Press Reports on Unprotected Patient Data

  • Press reports on unprotected patient data

Insufficient protection of patient data has once again been an issue in the press recently: Current data leaks allow unauthorized persons to access DICOM data. As far as we know, JiveX customers are not affected by these data leaks. 

It is our understanding that the reported data leaks are the result of a misconfiguration that cannot be attributed to either PACS or the DICOM standard. According to the available reports, data was retrieved via publicly available web portals without sufficient user authentication and via non-encrypted protocols (http) or open DICOM ports. The leak is thus based on the disregard of common IT standards, such as the use of appropriate firewall technologies or the application of existing authentication options.  
 
With regard to VISUS products, we take extensive technical measures within the scope of the means available to us to ensure the secure operation of JiveX: for example through code reviews, hardening of the source code against unauthorized access and penetration tests by external security firms. However, securing a PACS, if it is available through the public Internet in particular, is the responsibility of the operator. We are happy to support you in the planning and configuration of appropriate solutions. Please contact us! 
 
We also regularly provide information about available updates and security related patches via our newsletter "Technical Release Notes". If you are interested, please register yourself here
 
Do you have any further questions?

We will gladly assist you via e-mail or telephone: +49 234/93693-200