SlideShare a Scribd company logo
THE DICOM 2014 Chengdu Workshop 
August 25, 2014 Chengdu, China 
Keeping It Safe 
Securing DICOM 
Brad Genereaux, Agfa HealthCare 
Product Manager 
Industry Co-Chair, DICOM WG-27, Web Technologies
What is security? 
• Protecting data security (against 
unauthorized access) 
• Protecting data integrity (against 
unauthorized changes) 
• Protecting data loss (against 
unauthorized deletions) 
• Protecting data availability (against 
denial of service)
What are the implications if 
security is compromised? 
• Data corruption and loss 
• Fraud against those victimized 
• Civil penalties (fines and lawsuits) 
• Criminal penalties 
• Serious harm and death
What is NOT security? 
• Changing names of parameters, 
servers or functions to make it harder 
to guess 
• Including dangerous functions in a 
release but not including them in 
documentation
Keeping DICOM Safe 
DICOM 
DICOM 
Simple workflow 
•Modality transmits images to archive 
•Radiologist requests images for reading 
: Out to cause security issues 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 6
DICOM Security Profiles 
• Defined in PS3.15, “Security and 
System Management Profiles” 
• Describes methods to mitigate various 
security concerns 
• Items in red describe solutions that are 
used in the industry but not explicity 
part of the DICOM standard 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 7
DICOM in Transit 
DICOM 
DICOM 
Who sees this image? 
• The modality, who sends the image 
• The archive, who receives the image 
• Anyone on the network between 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 8
DICOM-TLS 
DICOM 
DICOM 
• Transport Level Security encryption (defined 
in PS3.15 Section B.1) 
• Encryption is negotiated as part of TLS 
• Traffic encrypted with public certificate and 
decrypted by private key 
• Network VPN tunnels is another mechanism 
• DICOMweb can leverage HTTPS (TLS based) 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 9
DICOM in Transit 
DICOM 
DICOM 
Who are the actors in transmission? 
• The modality, who sends the image 
• The archive, who receives the image 
• Anyone pretending to be these actors 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 10
Node Identity 
DICOM 
DICOM 
• DICOM-TLS certificates specifies 
identifying information about the 
owner 
• Verification of certificates are done 
against a signing authority 
• AE titles are a less secure alternative 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 11
User Authentication 
DICOM 
DICOM 
Who can retrieve images? 
• Device is validated by DICOM-TLS 
• User can retrieve images 
• Anyone else using device can, too 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 12
User Authentication 
DICOM 
DICOM 
• Defined in PS3.15 B.4-7 
• Authentication of users can occur via 
• Mutual TLS authentication (each side presents certificates) 
• Authentication during association negotiation (SAML, 
Kerberos, etc) 
• Authenticating users at the application level and 
making trusted calls to the imaging backend is an 
alternative approach 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 13
Auditing 
• Described in PS 3.15 Part A.5 
• User should be known 
• Events for authentication, query, 
access, transfer, import/export, and 
deletion 
• This is used in the IHE ITI ATNA profile 
with Radiology option 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 14
DICOM at Rest 
DICOM 
DICOM 
Who ensures the images are genuine as 
the modality provides them? 
• The archive accomplishes this task 
• Anyone else who can manipulate the 
archive 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 15
Digital Signatures 
DICOM 
DICOM 
• DICOM supports digital signatures which provides 
integrity check and other features 
• Defined in PS3.15 Section C 
• Individual fields can also be selectively encrypted 
• Disk-level encryption can also be used to maintain 
integrity at rest 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 16
Media Storage 
• Used when DICOM is transmitted via 
physical media (CD, DVD, USB key) 
• Guarantees confidentiality, integrity, 
and media origin 
• Defined in PS3.15 section D 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 17
Anonymization 
• Anonymization profiles exist to 
support masking of data for various 
purposes 
• Clinical trials 
• Teaching files 
• Defined in PS3.15 section E 
• Addresses removal and replacement of 
DICOM attributes that may reveal 
protected health information 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 18
DICOM’s Stance 
• DICOM enables a very wide variety of 
authentication and access control 
policies, but does not mandate them 
• DICOMweb shares the same position 
through the use of standard internet 
technologies 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 19
Suggestions 
 Use DICOM-TLS, and HTTPS for DICOMweb 
 Use appropriate authentication and 
authorization measures 
 Use appropriate at-rest encryption 
mechanisms 
 Control access via managed environments, 
strong identity management, firewalls 
 Consider security throughout your project 
lifecycle, not at the end 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 20
Keep It Safe! 
DICOM 
Questions? Thank you! 
DICOM 
August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 21

