Endpoint Security , Healthcare , Industry Specific
The Perils of DICOM: Security Gaps Threaten Patient Data
Sina Yazdanmehr of Aplite Urges Enhanced Data Security Measures in the Cloud EraDigital Imaging and Communications in Medicine or DICOM is a standard protocol used for medical imaging, such as X-rays and magnetic resonance imaging or MRIs. But as a legacy protocol, DICOM lacks proper security measures, and as the healthcare industry modernizes and moves to the cloud, there is a significant risk of patient data exposure, said Sina Yazdanmehr, a senior IT security consultant at Aplite.
See Also: 2024 Threat Landscape: Data Loss is a People Problem
While security measures such as access control and TLS encryption exist, they are not mandatory, and their implementation is often skipped, he said.
In this interview with Information Security Media Group at Black Hat Europe 2023, Yazdanmehr also discussed:
- The risks associated with exposed DICOM data;
- Using DICOMweb for better access control and implementing firewalls for remote access.
- His recommendations for healthcare providers to enhance data security.
Yazdanmehr is a penetration tester and information security researcher. Since 2009, he has worked for security firms and CERT, developing a strong expertise in web and mobile applications security. His research about Android fingerprint authentication security and JavaScript deobfuscation has been presented at security conferences.