key concepts you need to know about assuring data privacy for your customers, business partners and employees.
Topics will include:
- Protecting data with encryption and the need for strong key management
- Use Cases that are best for tokenization
- Options for permanently deidentifying data
- Securing data in motion across networks
- Complete security solution for IBM I (AS/400)
The day when 3rd party security providers disappear into cloud bright talk se...Ulf Mattsson
How should we prepare for this new brave world where many 3rd party security providers disappeared into cloud providers? This will greatly impact many 3rd party security vendors, organizations and investors.
Cloud transformations are accelerating. By 2020, cloud will increase by 157% and on-premises ’traditional’ IT infrastructure will decrease by 54%, according to 452 Research, 2018.
We will cover how many security solutions will change, including:
- WAF – Web Application Firewalls
- SIEM
- Firewalls
- Encryption
- Tokenization
- Key Management
- AV – Anti Virus
- Network
- And more...
Over the past few years, PCI compliance in the public cloud has been a growing topic of concern and interest. Like us, you probably have heard assertions from both sides of the topic - some stating that one can be a PCI compliant merchant using public IaaS cloud, others stating that it is impossible. Join us in this webinar as our Director of Security and Compliance, Phil Cox, addresses these concerns and demonstrates how PCI compliance in the public IaaS cloud is indeed possible.
In this webinar we’ll discuss:
- Foundational principles and mindsets for PCI compliance
- How to determine system/application scope and requirement applicability
- Top-level PCI DSS (Data Security Standard) requirements and how to meet them in the public IaaS cloud
This webinar is perfect for those who are searching for solid answers on security in the public cloud. Our goal with this webinar is to educate you with the information you need to have confidence and make the most of your public cloud, while dispelling any myths surrounding the topic of security and the public cloud.
Seguridad: sembrando confianza en el cloudNextel S.A.
Presentación de Oscar Lopez, de Nextel S.A., durante la XV Jornada de Seguridad TI de Nextel S.A. en la Alhóndiga de Bilbao el jueves 27 de junio de 2013.
This talk will be focused on discussing war stories from a product architect/engineer who lives within an information security department and is passionate about driving change. Attendees will get to experience a few different routes that have lead to success and others that might need to avoided. As an ever-evolving space, when reducing risk and deploy safe products to the market, we all have to find the correct gear to get us down the road.
India Diagnostic Labs Market: Dynamics, Key Players, and Industry Projections...Kumar Satyam
According to the TechSci Research report titled “India Diagnostic Labs Market Industry Size, Share, Trends, Competition, Opportunity, and Forecast, 2019-2029,” the India Diagnostic Labs Market was valued at USD 16,471.21 million in 2023 and is projected to grow at an impressive compound annual growth rate (CAGR) of 11.55% through 2029. This significant growth can be attributed to various factors, including collaborations and partnerships among leading companies, the expansion of diagnostic chains, and increasing accessibility to diagnostic services across the country. This comprehensive report delves into the market dynamics, recent trends, drivers, competitive landscape, and benefits of the research report, providing a detailed analysis of the India Diagnostic Labs Market.
Collaborations and Partnerships
Collaborations and partnerships among leading companies play a pivotal role in driving the growth of the India Diagnostic Labs Market. These strategic alliances allow companies to merge their expertise, strengthen their market positions, and offer innovative solutions. By combining resources, companies can enhance their research and development capabilities, expand their product portfolios, and improve their distribution networks. These collaborations also facilitate the sharing of technological advancements and best practices, contributing to the overall growth of the market.
Expansion of Diagnostic Chains
The expansion of diagnostic chains is a driving force behind the growing demand for diagnostic lab services. Diagnostic chains often establish multiple laboratories and diagnostic centers in various cities and regions, including urban and rural areas. This expanded network makes diagnostic services more accessible to a larger portion of the population, addressing healthcare disparities and reaching underserved populations. The presence of diagnostic chain facilities in multiple locations within a city or region provides convenience for patients, reducing travel time and effort. A broader network of labs often leads to reduced waiting times for appointments and sample collection, ensuring that patients receive timely and efficient diagnostic services.
Rising Prevalence of Chronic Diseases
The increasing prevalence of chronic diseases is a significant driver for the demand for diagnostic lab services. Chronic conditions such as diabetes, cardiovascular diseases, and cancer require regular monitoring and diagnostic testing for effective management. The rise in chronic diseases necessitates the use of advanced diagnostic tools and technologies, driving the growth of the diagnostic labs market. Additionally, early diagnosis and timely intervention are crucial for managing chronic diseases, further boosting the demand for diagnostic lab services.