More Related Content

Viewers also liked

DICOM Structure Basics
DICOM Structure BasicsDICOM Structure Basics
DICOM Structure Basics
Gunjan Patel
 
Picture Archiving and Communication System (PACS)
Picture Archiving and Communication System (PACS)Picture Archiving and Communication System (PACS)
Picture Archiving and Communication System (PACS)
Shweta Tripathi
 
Dicom
DicomDicom
Introduction to digital radiography and pacs
Introduction to digital radiography and pacsIntroduction to digital radiography and pacs
Introduction to digital radiography and pacsRad Tech
 
Dicom-masterclass_091214
Dicom-masterclass_091214Dicom-masterclass_091214
Dicom-masterclass_091214
Piet Hein Zwaal
 
DICOMweb (STOW, WADO, QIDO): Potential and implemntation sample
DICOMweb (STOW, WADO, QIDO): Potential and implemntation sampleDICOMweb (STOW, WADO, QIDO): Potential and implemntation sample
DICOMweb (STOW, WADO, QIDO): Potential and implemntation sample
IRT b-com
 
Mathematics, Statistics and Medical Informatics
Mathematics, Statistics and Medical InformaticsMathematics, Statistics and Medical Informatics
Mathematics, Statistics and Medical Informatics
Asli Yazagan
 
Medical Informatics
Medical InformaticsMedical Informatics
Medical Informatics
Suraj Honakamble
 
Medical Physics 102 - Clinical Leadership - Prado
Medical Physics 102 - Clinical Leadership - PradoMedical Physics 102 - Clinical Leadership - Prado
Medical Physics 102 - Clinical Leadership - PradoKarl Prado
 
It health applications
It health applicationsIt health applications
It health applications
Sharon Manmothe
 
PACS from MedPac Systems
PACS  from  MedPac SystemsPACS  from  MedPac Systems
PACS from MedPac Systems
Sastradhar Punuru
 
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...Xiaoming Zeng
 
Cpoe Timeline
Cpoe TimelineCpoe Timeline
Cpoe Timeline
Jeffery Belden
 
Regenstrief Gopher CPOE 2013: Advances in CDS and Provider Collaboration
Regenstrief Gopher CPOE 2013: Advances in CDS and Provider CollaborationRegenstrief Gopher CPOE 2013: Advances in CDS and Provider Collaboration
Regenstrief Gopher CPOE 2013: Advances in CDS and Provider Collaboration
Jon Duke, MD, MS
 
Integrating CPOE Orders - A Guide to Moving Mountains
Integrating CPOE Orders - A Guide to Moving MountainsIntegrating CPOE Orders - A Guide to Moving Mountains
Integrating CPOE Orders - A Guide to Moving Mountains
Boston Software Systems
 
Presentacionris pacs-dicom-v4-120906201823-phpapp01
Presentacionris pacs-dicom-v4-120906201823-phpapp01Presentacionris pacs-dicom-v4-120906201823-phpapp01
Presentacionris pacs-dicom-v4-120906201823-phpapp01
Brisa Roldan
 
Cloud PACS Introductions and Benefits
Cloud PACS Introductions and BenefitsCloud PACS Introductions and Benefits
Cloud PACS Introductions and Benefits
Mahmoud Bakhtvar
 
Picture Archiving and Communication Systems (PACS) – A New Paradigm in Health...
Picture Archiving and Communication Systems (PACS) – A New Paradigm in Health...Picture Archiving and Communication Systems (PACS) – A New Paradigm in Health...
Picture Archiving and Communication Systems (PACS) – A New Paradigm in Health...
Apollo Hospitals
 
