Stories
Slash Boxes
Comments

SoylentNews is people

Bug Allows HIPAA-Protected Malware to Hide Behind Medical Images

posted by chromas on Thursday April 18 2019, @01:28AM   Printer-friendly
from the health dept.

upstart writes:

Submitted via IRC for Bytram

Bug Allows HIPAA-Protected Malware to Hide Behind Medical Images

A bug in a 30-year-old standard used for the exchange and storage of medical images has been uncovered; it allows an adversary to embed fully-functioning executable code into the image files captured by medical devices such as CT and MRI machines.

This results in hybrid files that allow malware binaries to hide behind intact, standards-compliant images that preserve the original patient data – as such, they can be used and shared by clinicians without arousing suspicion.

“By exploiting this design flaw attackers can take advantage of the abundance and centralization of DICOM imagery within healthcare organizations to increase stealth and more easily distribute their malware, setting the stage for potential evasion techniques and multi-stage attacks,” said Markel Picado Ortiz at Cylera Labs, who found the bug, in an analysis this week.

Further, according to Ortiz, by mixing in with protected health information malware can effectively exploit the data’s clinical and regulatory implications to evade detection. Because of stringent privacy regulations in HIPAA regulations, medical device manufacturers and healthcare organizations often configure anti-malware software to ignore medical imagery and files containing protected health information.

Ortiz said that the vulnerability, which he has a proof-of-concept exploit for, exists in DICOM, which is a global and ubiquitous imaging standard within the healthcare industry, originally drafted by National Electrical Manufacturers Association (NEMA). It defines a file format for the representation and storage of medical imagery and a communication protocol for the transmission of imagery over a network.

The DICOM standard is used by the systems that produce imagery, specialized workstations for analyzing scan results, and even phones and tablets used to view diagnostic information.

[...] “DICOM has become ubiquitous within healthcare,” Ortiz said. “The number of systems supporting DICOM is innumerably large. There is no single vendor that can provide a patch and no single action that can be taken to fix the root cause of the issue across all systems using DICOM. Any change to the specification must be carefully considered to preserve interoperability between systems that may be designed to different versions of the specification before software vendors even begin to upgrade their own implementations.”

Original Submission

 
This discussion has been archived. No new comments can be posted.
Bug Allows HIPAA-Protected Malware to Hide Behind Medical Images | Log In/Create an Account | Top | 17 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: -1, Offtopic) by Anonymous Coward on Thursday April 18 2019, @04:18AM

    by Anonymous Coward on Thursday April 18 2019, @04:18AM (#831505)

    DIC

    Starting Score:    0  points
    Moderation   -1  
       Offtopic=1, Total=1
    Extra 'Offtopic' Modifier   0  
    Total Score:   -1