Presentation Material

Abstract

Digital Imaging and Communications in Medicine ( DICOM ) is a file format used widely across the healthcare industry. These files serve the purpose of carrying the patient metadata and scans together in a single file. Since sensitive Personally Identifiable Information ( PII ) and Personal Health Information ( PHI ) are carried together in these files, securing them is very crucial.

Unfortunately, the DICOM files became powerful attack vectors due to a vulnerability resulting from their structure. We also found that such malicious DICOMs are evading the corporate antivirus. In this research, we propose an entropy-based DICOM detection technique that helps in detecting such malicious DICOMs and alerting the SOC teams. We have also built the under the amour utility that runs in Linux and Windows systems to detect the presence of such malicious DICOM. We will show how we attacked systems that are running DICOM and also show the innovations and solutions we have built to stop such DICOM attacks in Linux and Windows.