Let’s start by going back to the February 28, 2020 episode of the Help Me With HIPAA podcast and listen to Images Exposed – Ep 243. This episode was the first time Donna and David talked about images that had been exposed around the world through the internet from PACS systems. These images were available to anyone that wanted to see them. Images including x-rays, MRI scans and more were exposed. In this episode they talk about how the exposure had been going on since September of 2019 and how it wasn’t locked down until February 2020. Well, guess what? Donna and David are talking about it AGAIN in March of 2021? Hello, PACS Images Exposed Part 2 – Ep 294!
Donna came across an article dated Feb 17, 2021, PACS Flaws Put Data at Risk for 18 Months, by Marianne Kolbasuk McGee. The article states that Sutter Buttes Imaging Medical Group, based in Yuba City, CA, reported that in December 2020 they learned that their Picture Archiving and Communications Systems (PACS) system had been vulnerable to hacking from July 2019 to December 2020. Well, we know they don’t listen to the Help Me With HIPAA Podcast!
Most of us assume that our IT department or MSP are handling everything for us, but in reality they may not be. You need to confirm and audit what your IT vendors are doing for you and ask if they are protecting your medical devices specifically. By the way, you should have a complete inventory of these medical devices. Securing medical devices is one of the top 5 threats in cybersecurity from the 405d Health Industry Cybersecurity Practices publication Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP). The second take away from this podcast is to actually do something in a timely manner with the shared information. This started in September 2019, was discovered in February 2020 and is still going on in March of 2021.