The Importance of Community Nursing Care.pdfAD Healthcare
NDIS and Community 24/7 Nursing Care is a specific type of support that may be provided under the NDIS for individuals with complex medical needs who require ongoing nursing care in a community setting, such as their home or a supported accommodation facility.
LGBTQ+ Adults: Unique Opportunities and Inclusive Approaches to CareVITASAuthor
This webinar helps clinicians understand the unique healthcare needs of the LGBTQ+ community, primarily in relation to end-of-life care. Topics include social and cultural background and challenges, healthcare disparities, advanced care planning, and strategies for reaching the community and improving quality of care.
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdfSachin Sharma
This content provides an overview of preventive pediatrics. It defines preventive pediatrics as preventing disease and promoting children's physical, mental, and social well-being to achieve positive health. It discusses antenatal, postnatal, and social preventive pediatrics. It also covers various child health programs like immunization, breastfeeding, ICDS, and the roles of organizations like WHO, UNICEF, and nurses in preventive pediatrics.
Medical Technology Tackles New Health Care Demand - Research Report - March 2...pchutichetpong
M Capital Group (“MCG”) predicts that with, against, despite, and even without the global pandemic, the medical technology (MedTech) industry shows signs of continuous healthy growth, driven by smaller, faster, and cheaper devices, growing demand for home-based applications, technological innovation, strategic acquisitions, investments, and SPAC listings. MCG predicts that this should reflects itself in annual growth of over 6%, well beyond 2028.
According to Chris Mouchabhani, Managing Partner at M Capital Group, “Despite all economic scenarios that one may consider, beyond overall economic shocks, medical technology should remain one of the most promising and robust sectors over the short to medium term and well beyond 2028.”
There is a movement towards home-based care for the elderly, next generation scanning and MRI devices, wearable technology, artificial intelligence incorporation, and online connectivity. Experts also see a focus on predictive, preventive, personalized, participatory, and precision medicine, with rising levels of integration of home care and technological innovation.
The average cost of treatment has been rising across the board, creating additional financial burdens to governments, healthcare providers and insurance companies. According to MCG, cost-per-inpatient-stay in the United States alone rose on average annually by over 13% between 2014 to 2021, leading MedTech to focus research efforts on optimized medical equipment at lower price points, whilst emphasizing portability and ease of use. Namely, 46% of the 1,008 medical technology companies in the 2021 MedTech Innovator (“MTI”) database are focusing on prevention, wellness, detection, or diagnosis, signaling a clear push for preventive care to also tackle costs.
In addition, there has also been a lasting impact on consumer and medical demand for home care, supported by the pandemic. Lockdowns, closure of care facilities, and healthcare systems subjected to capacity pressure, accelerated demand away from traditional inpatient care. Now, outpatient care solutions are driving industry production, with nearly 70% of recent diagnostics start-up companies producing products in areas such as ambulatory clinics, at-home care, and self-administered diagnostics.
This document is designed as an introductory to medical students,nursing students,midwives or other healthcare trainees to improve their understanding about how health system in Sri Lanka cares children health.
Health Education on prevention of hypertensionRadhika kulvi
Hypertension is a chronic condition of concern due to its role in the causation of coronary heart diseases. Hypertension is a worldwide epidemic and important risk factor for coronary artery disease, stroke and renal diseases. Blood pressure is the force exerted by the blood against the walls of the blood vessels and is sufficient to maintain tissue perfusion during activity and rest. Hypertension is sustained elevation of BP. In adults, HTN exists when systolic blood pressure is equal to or greater than 140mmHg or diastolic BP is equal to or greater than 90mmHg. The
Trauma Outpatient Center is a comprehensive facility dedicated to addressing mental health challenges and providing medication-assisted treatment. We offer a diverse range of services aimed at assisting individuals in overcoming addiction, mental health disorders, and related obstacles. Our team consists of seasoned professionals who are both experienced and compassionate, committed to delivering the highest standard of care to our clients. By utilizing evidence-based treatment methods, we strive to help our clients achieve their goals and lead healthier, more fulfilling lives.
Our mission is to provide a safe and supportive environment where our clients can receive the highest quality of care. We are dedicated to assisting our clients in reaching their objectives and improving their overall well-being. We prioritize our clients' needs and individualize treatment plans to ensure they receive tailored care. Our approach is rooted in evidence-based practices proven effective in treating addiction and mental health disorders.
