A new NIST Cybersecurity Practice Guide, NIST SP 1800-24, is now available: Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector.
Medical imaging plays an important role in diagnosing and treating patients. The system that that manages medical images is known as the Picture Archiving Communications System (PACS) and is nearly ubiquitous in healthcare environments. PACS fits within a highly complex healthcare delivery organization (HDO) environment that involves interfacing with a range of interconnected systems. This complexity may result in cybersecurity risks that could potentially compromise the confidentiality, integrity, and availability of the PACS ecosystem.
The National Cybersecurity Center of Excellence (NCCoE) at NIST analyzed risk factors regarding the PACS ecosystem by using a risk assessment based on the NIST Cybersecurity Framework and other relevant standards. The NCCoE developed an example implementation that demonstrates how HDOs can use standards-based, commercially available cybersecurity technologies to better protect the PACS ecosystem.
The NCCoE's practice guide NIST SP 1800-24, Securing Picture Archiving and Communication System, will help HDOs implement current cybersecurity standards and best practices to reduce their cybersecurity risk, while maintaining the performance and usability of PACS.
The final practice guide, which in addition to incorporating feedback from the public and other stakeholders, builds on the draft guide by adding remote storage capabilities into the PACS architecture. This effort offers a more comprehensive security solution that more closely mirrors real-world HDO networking environments.