Evil DICOM Case Studies: Real-World Incidents and Lessons

Detecting and Preventing Evil DICOM Attacks in PACSExecutive summary

• Evil DICOM refers to maliciously crafted DICOM objects or sequences of DICOM operations used to compromise Picture Archiving and Communication Systems (PACS), imaging modalities, or radiology workflows.
• Primary risks include ransomware/holdout of images, patient data manipulation, diagnostic errors from altered images or metadata, and lateral movement into hospital networks.
• This article explains attack vectors, indicators of compromise (IoCs), detection techniques, and layered prevention controls tailored for PACS and medical imaging environments.

---

Background: DICOM, PACS, and why they matter

DICOM (Digital Imaging and Communications in Medicine) is the standard for storing, transmitting, and handling medical imaging. PACS is the infrastructure — servers, databases, viewers, and workflows — that stores and serves DICOM images across hospitals and clinics. PACS sits at the intersection of clinical decision-making and hospital IT, so any compromise can directly affect patient care and safety.

PACS historically prioritized interoperability and clinical usability over security. Many imaging devices and PACS servers run legacy OSes, use default credentials, and lack modern encryption or segmentation — factors that make them attractive targets. “Evil DICOM” attacks exploit protocol flexibility, parsing ambiguities, weak authentication, and human workflows to achieve persistence, data alteration, or denial of service.

---

Common Evil DICOM attack vectors

• Malformed DICOM files exploiting parser vulnerabilities in viewers or PACS ingestion daemons.
• Manipulated metadata (patient IDs, dates, modality tags) to hide or misattribute studies.
• Embedded scripts or non-standard tags that trigger buggy processing logic.
• Supply‑chain compromise of imaging devices (modality firmware) or PACS software updates.
• Credential theft (default/weak passwords, exposed management interfaces) enabling unauthorized DICOM operations.
• Abuse of DICOM C-STORE/C-FIND/C-MOVE services to exfiltrate, overwrite, or delete studies.
• Lateral movement via connected RIS/HIS/EMR systems to reach PACS.

---

Why detecting Evil DICOM is challenging

• DICOM is highly flexible and extensible; many tags and private elements exist legitimately, making anomalies hard to spot.
• Large volumes of imaging data and high-throughput workflows limit deep inspection.
• Medical devices often cannot be modified for security agents, and logging may be sparse or inconsistent.
• Clinical urgency leads staff to bypass security controls in imaging workflows.

---

Indicators of compromise (IoCs) for PACS and DICOM

• Unexpected spikes in C-STORE or C-MOVE operations outside normal schedules.
• Multiple failed authentication attempts on modality/PACS service accounts.
• Presence of unusual private DICOM tags or non-standard transfer syntaxes.
• Studies with altered patient demographics, impossible timestamps, or mismatched modality types.
• Duplicate SOP Instance UIDs or sudden reassignments of Study/Series UIDs.
• File integrity changes on PACS storage volumes (modified, renamed, encrypted files).
• New listening services or unexpected ports on PACS servers.
• Outbound connections from PACS to unknown external IPs or cloud storage.

---

Detection techniques — practical measures

Network-level monitoring

• Monitor DICOM traffic (TCP 104, 2761, or other configured ports) with flow collectors and IDS/IPS.
• Use protocol-aware network sensors to parse DICOM commands (C-STORE, C-FIND, C-MOVE) and flag anomalies (e.g., large bulk transfers, unusual AETitles).
• Alert on connections to external IPs or atypical timing (nights/weekends).

Logging and SIEM integration

• Centralize logs from PACS, modalities, DICOM gateways, and viewers.
• Normalize DICOM events into SIEM fields: AETitle, SOP Instance UID, PatientID, operation type, source IP.
• Create correlation rules: e.g., bulk C-STORE followed by mass deletions or changes; failed logins + privilege escalation.

File and image integrity checks

• Compute and store cryptographic hashes (SHA-256) of DICOM files after ingestion; re-hash periodically to detect modification or tampering.
• Store original hashes off-system (write-once storage) or in a remote integrity service.
• Use visual hashing (perceptual image hashes) to detect pixel-level changes indicating image tampering.

Content inspection and validation

• Validate required DICOM tags and value profiles against modality and study type (IHE profiles can help).
• Reject or quarantine files with unknown private tags, invalid VRs (Value Representations), or malformed headers.
• Implement sandboxing for suspicious files before ingestion into production viewers.

Behavioral analytics

• Baseline normal PACS activity per modality, department, and schedule; detect deviations like unusual transfer volumes or new AETitles.
• Track study provenance (which modality, technologist, workstation) and alert on unexpected sources.