1. THE DICOM 2014 Chengdu Workshop
August 25, 2014 Chengdu, China
Keeping It Safe
Securing DICOM
Brad Genereaux, Agfa HealthCare
Product Manager
Industry Co-Chair, DICOM WG-27, Web Technologies
2. What is security?
• Protecting data security (against
unauthorized access)
• Protecting data integrity (against
unauthorized changes)
• Protecting data loss (against
unauthorized deletions)
• Protecting data availability (against
denial of service)
3. What are the implications if
security is compromised?
• Data corruption and loss
• Fraud against those victimized
• Civil penalties (fines and lawsuits)
• Criminal penalties
• Serious harm and death
4. What is NOT security?
• Changing names of parameters,
servers or functions to make it harder
to guess
• Including dangerous functions in a
release but not including them in
documentation
5. Keeping DICOM Safe
DICOM
DICOM
Simple workflow
•Modality transmits images to archive
•Radiologist requests images for reading
: Out to cause security issues
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 6
6. DICOM Security Profiles
• Defined in PS3.15, “Security and
System Management Profiles”
• Describes methods to mitigate various
security concerns
• Items in red describe solutions that are
used in the industry but not explicity
part of the DICOM standard
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 7
7. DICOM in Transit
DICOM
DICOM
Who sees this image?
• The modality, who sends the image
• The archive, who receives the image
• Anyone on the network between
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 8
8. DICOM-TLS
DICOM
DICOM
• Transport Level Security encryption (defined
in PS3.15 Section B.1)
• Encryption is negotiated as part of TLS
• Traffic encrypted with public certificate and
decrypted by private key
• Network VPN tunnels is another mechanism
• DICOMweb can leverage HTTPS (TLS based)
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 9
9. DICOM in Transit
DICOM
DICOM
Who are the actors in transmission?
• The modality, who sends the image
• The archive, who receives the image
• Anyone pretending to be these actors
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 10
10. Node Identity
DICOM
DICOM
• DICOM-TLS certificates specifies
identifying information about the
owner
• Verification of certificates are done
against a signing authority
• AE titles are a less secure alternative
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 11
11. User Authentication
DICOM
DICOM
Who can retrieve images?
• Device is validated by DICOM-TLS
• User can retrieve images
• Anyone else using device can, too
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 12
12. User Authentication
DICOM
DICOM
• Defined in PS3.15 B.4-7
• Authentication of users can occur via
• Mutual TLS authentication (each side presents certificates)
• Authentication during association negotiation (SAML,
Kerberos, etc)
• Authenticating users at the application level and
making trusted calls to the imaging backend is an
alternative approach
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 13
13. Auditing
• Described in PS 3.15 Part A.5
• User should be known
• Events for authentication, query,
access, transfer, import/export, and
deletion
• This is used in the IHE ITI ATNA profile
with Radiology option
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 14
14. DICOM at Rest
DICOM
DICOM
Who ensures the images are genuine as
the modality provides them?
• The archive accomplishes this task
• Anyone else who can manipulate the
archive
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 15
15. Digital Signatures
DICOM
DICOM
• DICOM supports digital signatures which provides
integrity check and other features
• Defined in PS3.15 Section C
• Individual fields can also be selectively encrypted
• Disk-level encryption can also be used to maintain
integrity at rest
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 16
16. Media Storage
• Used when DICOM is transmitted via
physical media (CD, DVD, USB key)
• Guarantees confidentiality, integrity,
and media origin
• Defined in PS3.15 section D
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 17
17. Anonymization
• Anonymization profiles exist to
support masking of data for various
purposes
• Clinical trials
• Teaching files
• Defined in PS3.15 section E
• Addresses removal and replacement of
DICOM attributes that may reveal
protected health information
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 18
18. DICOM’s Stance
• DICOM enables a very wide variety of
authentication and access control
policies, but does not mandate them
• DICOMweb shares the same position
through the use of standard internet
technologies
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 19
19. Suggestions
Use DICOM-TLS, and HTTPS for DICOMweb
Use appropriate authentication and
authorization measures
Use appropriate at-rest encryption
mechanisms
Control access via managed environments,
strong identity management, firewalls
Consider security throughout your project
lifecycle, not at the end
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 20
20. Keep It Safe!
DICOM
Questions? Thank you!
DICOM
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 21