NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Securing Picture Archiving and Communication System (PACS) Cybersecurity for the Healthcare Sector

Published

Author(s)

Jennifer L. Cawthra, Sue S. Wang, Bronwyn J. Hodges, Kangmin Zheng, Ryan T. Williams, Jason J. Kuruvilla, Christopher L. Peloquin, Kevin Littlefield, Bob Neimeyer

Abstract

Medical imaging plays an important role in diagnosing and treating patients. The system that manages medical images is known as the picture archiving communication system (PACS) and is nearly ubiquitous in healthcare environments. PACS is defined by the Food and Drug Administration (FDA) as a Class II device that “provides one or more capabilities relating to the acceptance, transfer, display, storage, and digital processing of medical images.” PACS centralizes functions surrounding medical imaging workflows and serves as an authoritative repository of medical image information.
Citation
Special Publication (NIST SP) - 1800-24
Report Number
1800-24
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

DOI Link

Keywords

access control, auditing, authentication, authorization, behavioral analytics, cloud storage, DICOM, EHR, electronic health records, encryption, microsegmentation, multifactor authentication, PACS, PAM, picture archiving and communication system, privileged account management, vendor neutral archive, VNA
Infrastructure, Information technology, Health IT and Cybersecurity and privacy

Citation

Cawthra, J. , Wang, S. , Hodges, B. , Zheng, K. , Williams, R. , Kuruvilla, J. , Peloquin, C. , Littlefield, K. and Neimeyer, B. (2020), Securing Picture Archiving and Communication System (PACS) Cybersecurity for the Healthcare Sector, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.1800-24 (Accessed October 10, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created December 20, 2020, Updated May 4, 2021
Was this page helpful?