Benefits Of EHR/CPOE
Benefits Of EHR/CPOEBenefits Of EHR/CPOE
Benefits Of EHR/CPOE
guestd4bbab
 

Viewers also liked (20)

DICOM Structure Basics
DICOM Structure BasicsDICOM Structure Basics
DICOM Structure Basics
 
Picture Archiving and Communication System (PACS)
Picture Archiving and Communication System (PACS)Picture Archiving and Communication System (PACS)
Picture Archiving and Communication System (PACS)
 
Dicom
DicomDicom
Dicom
 
Introduction to digital radiography and pacs
Introduction to digital radiography and pacsIntroduction to digital radiography and pacs
Introduction to digital radiography and pacs
 
Presentatie dicom
Presentatie dicomPresentatie dicom
Presentatie dicom
 
Dicom-masterclass_091214
Dicom-masterclass_091214Dicom-masterclass_091214
Dicom-masterclass_091214
 
DICOMweb (STOW, WADO, QIDO): Potential and implemntation sample
DICOMweb (STOW, WADO, QIDO): Potential and implemntation sampleDICOMweb (STOW, WADO, QIDO): Potential and implemntation sample
DICOMweb (STOW, WADO, QIDO): Potential and implemntation sample
 
Mathematics, Statistics and Medical Informatics
Mathematics, Statistics and Medical InformaticsMathematics, Statistics and Medical Informatics
Mathematics, Statistics and Medical Informatics
 
Medical Informatics
Medical InformaticsMedical Informatics
Medical Informatics
 
Medical Physics 102 - Clinical Leadership - Prado
Medical Physics 102 - Clinical Leadership - PradoMedical Physics 102 - Clinical Leadership - Prado
Medical Physics 102 - Clinical Leadership - Prado
 
It health applications
It health applicationsIt health applications
It health applications
 
PACS from MedPac Systems
PACS  from  MedPac SystemsPACS  from  MedPac Systems
PACS from MedPac Systems
 
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...
 
Cpoe Timeline
Cpoe TimelineCpoe Timeline
Cpoe Timeline
 
Regenstrief Gopher CPOE 2013: Advances in CDS and Provider Collaboration
Regenstrief Gopher CPOE 2013: Advances in CDS and Provider CollaborationRegenstrief Gopher CPOE 2013: Advances in CDS and Provider Collaboration
Regenstrief Gopher CPOE 2013: Advances in CDS and Provider Collaboration
 
Integrating CPOE Orders - A Guide to Moving Mountains
Integrating CPOE Orders - A Guide to Moving MountainsIntegrating CPOE Orders - A Guide to Moving Mountains
Integrating CPOE Orders - A Guide to Moving Mountains
 
Presentacionris pacs-dicom-v4-120906201823-phpapp01
Presentacionris pacs-dicom-v4-120906201823-phpapp01Presentacionris pacs-dicom-v4-120906201823-phpapp01
Presentacionris pacs-dicom-v4-120906201823-phpapp01
 
Cloud PACS Introductions and Benefits
Cloud PACS Introductions and BenefitsCloud PACS Introductions and Benefits
Cloud PACS Introductions and Benefits
 
Picture Archiving and Communication Systems (PACS) – A New Paradigm in Health...
Picture Archiving and Communication Systems (PACS) – A New Paradigm in Health...Picture Archiving and Communication Systems (PACS) – A New Paradigm in Health...
Picture Archiving and Communication Systems (PACS) – A New Paradigm in Health...
 
Benefits Of EHR/CPOE
Benefits Of EHR/CPOEBenefits Of EHR/CPOE
Benefits Of EHR/CPOE
 

Similar to Keeping it safe: Securing DICOM

PCI Compliance in Cloud
PCI Compliance in CloudPCI Compliance in Cloud
PCI Compliance in Cloud
ControlCase
 
PCI Compliance in Cloud
PCI Compliance in CloudPCI Compliance in Cloud
PCI Compliance in Cloud
ControlCase
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
ControlCase
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
Kimberly Simon MBA
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
Kimberly Simon MBA
 
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingSecurity Fundamentals and Threat Modelling
Security Fundamentals and Threat Modelling
Knoldus Inc.
 
