NIST Proposes PACS Cybersecurity Guidance for Health Providers

The NIST National Cybersecurity Center of Excellence released both proposed guidance to help healthcare delivery organizations secure the picture archiving and communication system (PACS) ecosystem and a project to develop an example solution to build stronger security controls.

Released Monday, the draft guidance, Securing Picture Archiving and Communication System, contains elements to help health organizations create an approach, architecture, and security characteristics for the PACS ecosystem, as well as how-to guidance.

Imaging technologies have undergone significant changes during the last decade and are now easily uploaded into a digital format to be stored or shared. These systems are commonly located in image-intensive areas like the radiology department and often connect to the EHR.

While the ease of accessibility can reduce the amount of time it takes to make a diagnosis, the technology has also expanded the threat landscape. Many providers struggle with controlling, monitoring, and auditing user accounts and identifying abnormal behavior.

Enforcing the least privilege and separation of duties policies for both internal and external users is also a challenge, as well ensuring data integrity as data moves across the network and securing, protecting, and monitoring access without impacting system performance.

The project and guide are designed to identify the users that interact with PACS systems, define interactions between actors and the system, perform a risk assessment, identify applicable mitigating security tools, and create an example solution, officials explained.

Read more at: Health IT Security