Is the Healthcare IT industry ready for PACS: Prompt Action for CyberSecurity


As digital dependency across a myriad of healthcare domains has augmented in an unprecedented way, concerns about digital security have also risen enormously. These cybersecurity breaches encompass the infiltration of computer viruses, ransomware assaults, and the unauthorised exposure of patient data. Especially, the pace at which the medical imaging industry is evolving with new-age technologies and the demand for PACS (Picture Archiving and Communication Systems) is increasing has placed this industry at a vulnerable spot for cybersecurity breaches with the vast number of electronic records and data at high stakes. Besides healthcare, the implementation of PACS can also prove beneficial in the defence sectors by integrating security and risk management to increase the efficiency of the system.

With the significant upsurge in patient data size, it is paramount for healthcare organisations to combat unprecedented challenges like data security and privacy. And, that is where cutting-edge technologies are aiding the secured ecosystem for the PACS systems. It can be defined as a state-of-the-art medical imaging and information management system used for archiving and distributing vast amounts of image information from all modalities through a single system.

Some PACS systems are known for their advanced use of cutting-edge technologies such as the latest Wavelet compression technology that is mainly utilised for on-demand compression and access of large files quickly and easily regardless of location. In radiology, imaging data is the most critical element with regard to data security, long-term archival, and access in the cloud ecosystem. State-of-the-art technologies like Synapse PACS, VNA (Vendor Neutral Archive) adoption, Mobility, 3D and RIS (Radiology Information System) are ensuring adequate archiving and security of imaging data for any healthcare facility regardless of size. These offerings from next-generation PACS have revolutionised medical imaging services with top-notch quality images but need ultimate protection from the threats wavering around all the corners of the digital ecosystem through the specifically tailored array of security measures for PACS and medical imaging networks.

Increasing PACS share in the Indian market

In India, the PACS market has witnessed substantial expansion, driven by key factors such as the widespread adoption of digital medical imaging, the escalating burden of chronic diseases, and the government’s steadfast commitment to improving healthcare infrastructure. Several market research reports have shed light on the consistent growth of the PACS industry in India, with an annual growth rate of approximately 11.6 per cent. The market size, valued at around USD 112.5 million in 2019, is expected to reach USD 250 million by 2025. These figures serve as a testament to the increasing demand for advanced diagnostic tools, the pressing need for streamlined healthcare operations, and the growing awareness among healthcare providers regarding the benefits of PACS.

Similarly, on a global scale, the PACS market has experienced noteworthy expansion. In 2020, the global market size was valued at USD 2.83 billion, and it is anticipated to reach approximately USD 5 billion by 2027, with an impressive compound annual growth rate (CAGR) of approximately 6.8 per cent. The industry’s progress can be attributed to significant technological advancements in PACS solutions like cloud-based PACS systems, the integration of Artificial Intelligence (AI) for image analysis, and the availability of mobile applications. By revolutionising accessibility, efficiency, and accuracy in medical imaging, these developments have not only elevated the standard of patient care but have also reduced costs and accelerated the speed of diagnosis and treatment. Some of the eminent players like FUJIFILM India are encompassing their latest advent of PACS in the Indian healthcare system.

Solutions to safeguard PACS

To escape the menace of cybersecurity failures, it is imperative for all PACS providers and users to maintain several aspects of physical security as well. Basic precautions such as maintaining locked rooms during periods of non-use and guaranteeing that unsupervised areas lack network ports can effectively thwart unauthorised entry. Besides, there are six major challenges that are concerning PACS providers and users. However, PACS systems like Synapse offer a solid solution to these challenges. From scalability, security, and end-user support to demand anywhere access, IT deployments, and updates, this system is adept at tackling all problems. But when it comes to fortifying PACS and medical imaging networks through all corners of the cyber web, there are multitudes of factors that need to be considered efficiently for a robust and secured digital ecosystem.

  1. Network architecture: Among one of the most crucial factors, network architecture acts as an indispensable facet in safeguarding it. By configuring network switches in a way that permits connections exclusively from known addresses, the likelihood of unauthorised access reduces significantly. Furthermore, establishing and subjecting a secure wireless network configuration to regular scrutiny and updates further bolsters network security. By segmenting the network into distinct sections and deploying firewalls in between, the potential fallout of breaches can be effectively curtailed.