Endpoint and host monitoring

• Monitor PACS servers for new processes, binary changes, unexpected scheduled tasks, and abnormal CPU/memory usage.
• Use file system auditing to detect mass renames, deletions, or encryption.

User and asset management

• Enforce least privilege for PACS accounts; separate service accounts from user accounts.
• Watch for creation of new high-privilege accounts and sudden changes in account privileges.

---

Prevention — defense in depth for PACS

Network segmentation and isolation

• Segment imaging devices and PACS into a dedicated VLAN with strict ACLs; allow only necessary flows between modalities, PACS, RIS, and viewer workstations.
• Block direct internet access from imaging devices and PACS; permit only explicitly allowed management traffic through jump hosts.

Harden DICOM services

• Change default AETitles and remove or disable unused DICOM services.
• Enforce TLS for DICOM associations where supported (DICOM over TLS).
• Configure PACS to require association authentication and support strong ciphers.

Access control and authentication

• Implement strong, unique passwords and rotate service credentials regularly.
• Use centralized authentication (LDAP/Active Directory) with role-based access controls and MFA for admin access.
• Limit which AETitles and IPs modalities can connect from.

Patch management and device lifecycle

• Maintain an inventory of modalities and software versions; apply vendor security patches promptly.
• For devices that cannot be patched, isolate them and restrict functions to the minimum required.
• Enforce secure procurement practices: require supply-chain security statements and signed updates.

DICOM gateways and validation

• Use a hardened DICOM gateway or broker to normalize, validate, and filter DICOM objects entering the PACS.
• Gateways can enforce tag whitelists/blacklists, strip private tags, validate transfer syntax, and quarantine suspicious studies.

Data integrity and backup

• Implement immutable backups and air-gapped replicas of PACS storage to recover from ransomware or destructive tampering.
• Keep versioned archives of studies and maintain an offsite, read-only evidence store for forensic analysis.

User training and workflows

• Train radiology and IT staff to recognize unusual imaging behavior (missing studies, unexpected demographics) and to follow escalation procedures.
• Implement approval workflows for importing external studies; scan inbound media (CDs/USB) in isolated kiosks.

Application allowlisting and host hardening

• Allowlist processes on PACS servers and viewing workstations.
• Disable unnecessary services, secure SSH/RDP with jump hosts and MFA, and restrict administrative access to a management network.

---

Incident response for Evil DICOM incidents

• Isolate affected PACS segments and modals immediately; preserve volatile artifacts and logs.
• Use read-only copies of impacted studies for clinical continuity while preserving originals for forensics.
• Verify integrity of backups before restoring; restore from pre-compromise immutable backups if available.
• Notify relevant stakeholders: clinical leadership, hospital security, vendor support, and, where required, regulators/patients.
• Conduct a root-cause analysis focusing on ingress vector (malformed file, stolen credentials, compromised device).
• Implement mitigations to prevent re-occurrence (patching, credential resets, network rules).

---

Example detection playbook (concise)

1. Alert: SIEM rule — >100 C-STORE operations from single source within 10 minutes.
2. Triage: Identify source IP, AETitle, Study/Series UIDs; check associated user accounts.
3. Containment: Block source IP/AETitle at firewall or DICOM gateway; isolate affected PACS node.
4. Investigation: Compare file hashes to offsite archive; analyze DICOM tags for anomalies.
5. Recovery: Restore affected studies from immutable backup; validate clinical integrity.
6. Remediation: Rotate credentials, patch affected systems, update SIEM rules.

---

Challenges and trade-offs

• Deep DICOM inspection can add latency to clinical workflows; balance security with uptime and responsiveness.
• Some legacy modalities cannot support encrypted DICOM; compensating controls (segmentation, gateways) are necessary.
• Overzealous filtering risks rejecting valid studies — use quarantines and human review for edge cases.

---

Conclusion

Evil DICOM attacks exploit the trust and flexibility built into medical imaging ecosystems. Mitigations require a layered approach: network controls and segmentation, strong authentication, protocol validation via gateways, integrity checks, centralized logging and behavioral analytics, robust backup practices, and staff training. Combining detection (hashing, SIEM alerts, protocol-aware monitoring) with prevention (isolation, hardening, validation) reduces risk while preserving the clinical availability of imaging systems.

Further reading and standards to consult: DICOM standard security annexes, IHE profiles for imaging workflow, vendor hardening guides, and recommended frameworks like NIST 800-53 / CIS Controls for healthcare.