PCI-DSS Compliance in the Cloud
PCI-DSS Compliance in the CloudPCI-DSS Compliance in the Cloud
PCI-DSS Compliance in the Cloud
ControlCase
 
3 d secure password
3 d secure password3 d secure password
3 d secure password
Jai Chaudhary
 
Secued Cloud
 Secued  Cloud Secued  Cloud
Secued Cloud
Devyani Vaidya
 
Cloudera training secure your cloudera cluster 7.10.18
Cloudera training secure your cloudera cluster 7.10.18Cloudera training secure your cloudera cluster 7.10.18
Cloudera training secure your cloudera cluster 7.10.18
Cloudera, Inc.
 
Cloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itCloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving it
Hentsū
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_designNCC Group
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
KBIZEAU
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
Precisely
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...
Ulf Mattsson
 
secued cloud
 secued cloud secued cloud
secued cloud
Devyani Vaidya
 
Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public Cloud
RightScale
 
Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...
CMG - The Digital Transformation Association
 
Seguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloudSeguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloud
Nextel S.A.
 
ShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdfShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdf
Steven Carlson
 

Similar to Keeping it safe: Securing DICOM (20)

PCI Compliance in Cloud
PCI Compliance in CloudPCI Compliance in Cloud
PCI Compliance in Cloud
 
PCI Compliance in Cloud
PCI Compliance in CloudPCI Compliance in Cloud
PCI Compliance in Cloud
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
 
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingSecurity Fundamentals and Threat Modelling
Security Fundamentals and Threat Modelling
 
PCI-DSS Compliance in the Cloud
PCI-DSS Compliance in the CloudPCI-DSS Compliance in the Cloud
PCI-DSS Compliance in the Cloud
 
3 d secure password
3 d secure password3 d secure password
3 d secure password
 
Secued Cloud
 Secued  Cloud Secued  Cloud
Secued Cloud
 
Cloudera training secure your cloudera cluster 7.10.18
Cloudera training secure your cloudera cluster 7.10.18Cloudera training secure your cloudera cluster 7.10.18
Cloudera training secure your cloudera cluster 7.10.18
 
Cloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itCloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving it
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...
 
secued cloud
 secued cloud secued cloud
secued cloud
 
Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public Cloud
 
Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...
 
Seguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloudSeguridad: sembrando confianza en el cloud
Seguridad: sembrando confianza en el cloud
 
ShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdfShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdf
 

Recently uploaded

定制(wsu毕业证书)美国华盛顿州立大学毕业证学位证书实拍图原版一模一样
定制(wsu毕业证书)美国华盛顿州立大学毕业证学位证书实拍图原版一模一样定制(wsu毕业证书)美国华盛顿州立大学毕业证学位证书实拍图原版一模一样
定制(wsu毕业证书)美国华盛顿州立大学毕业证学位证书实拍图原版一模一样
khvdq584
 
India Diagnostic Labs Market: Dynamics, Key Players, and Industry Projections...
India Diagnostic Labs Market: Dynamics, Key Players, and Industry Projections...India Diagnostic Labs Market: Dynamics, Key Players, and Industry Projections...
India Diagnostic Labs Market: Dynamics, Key Players, and Industry Projections...
Kumar Satyam
 
POLYCYSTIC OVARIAN SYNDROME (PCOS)......
POLYCYSTIC OVARIAN SYNDROME (PCOS)......POLYCYSTIC OVARIAN SYNDROME (PCOS)......
POLYCYSTIC OVARIAN SYNDROME (PCOS)......
Ameena Kadar
 
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
rajkumar669520
 
Artificial Intelligence to Optimize Cardiovascular Therapy
Artificial Intelligence to Optimize Cardiovascular TherapyArtificial Intelligence to Optimize Cardiovascular Therapy
Artificial Intelligence to Optimize Cardiovascular Therapy
Iris Thiele Isip-Tan
 
Tips for Pet Care in winters How to take care of pets.
Tips for Pet Care in winters How to take care of pets.Tips for Pet Care in winters How to take care of pets.
Tips for Pet Care in winters How to take care of pets.
Dinesh Chauhan
 