2. Malware and virus detectors: The use of malware and virus scanners is paramount in healthcare IT security. It consists of employing antimalware and anti-spam software to detect and eliminate malicious software on various components, including medical devices and IT equipment. Medical technology developers always emphasize the importance of virus protection mechanisms to counter known threats while ensuring the uninterrupted functionality of imaging devices. However, caution must be exercised when installing virus scanners on medical devices due to potential risks, such as delays or false alarms.

For that, the responsibility lies with the device vendor to evaluate the risks associated with implementing a specific malware scanner and provide guidance to users. While virus scanners are standard in IT systems like Radiology Information Systems, their adoption remains relatively uncommon in high-risk devices such as imaging modalities. Users, typically hospitals, must protect devices that do not permit virus scanners by implementing alternative measures, such as network isolation and disabling the retrieval of compressed DICOM files. All medical images are acquired in a digital format specific to medical imaging, called the DICOM standard.

These files need their own form of electronic storage from which they can be retrieved and viewed. It is the user organisation’s responsibility to keep the device updated with security patches unless delegated to the device vendor. Hospitals should establish contractual obligations with vendors for timely system updates, particularly for modules processing external information. Balancing the need for prompt security updates and the slow process of medical device certification poses an inherent conflict.

3. Constant software and operating system updates: Cogent cybersecurity can be attained via regular software patches and updates which further prevent the exploitation of known vulnerabilities and thereby, ensure the detection of attacks using established methods. In the context of smart hospitals, this applies not only to networked medical devices and clinical networked information systems but also extends to firewalls, antivirus software, and other software-based security measures.

In the past, there was a lag in providing updates to the software and maintenance of operating systems for devices like acquisition modalities as it required substantial and constant effort from vendors to maintain device certification after each update, particularly high-cost acquisition modalities such as computed tomography (CT) or magnetic resonance imaging (MRI) scanners.

Though they remain in operation for extended periods, the updates and maintenance support for any specific versions of their systems remained side-lined. This increased the risks associated with cybersecurity with its continued use, as newly discovered vulnerabilities will remain unaddressed. The scenario has flipped 180 degrees now and does not pose a major challenge because modality vendors provide the users with long-term security updates and if needed updates the outdated operating systems as well.

4. Encryption: The most important tool for PACS is encryption, which is widely utilised in hospitals to protect critical and sensitive data. Effective encryption can ensure data integrity, confidentiality, and authenticity which is highly essential for any PACS provider and user. Doing so will require robust encryption algorithms, strong keys, and the use of advanced security protocols like Transport Layer Security (TLS) for secure communication.

TLS is used to establish a secure network environment that prevents unauthorised access, safeguards network traffic, and ensures the integrity of transmitted data. During the transmission of protected health information, data encryption plays a pivotal role as it helps in safeguarding the information resulting in building more trust in digital management systems.

5. Managing Access Rights: Several studies have revealed that besides malware and virus attacks, breaches and data theft by employees are prominent vulnerabilities in healthcare data security. Therefore, managing access rights has become crucial in mitigating potential damage resulting from negligent breaches or malicious data theft.

Strong user authentication is a fundamental security element in the healthcare IT industry to ensure access rights with a verified identity. Integrating suitable organisational policies, regular staff training, and user authentication enhances PACS system security by creating additional layers of defence, impeding unauthorised access, facilitating audit trails, and enabling enforcement of access rights.

To Summarise

Since healthcare assumes a vital role in a society’s healthy formation, protection against cyber threats becomes imperative. Maintaining up-to-date operating systems and system software, Regular updates, and installation of antivirus software serve as an additional layer of protection that forestall malicious threats to the PACS. Furthermore, regular data backups are indispensable for both data recovery and protection against data loss in the event of security incidents.

Hence, through the comprehensive implementation of these security measures, healthcare organisations (PACS users) can substantially strengthen the safeguarding of patient data and alleviate the perils posed by cybersecurity incidents in PACS and medical imaging networks. This further implies the importance to adopt cybersecurity measures for healthcare organisations and increase investment in it to ensure the integrity, confidentiality, and availability of sensitive healthcare information.

Views expressed by Pankaj Chaudhary – National Business Manager, Healthcare Information Technology Fujifilm India Private Ltd

Follow and connect with us on Facebook, Twitter, LinkedIn, Elets video