DICOM Research Brief: HIPAA-Protected Malware

Cylera Team
By Cylera Team

Exploiting a DICOM Flaw to Embed Malware in CT/MRI Imagery

Cylera’s core technology is based on a deep understanding of clinical workflows and the healthcare-centric protocols that enable device interoperability. Researchers at Cylera Labs spend time investigating, reverse engineering, and decoding protocols found in clinical networks while carefully assessing related specifications and implementations for weaknesses.

In this article, we discuss a fundamental flaw in the design of DICOM, discovered by Markel Picado Ortiz (d00rt) of Cylera Labs, that enables attackers to effectively turn patient information into malware by embedding fully-functioning executable code into image files used by medical devices such as CT and MRI machines.

Download the full Research Brief for in-depth details

Get the Research Brief

Get Updates

Sign up to receive the
latest news from Cylera.