How to protect your DICOM from cyber attacks

DICOM stands for Digital Imaging and Communications in Medicine. It is a standard protocol for managing, storing, and transferring medical images and related data in a digital format. It ensures that medical images and information can be exchanged between different imaging systems and healthcare providers, regardless of the manufacturer or the location of the devices.

DICOM is widely used in the field of radiology and medical imaging. It covers various medical imaging modalities, including X-ray, MRI, CT scans, ultrasound, and nuclear medicine. It ensures that the images and data generated by these modalities are standardized and can be viewed and interpreted by radiologists and other medical professionals.

DICOM files use layered approaches to store data that can not only contain images but also patient information, examination details, the imaging equipment used to capture the image, and the image itself, including its size, orientation, and other relevant metadata. This information is stored in a standardized format that can be interpreted by different software applications and devices, regardless of their manufacturer or origin. This makes it easier for radiologists to interpret and analyze images, as they can access all the necessary information in one place.

Imaging professionals and radiologists use DICOM in several ways. For example, they may use it to:

  • Store and retrieve medical images and related information from a central archive or picture archiving and communication system (PACS)
  • Share medical images and related information with other healthcare providers or facilities
  • Analyze and manipulate medical images using specialized software applications
  • View and interpret medical images on specialized imaging workstations or other devices


DICOM is a critical component of healthcare systems today. It has become an essential tool for medical professionals to enhance the accuracy of diagnosis, plan effective treatments, and improve patient outcomes. It is essential to understand the potential data breaches and cyber attacks that can negatively impact your DICOM and/or the DICOM images used in your healthcare setup. 

Potential Cyber Attacks on DICOM

Like any other digital system, DICOM is vulnerable to a range of data breaches and cyber attacks, some of which are described below:

1. Unauthorized access: 

Unauthorized access can occur due to weak or stolen passwords, unsecured remote access, or unpatched vulnerabilities in the system. Attackers can use this access to steal or modify patient data, install malware or ransomware, or use the system as a launching pad for further attacks.

2. Data interception: 

DICOM data can be intercepted in transit by unauthorized personnel, which can expose sensitive medical images and patient information. This can happen through methods such as eavesdropping on network traffic or exploiting vulnerabilities in the encryption protocols used to protect the data. An example of data interception is a MITM (man-in-the-middle) attack.

3. Man-in-the-middle (MITM) attack: 

In this attack, an attacker intercepts communication between 2 parties and alters or manipulates the data. In the case of DICOM, an attacker can intercept the image data being sent between imaging professionals or radiologists and modify it before forwarding it to the intended recipient. This could lead to misdiagnosis or incorrect treatment.

4. Malware and ransomware attacks: 

Malware and ransomware attacks can infect a DICOM system and cause damage to the software and data. Malware can compromise the system’s security by gaining access to sensitive data, while ransomware can hold the system hostage, until a ransom is paid.

5. Social engineering attacks / Phishing attacks: 

Social engineering attacks can involve phishing emails or phone calls to trick users/employees into giving up their login credentials or other sensitive information. This can lead to unauthorized access to the DICOM system and the potential exposure of sensitive medical data.

6. SQL injection attacks: 

SQL injection attacks exploit vulnerabilities in the software code of the DICOM system to gain unauthorized access to the data stored within. Attackers / Hackers can use these vulnerabilities to steal data, modify records, or cause other damage to the system.

7. Distributed Denial of Service (DDoS) attacks: 

DDoS attacks can overwhelm the DICOM system with a flood of requests, causing it to crash or become inaccessible to legitimate users. This can result in significant disruption of healthcare services and patient care.

8. Insider Threats: 

Insider threats can arise when authorized personnel misuse their privileges to access and misuse patient data, such as selling or leaking confidential information to unauthorized third parties.

9. Password attacks: 

Password attacks are a common type of cyber attack where an attacker tries to guess or brute-force passwords to gain access to a system. If a DICOM system is protected by weak or easily guessable passwords, an attacker can gain unauthorized access to PHI and other sensitive information.

10. Data theft: 

Once an attacker has access to your DICOM, they can steal sensitive patient information such as names, addresses, medical records, and billing information. The attacker can then use this information for financial gain or identity theft.

11. Physical Security Breaches: 

Physical security breaches, such as theft or unauthorized access to DICOM storage devices or physical records, can compromise patient data confidentiality.

