Hackers may turn patient PHI into malware in medical image files

Posted on: Wednesday, April 17, 2019 By: KorchekStaff

Hackers could disguise malware as patient protected health information in MRI and CT scan images saved in the digital imaging and communications in medicine file format, Bleeping Computer reports.

Three notes:

1. Markel Picado Ortiz, a software engineer at medical device cybersecurity company Cylera, researched the cybersecurity vulnerability by manipulating a DICOM format design flaw that can modify the preamble, which is the 128-byte section at the beginning of the file.

2. The DICOM files serve as an efficient place to hide malware because they appear inconspicuous to medical staff and are under HIPAA regulation, which adds "an extra degree of risk" when dealing with them, according to the report.

3. Cylera refers to malware-infected DICOM files with patient information as PEDICOM files. These files allow "attackers to effectively turn patient information into malware by embedding fully-functioning executable code into image files used by medical devices such as CT and MRI machines," Mr. Ortiz said in the Bleeping Computer report.

Mr. Ortiz concluded that while adding a malicious component into DICOM files is possible, PEDICOM files cannot be used as sole actors in a healthcare system cyberattack. The files would need to be executed by a third party, which has already accessed the specific health system, to infect HIPAA-protected data or would need to be used as part of a multi-stage malware attack, according to the report

Comments