With regards to the recent press coverage on PACS systems exposing patient records, we would like to share the following information.
In general, the two main causes behind the exposure of the patient records are:
- the direct accessibility of PACS systems from the public Internet;
- and/or the lack of authenticated access.
At Agfa HealthCare, we are committed to support care providers in protecting the privacy of their patients by delivering secure products and services. For all Agfa HealthCare PACS solutions providing a secure and authenticated access is an integral part of and covered in our internal processes. We therefore have no evidence to suggest that our standard deployments are impacted.
For Agfa HealthCare solutions that are under the management of your IT teams, we urge you to keep the following in mind:
- Do not make your PACS installation accessible from the public Internet if there is no such need in your organization.
- If there is a need to remotely access the PACS, please do so with the “defence-in-depth” principle in mind. Depending on your threat model, you might want to consider the use of a reverse proxy, a firewall and/or a VPN connection.
- Use authentication to protect your sensitive data.
Please be assured that at Agfa HealthCare we continuously assess the strength of our product security using information security risk assessments, taking into consideration known risks and threats that impact patient data, as well as the security information used to gain access to such data.
Should you have any concern or question, please reach out to your local account or service manager.
Information Security and Privacy