10 Ideas for Enhancing Your Meeting Experience
10 Ideas for Enhancing Your Meeting Experience10 Ideas for Enhancing Your Meeting Experience
10 Ideas for Enhancing Your Meeting Experience
ranishasharma67
 
The Importance of Community Nursing Care.pdf
The Importance of Community Nursing Care.pdfThe Importance of Community Nursing Care.pdf
The Importance of Community Nursing Care.pdf
AD Healthcare
 
Navigating Healthcare with Telemedicine
Navigating Healthcare with  TelemedicineNavigating Healthcare with  Telemedicine
Navigating Healthcare with Telemedicine
Iris Thiele Isip-Tan
 
Myopia Management & Control Strategies.pptx
Myopia Management & Control Strategies.pptxMyopia Management & Control Strategies.pptx
Myopia Management & Control Strategies.pptx
RitonDeb1
 
LGBTQ+ Adults: Unique Opportunities and Inclusive Approaches to Care
LGBTQ+ Adults: Unique Opportunities and Inclusive Approaches to CareLGBTQ+ Adults: Unique Opportunities and Inclusive Approaches to Care
LGBTQ+ Adults: Unique Opportunities and Inclusive Approaches to Care
VITASAuthor
 
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdf
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdfCHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdf
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdf
Sachin Sharma
 
Jaipur ❤cALL gIRLS 89O1183002 ❤ℂall Girls IN JaiPuR ESCORT SERVICE
Jaipur ❤cALL gIRLS 89O1183002 ❤ℂall Girls IN JaiPuR ESCORT SERVICEJaipur ❤cALL gIRLS 89O1183002 ❤ℂall Girls IN JaiPuR ESCORT SERVICE
Jaipur ❤cALL gIRLS 89O1183002 ❤ℂall Girls IN JaiPuR ESCORT SERVICE
ranishasharma67
 
Medical Technology Tackles New Health Care Demand - Research Report - March 2...
Medical Technology Tackles New Health Care Demand - Research Report - March 2...Medical Technology Tackles New Health Care Demand - Research Report - March 2...
Medical Technology Tackles New Health Care Demand - Research Report - March 2...
pchutichetpong
 
ABDOMINAL COMPARTMENT SYSNDROME
ABDOMINAL COMPARTMENT SYSNDROMEABDOMINAL COMPARTMENT SYSNDROME
ABDOMINAL COMPARTMENT SYSNDROME
Rommel Luis III Israel
 
CONSTRUCTION OF TEST IN MANAGEMENT .docx
CONSTRUCTION OF TEST IN MANAGEMENT .docxCONSTRUCTION OF TEST IN MANAGEMENT .docx
CONSTRUCTION OF TEST IN MANAGEMENT .docx
PGIMS Rohtak
 
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
ranishasharma67
 
Child Welfare Clinic and Well baby clinicin Sri Lanka.ppsx
Child Welfare Clinic and Well baby clinicin Sri Lanka.ppsxChild Welfare Clinic and Well baby clinicin Sri Lanka.ppsx
Child Welfare Clinic and Well baby clinicin Sri Lanka.ppsx
Sankalpa Gunathilaka
 
Health Education on prevention of hypertension
Health Education on prevention of hypertensionHealth Education on prevention of hypertension
Health Education on prevention of hypertension
Radhika kulvi
 
Trauma Outpatient Center .
Trauma Outpatient Center                       .Trauma Outpatient Center                       .
Trauma Outpatient Center .
TraumaOutpatientCent
 

Recently uploaded (20)

定制(wsu毕业证书)美国华盛顿州立大学毕业证学位证书实拍图原版一模一样
定制(wsu毕业证书)美国华盛顿州立大学毕业证学位证书实拍图原版一模一样定制(wsu毕业证书)美国华盛顿州立大学毕业证学位证书实拍图原版一模一样
定制(wsu毕业证书)美国华盛顿州立大学毕业证学位证书实拍图原版一模一样
 
India Diagnostic Labs Market: Dynamics, Key Players, and Industry Projections...
India Diagnostic Labs Market: Dynamics, Key Players, and Industry Projections...India Diagnostic Labs Market: Dynamics, Key Players, and Industry Projections...
India Diagnostic Labs Market: Dynamics, Key Players, and Industry Projections...
 
