Endpoint Security , Healthcare , Industry Specific

The Perils of DICOM: Security Gaps Threaten Patient Data

Sina Yazdanmehr of Aplite Urges Enhanced Data Security Measures in the Cloud Era
Sina Yazdanmehr, senior IT security consultant, Aplite

Digital Imaging and Communications in Medicine or DICOM is a standard protocol used for medical imaging, such as X-rays and magnetic resonance imaging or MRIs. But as a legacy protocol, DICOM lacks proper security measures, and as the healthcare industry modernizes and moves to the cloud, there is a significant risk of patient data exposure, said Sina Yazdanmehr, a senior IT security consultant at Aplite.

See Also: The Security Testing Imperative

While security measures such as access control and TLS encryption exist, they are not mandatory, and their implementation is often skipped, he said.

In this interview with Information Security Media Group at Black Hat Europe 2023, Yazdanmehr also discussed:

  • The risks associated with exposed DICOM data;
  • Using DICOMweb for better access control and implementing firewalls for remote access.
  • His recommendations for healthcare providers to enhance data security.

Yazdanmehr is a penetration tester and information security researcher. Since 2009, he has worked for security firms and CERT, developing a strong expertise in web and mobile applications security. His research about Android fingerprint authentication security and JavaScript deobfuscation has been presented at security conferences.


About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.