Telemis-Medical security for protection from cyberattacks

Louvain-La-Neuve (Belgium), 18. June 2020 - In 2019, many health care establishments were the target of ransomware attacks.

This happened in Belgium, for example, where the André Renard clinic was targeted by a ransomware attack using Cryptolocker, which is a Trojan horse-type virus. The damages were estimated to be around 300.000 EUR.^[1]

In south-western France, a medical imaging centre suffered from the same type of attacks, with all of the data of every server on every one of the company's sites being encrypted, followed by a ransom demand for thousands of Bitcoins (1 Bitcoin = 6.970 EUR).

Following those attacks and some articles published in the press, hospitals and other health care establishments are increasingly concerned about the security of their information systems, and count on their partners to support them in this new challenge. The following summary of the latest security improvements is provided for information, for the sake of the 379 centres equipped with Telemis solutions.

The Telemis PACS is installed on the internal servers of the establishment. Its functionality is accessible only from inside, where access to it is password-protected. Radiologists can also log in at home using TM-Home, which is protected by a secure VPN. A hacker could therefore not gain access to the PACS from the outside via Internet. The PACS could, however, be the indirect victim of ransomware, in particular via an insufficiently protected PC propagating a cryptovirus through an establishment's computer network.

The only access to the Telemis PACS from the Internet is the medical imaging distribution gateway, called TM-Publisher Web. This could be the target of malicious attacks. That is why some health care facilities have hired outside companies to perform security audits on TM-Publisher Web. Intrusion tests have been performed and have detected some weak spots. To remedy these weaknesses and ensure optimum security, Telemis has made substantial improvements to versions 4.90 and 4.95 of its PACS. With this in mind, and also in response to the wishes of many users, Telemis has implemented a random URL generator for TM-Publisher Web so that predictive coding is no longer displayed. Moreover, accesses to TM-Publisher Web are now tracked in log files by a new audit system that complies with the IHE (Integrating the Healthcare Enterprise) ATNA profile (Audit Trail and Node Authentication). Telemis always recommends installing a reverse proxy, preferably combined with a DMZ (Demilitarised Zone) for web applications. Furthermore, it is now no longer possible to see the server technology used by TM-Publisher Web in order to try to exploit its vulnerable points. Finally, the configuration weakness of the TLS (Transport Layer Security) protocol supporting versions prior to TLS1.2 can easily be avoided by adapting the configuration of TM-Publisher Web so that it no longer supports any version other than TLS1.2, which reduces the risk of vulnerability. In that case, old versions of the browser will no longer be able to access TM-Publisher Web.

For more information:

Cyberattacks on information systems can take many forms, such as:

Phishing: A pop-up window is displayed, inviting you to click to collect a prize, or a fraudulent email asks you to enter some identifiers. As soon as you click on that type of link, you are exposing your personal data to the risk of theft by the hacker.

Ransomware: A person hijacks a computer or server and encrypts all of the data using a cryptovirus, which is malware that encodes the data on servers and workstations. The hacker then demands a ransom in exchange for restoring the data.

Cross-site scripting (XSS): A practice that consists of injecting malicious content into a web page, which corrupts the target's browser. This allows the hacker to modify the page at will, steal data from cookies, or gather sensitive data.

These are currently the three most common types of attack, although there are others.