HHS Alerts Health Sector on PACS Vulnerability to Hacking
The Department of Health & Human Services has issued a bulletin warning the health sector that Picture Archiving Communication Systems are vulnerable to hackers, creating a risk of exposing millions of patients’ private health information. The alert noted that hospitals, clinics, research institutions and small health care practices use PACS to share patient data and medical images, including ultrasounds and other scans.
A vulnerability has been identified in the PACS that could lead to the exposure of patient data, the HHS’ Health Sector Cybersecurity Coordination Center said in its report. The system’s weaknesses can easily be identified and compromised by hackers over the internet, allowing them unauthorized access to the detriment of patients, HealthITSecurity reported Friday.
The HC3 has identified several unpatched PACS servers that are still visible and has recommended that concerned health entities patch their systems immediately. The HHS’s cyber bureau urged health care organizations to review their inventory, determine if their PACS systems are secure and ensure the government’s guidance is followed.
Vulnerable PACS servers face unnecessary exposure when directly connected to the internet without applying basic security principles, HC3’s report added. It was further stated that 130 health systems involving about 8.5 million case studies representing over 2 million patients are potentially at risk.
The HC3 advised health care institutions to check and validate their PACS connections, ensuring access is limited to authorized users. It also called on concerned institutions to make the needed changes in their cybersecurity posture. A successful cyber attack could expose medical data, including patient names, examination dates, images, physician names, dates of birth, procedure types, procedure locations and social security numbers, it was emphasized.
Meanwhile, the Department of Homeland Security issued a partial list of devices with known vulnerabilities.
Category: Federal Civilian
Tags: Department of Health & Human Services federal civilian hackers Health PACS HealthITSecurity HHS private health information