POLYCYSTIC OVARIAN SYNDROME (PCOS)......
POLYCYSTIC OVARIAN SYNDROME (PCOS)......POLYCYSTIC OVARIAN SYNDROME (PCOS)......
POLYCYSTIC OVARIAN SYNDROME (PCOS)......
 
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
 
Artificial Intelligence to Optimize Cardiovascular Therapy
Artificial Intelligence to Optimize Cardiovascular TherapyArtificial Intelligence to Optimize Cardiovascular Therapy
Artificial Intelligence to Optimize Cardiovascular Therapy
 
Tips for Pet Care in winters How to take care of pets.
Tips for Pet Care in winters How to take care of pets.Tips for Pet Care in winters How to take care of pets.
Tips for Pet Care in winters How to take care of pets.
 
10 Ideas for Enhancing Your Meeting Experience
10 Ideas for Enhancing Your Meeting Experience10 Ideas for Enhancing Your Meeting Experience
10 Ideas for Enhancing Your Meeting Experience
 
The Importance of Community Nursing Care.pdf
The Importance of Community Nursing Care.pdfThe Importance of Community Nursing Care.pdf
The Importance of Community Nursing Care.pdf
 
Navigating Healthcare with Telemedicine
Navigating Healthcare with  TelemedicineNavigating Healthcare with  Telemedicine
Navigating Healthcare with Telemedicine
 
Myopia Management & Control Strategies.pptx
Myopia Management & Control Strategies.pptxMyopia Management & Control Strategies.pptx
Myopia Management & Control Strategies.pptx
 
LGBTQ+ Adults: Unique Opportunities and Inclusive Approaches to Care
LGBTQ+ Adults: Unique Opportunities and Inclusive Approaches to CareLGBTQ+ Adults: Unique Opportunities and Inclusive Approaches to Care
LGBTQ+ Adults: Unique Opportunities and Inclusive Approaches to Care
 
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdf
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdfCHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdf
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdf
 
Jaipur ❤cALL gIRLS 89O1183002 ❤ℂall Girls IN JaiPuR ESCORT SERVICE
Jaipur ❤cALL gIRLS 89O1183002 ❤ℂall Girls IN JaiPuR ESCORT SERVICEJaipur ❤cALL gIRLS 89O1183002 ❤ℂall Girls IN JaiPuR ESCORT SERVICE
Jaipur ❤cALL gIRLS 89O1183002 ❤ℂall Girls IN JaiPuR ESCORT SERVICE
 
Medical Technology Tackles New Health Care Demand - Research Report - March 2...
Medical Technology Tackles New Health Care Demand - Research Report - March 2...Medical Technology Tackles New Health Care Demand - Research Report - March 2...
Medical Technology Tackles New Health Care Demand - Research Report - March 2...
 
ABDOMINAL COMPARTMENT SYSNDROME
ABDOMINAL COMPARTMENT SYSNDROMEABDOMINAL COMPARTMENT SYSNDROME
ABDOMINAL COMPARTMENT SYSNDROME
 
CONSTRUCTION OF TEST IN MANAGEMENT .docx
CONSTRUCTION OF TEST IN MANAGEMENT .docxCONSTRUCTION OF TEST IN MANAGEMENT .docx
CONSTRUCTION OF TEST IN MANAGEMENT .docx
 
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
 
Child Welfare Clinic and Well baby clinicin Sri Lanka.ppsx
Child Welfare Clinic and Well baby clinicin Sri Lanka.ppsxChild Welfare Clinic and Well baby clinicin Sri Lanka.ppsx
Child Welfare Clinic and Well baby clinicin Sri Lanka.ppsx
 
Health Education on prevention of hypertension
Health Education on prevention of hypertensionHealth Education on prevention of hypertension
Health Education on prevention of hypertension
 
Trauma Outpatient Center .
Trauma Outpatient Center                       .Trauma Outpatient Center                       .
Trauma Outpatient Center .
 

