Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
CT manufacturers have they all integrate DICOM TLS encryption ?
177 views
Skip to first unread message
Bernard Groupes
May 16, 2013, 12:08:43 PM5/16/13
to
Hi,
I'm working on developing a website radiological Tele-diagnosis. My first question is what about the security between a DICOM node (CT, MRI ..) and a PACS server.
DICOM standard defined TSL (Transmission Layer Security) encrypted.
Radiologists they have the opportunity to encrypt data sent to the PACS DICOM server?
In other words, the CT manufacturers have they all integrate TLS encryption ?
Or is it necessary to implement plateforms to cripted DICOM files ?
Best regards
I'm working on developing a website radiological Tele-diagnosis. My first question is what about the security between a DICOM node (CT, MRI ..) and a PACS server.
DICOM standard defined TSL (Transmission Layer Security) encrypted.
Radiologists they have the opportunity to encrypt data sent to the PACS DICOM server?
In other words, the CT manufacturers have they all integrate TLS encryption ?
Or is it necessary to implement plateforms to cripted DICOM files ?
Best regards
Marco Eichelberg
May 17, 2013, 3:52:34 AM5/17/13
to
Bernard Groupes wrote:
> My first question is what about the security between a DICOM node (CT, MRI ..) and a PACS server.
> DICOM standard defined TSL (Transmission Layer Security) encrypted.
> Radiologists they have the opportunity to encrypt data sent to the PACS DICOM server?
> In other words, the CT manufacturers have they all integrate TLS encryption ?
> Or is it necessary to implement plateforms to cripted DICOM files ?
In general, most imaging systems do NOT support secure DICOM transmission
> My first question is what about the security between a DICOM node (CT, MRI ..) and a PACS server.
> DICOM standard defined TSL (Transmission Layer Security) encrypted.
> Radiologists they have the opportunity to encrypt data sent to the PACS DICOM server?
> In other words, the CT manufacturers have they all integrate TLS encryption ?
> Or is it necessary to implement plateforms to cripted DICOM files ?
(DICOM over TLS), since the additional protocol overheads is deemed unneccessary
within a secured hospital LAN. A hospital that permits "intruders" to listen
on the LAN traffic probably has more urgent problems than encrypting the
transmitted images...
So in general you will need to implement a teleradiology gateways that
receives images locally over non-encrypted DICOM connections, and forwards
them over an encrypted wide-area connection, or vice-versa. Such a gateways
should also support automatic re-transmission if a network connection "breaks"
temporarily, and the reconciliation of Patient IDs (and perhaps some other
DICOM header fields) at the receiving side.
Best regards,
Marco Eichelberg
OFFIS
Bernard Groupes
May 17, 2013, 8:19:37 AM5/17/13
to
Thank Marco for your response that enlightens me,
I developed a website for remote diagnostics.
Potential customers are radiologists who have only internet as a network.
There first step is to send the PACS DICOM studies.
In France this transfer must be done with the encryption of the data exchanged and secure transmission channels.
(The second step is the handling of a case associated with the DICOM studies sent already secured via SSL/https.)
For the first step : do you think it might be possible with native DICOM protocole ..... because I can't Implement locally a teleradiology gateways at each client ?
I developed a website for remote diagnostics.
Potential customers are radiologists who have only internet as a network.
There first step is to send the PACS DICOM studies.
In France this transfer must be done with the encryption of the data exchanged and secure transmission channels.
(The second step is the handling of a case associated with the DICOM studies sent already secured via SSL/https.)
For the first step : do you think it might be possible with native DICOM protocole ..... because I can't Implement locally a teleradiology gateways at each client ?
Marco Eichelberg
May 21, 2013, 4:00:08 AM5/21/13
to
Dear Bernard Groupes,
No, I don't think so. The native DICOM protocol is unencrypted and clear text,
i.e. you can use a simple network sniffer and see patient names in clear text,
even if you don't understand the DICOM protocol. Furthermore, the DICOM protocol
has no authentication and no protection from malicious "attacks" on the connection.
In all cases I know, such teleradiology projects either use a local gateway
that accepts native DICOM and then forwards with encrypted communication
(which may either be DICOM over TLS, or encrypted DICOM e-mail, or something
proprietary such as an FTP transmission of encrypted files), or they use
a VPN gateway. In that case you can use "native DICOM" over the VPN, which
handles the encryption/authentication, but you still need a "box" at every
client (the VPN box), and you must configure the VPN very carefully
so that only permitted connections are possible and one hospital cannot
fully "see" data transmitted by another hospital, or access their LAN.
Best regards,
Marco Eichelberg
i.e. you can use a simple network sniffer and see patient names in clear text,
even if you don't understand the DICOM protocol. Furthermore, the DICOM protocol
has no authentication and no protection from malicious "attacks" on the connection.
In all cases I know, such teleradiology projects either use a local gateway
that accepts native DICOM and then forwards with encrypted communication
(which may either be DICOM over TLS, or encrypted DICOM e-mail, or something
proprietary such as an FTP transmission of encrypted files), or they use
a VPN gateway. In that case you can use "native DICOM" over the VPN, which
handles the encryption/authentication, but you still need a "box" at every
client (the VPN box), and you must configure the VPN very carefully
so that only permitted connections are possible and one hospital cannot
fully "see" data transmitted by another hospital, or access their LAN.
Best regards,
Marco Eichelberg
0 new messages