Medical and imaging professionals must be aware of these potential data breaches and cyber-attacks and take appropriate measures to prevent them.

How to prevent a data breach in DICOM

To prevent data breaches in DICOM, we recommend you take the following steps:

1. Ensure Secure Access Control: 

Limit the access of DICOM systems to authorized personnel only, implement role-based access control, and enforce strong password policies to prevent unauthorized access.

2. Use Encryption: 

Encrypting DICOM data both in transit and at rest will help ensure that any intercepted data cannot be read without the correct decryption key.

3. Ensure Secure Configuration: 

Ensure that all DICOM systems are configured securely, including the DICOM Servers and that default passwords are changed to strong ones.

4. Regularly update software and hardware: 

Regularly update all software and hardware to ensure that vulnerabilities are addressed and security patches are applied. Outdated software and hardware are more vulnerable to attacks.

5. Conduct User Training / Staff Training: 

Conduct regular security awareness training for staff, including education on phishing attacks and how to identify and report potential security threats.

6. Create an Incident Response Plan: 

Establish an incident response plan in case of a data breach or security incident. The plan should include steps for containment, investigation, and reporting.

7. Limit Data Retention: 

DICOM data should be retained for only as long as necessary. Limiting the amount of data stored in the system reduces the risk of a breach and minimizes the impact of a breach if it occurs.

8. Ensure Regular Monitoring: 

Regularly monitor DICOM system activity and audit logs to detect any unusual activity and investigate any suspicious activity promptly.

9. Conduct regular security audits: 

Conduct regular security audits to ensure that the system is compliant with industry standards and regulations and that any vulnerabilities are identified and addressed.

10.Continuous monitoring of security controls: 

Continuous monitoring can help identify vulnerabilities and potential security threats. This will help you stay ahead of potential security risks and zero day attacks.

11. Use firewalls and intrusion detection systems: 

Firewalls can be used to restrict unauthorized access to DICOM systems. Intrusion detection systems can be used to monitor and detect any suspicious activity within the system.

12. Limit / Disallow access on personal devices: 

DICOM images and data can be stored on local devices, such as laptops or USB drives, which can be lost or stolen. Radiologists may also use mobile devices to access DICOM files and other patient information, but these devices can be vulnerable to attacks if they are not properly secured. Create a security policy that disallows or limits access to DICOM images on personal devices.

13. Vet Third-party DICOM software: 

Radiologists often use third-party DICOM software to view and analyze medical images. If this software is not vetted properly, it can contain vulnerabilities that can be exploited by attackers.

How databrackets can help you secure your DICOM and Radiology / Imaging Infrastructure

With over a decade of industry experience and technical excellence, a dedicated team at databrackets can protect your organization from threats and adapt to your unique requirements. We have supported Radiologists, Imaging professionals, and organizations working in the healthcare industry with a wide variety of customized services.

We offer consulting and hybrid services to help you undergo a thorough Security Risk Assessment and ensure your systems meet the security benchmarks in your industry. Our certified experts have also developed specialized Do-It-Yourself Assessments for organizations with a well-developed in-house IT team. Connect with an Expert, and explore how our services can help your organization. 


Author: Aditi Salhotra, Digital Marketing and Business Development,

Aditi is a Digital Marketing and Business Development Professional at She graduated with honors in Marketing from Sheridan College, Canada. In addition to her current profile, she contributes to Product Development and Content Creation. She is a strong advocate of Good Cyber Hygiene and white hat SEO techniques. She is proud of the company’s mission to safeguard organizations from cyber threats and ensure their business continuity in adverse situations. 

Technical Expert: Srini Kolathur, Director,

The technical information presented in this blog has been carefully reviewed and verified by our Director, Srini Kolathur. Srini is results-driven security and compliance professional with over 20 years of experience supporting, leading, and managing global IT security, compliance, support, and risk assessment in fortune 100 companies. Some of his key areas of focus are SOC 2, ISO 27001, NIST 800-171, NIST 800-53, NIST Cybersecurity Framework,  HIPAA, Security Risk Assessment, CMMC 2.0 among others. He is a CMMC Registered Practitioner (RP), CISSP, CISA, CISM, MBA. He is active in several community groups including Rotary International and TiE.

Related Links:

Security Tech Investments for Top 10 trends in 2023

How to Select a Security Vendor

What is the HIPAA Security rule?

Last Updated on May 22, 2023 By Aditi SalhotraIn cybersecurity