Keeping it safe: Securing DICOM

  • 1. THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Securing DICOM Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM WG-27, Web Technologies
  • 2. What is security? • Protecting data security (against unauthorized access) • Protecting data integrity (against unauthorized changes) • Protecting data loss (against unauthorized deletions) • Protecting data availability (against denial of service)
  • 3. What are the implications if security is compromised? • Data corruption and loss • Fraud against those victimized • Civil penalties (fines and lawsuits) • Criminal penalties • Serious harm and death
  • 4. What is NOT security? • Changing names of parameters, servers or functions to make it harder to guess • Including dangerous functions in a release but not including them in documentation
  • 5. Keeping DICOM Safe DICOM DICOM Simple workflow •Modality transmits images to archive •Radiologist requests images for reading : Out to cause security issues August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 6
  • 6. DICOM Security Profiles • Defined in PS3.15, “Security and System Management Profiles” • Describes methods to mitigate various security concerns • Items in red describe solutions that are used in the industry but not explicity part of the DICOM standard August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 7
  • 7. DICOM in Transit DICOM DICOM Who sees this image? • The modality, who sends the image • The archive, who receives the image • Anyone on the network between August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 8
  • 8. DICOM-TLS DICOM DICOM • Transport Level Security encryption (defined in PS3.15 Section B.1) • Encryption is negotiated as part of TLS • Traffic encrypted with public certificate and decrypted by private key • Network VPN tunnels is another mechanism • DICOMweb can leverage HTTPS (TLS based) August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 9
  • 9. DICOM in Transit DICOM DICOM Who are the actors in transmission? • The modality, who sends the image • The archive, who receives the image • Anyone pretending to be these actors August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 10
  • 10. Node Identity DICOM DICOM • DICOM-TLS certificates specifies identifying information about the owner • Verification of certificates are done against a signing authority • AE titles are a less secure alternative August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 11
  • 11. User Authentication DICOM DICOM Who can retrieve images? • Device is validated by DICOM-TLS • User can retrieve images • Anyone else using device can, too August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 12
  • 12. User Authentication DICOM DICOM • Defined in PS3.15 B.4-7 • Authentication of users can occur via • Mutual TLS authentication (each side presents certificates) • Authentication during association negotiation (SAML, Kerberos, etc) • Authenticating users at the application level and making trusted calls to the imaging backend is an alternative approach August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 13
  • 13. Auditing • Described in PS 3.15 Part A.5 • User should be known • Events for authentication, query, access, transfer, import/export, and deletion • This is used in the IHE ITI ATNA profile with Radiology option August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 14
  • 14. DICOM at Rest DICOM DICOM Who ensures the images are genuine as the modality provides them? • The archive accomplishes this task • Anyone else who can manipulate the archive August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 15
  • 15. Digital Signatures DICOM DICOM • DICOM supports digital signatures which provides integrity check and other features • Defined in PS3.15 Section C • Individual fields can also be selectively encrypted • Disk-level encryption can also be used to maintain integrity at rest August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 16
  • 16. Media Storage • Used when DICOM is transmitted via physical media (CD, DVD, USB key) • Guarantees confidentiality, integrity, and media origin • Defined in PS3.15 section D August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 17
  • 17. Anonymization • Anonymization profiles exist to support masking of data for various purposes • Clinical trials • Teaching files • Defined in PS3.15 section E • Addresses removal and replacement of DICOM attributes that may reveal protected health information August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 18
  • 18. DICOM’s Stance • DICOM enables a very wide variety of authentication and access control policies, but does not mandate them • DICOMweb shares the same position through the use of standard internet technologies August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 19
  • 19. Suggestions  Use DICOM-TLS, and HTTPS for DICOMweb  Use appropriate authentication and authorization measures  Use appropriate at-rest encryption mechanisms  Control access via managed environments, strong identity management, firewalls  Consider security throughout your project lifecycle, not at the end August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 20
  • 20. Keep It Safe! DICOM Questions? Thank you! DICOM August 2014, THE DICOM 2014 Chengdu Workshop Keeping It Safe – Brad Genereaux 21