Draft Cybersecurity Practice Guide--Securing Picture Archiving and Communication System (PACS)

The National Cybersecurity Center of Excellence (NCCoE) has released Draft NIST Special Publication (SP) 1800-24, Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector, for public comment. The comment period ends November 18, 2019.

What is this guide about?

Medical imaging plays an important role in diagnosing and treating patients. The system that that manages medical images is known as the Picture Archiving Communications System (PACS) and is nearly ubiquitous in healthcare environments. PACS fits within a highly complex healthcare delivery organization (HDO) environment that involves interfacing with a range of interconnected systems. This complexity may introduce or expose opportunities that allow for malicious actors to compromise the confidentiality, integrity and availability of the PACS ecosystem.

The NCCoE at NIST analyzed risk factors regarding the PACS ecosystem by using a risk assessment based on the NIST Cybersecurity Framework and other relevant standards. The NCCoE developed an example implementation that demonstrates how HDOs can use standards-based, commercially available cybersecurity technologies to better protect the PACS ecosystem.

The NCCoE’s practice guide NIST SP 1800-24, Securing Picture Archiving Communications System will help HDOs implement current cybersecurity standards and best practices to reduce their cybersecurity risk, while maintaining the performance and usability of PACS.

The public comment period for this document closes on November 18, 2019.  Comments will be made public after review and can be submitted anonymously. See the publication details for document files, the project description, and instructions for submitting comments. We will use your feedback to help shape the final version of this guide.