Hi,
We are in the process of standing up our digital pathology environment. The first iteration is a local installation with both application and storage environments hosted on-site.
Our PACS vendor has sent a list of AV exclusions, which are very extensive and has concerned our IT Security team, who want to tighten up somewhat on those recommendations. The obvious implication is then performance impact.
Can I ask what others have done in this arena? I assume PACS vendors are similar in their wariness around AV scanning on the PACS databases and image stores.
Have IT departments just accepted the risk, or have people actually ignored recommendations and implemented local policies for scanning?
Thanks for any help.
Are the AV exclusions only regarding the pathology files? There have been concerns (and some publications) about the potential vulnerability of the DICOM files, especially the part 10 metadata NVD - CVE-2019-11687 however I have not heard any evidence of someone exploiting this.
1 Like
The content of the PS3.10 preamble should not be a concern if the the DICOM files are received by a C-STORE, since it is not sent over the wire that way, but it would be if the DICOM “files” are received via STOW-RS (DICOMweb), or are imported some other way (such as from a shared network folder, as Sectra can ingest). Regardless, the preamble should be ignored or suppressed if you don’t need it or recognize it (e.g., unless you need dual-personality DICOM-TIFF functionality retained, etc.). The preamble is only one place to hide nasty stuff, but the CVE was related to the fact that it is at the start so if someone attempted to “execute” the file for some reason …
That said, Mark, are your files even DICOM WSI in the first place, or are you using some horrible proprietary format that Sectra tolerates? Since you are in the UK, you may have been already contaminated by an evil vendor (Philips) that uses only proprietary format files and compression. Sorry I can’t remember what scanner vendor Portsmouth went with.
I would be interested to know what impact virus scanning of WSI or any other image files would have on performance (presumably terrible, since they are large), but then that concern probably applies to any PACS for anything, not just pathology, since the total size is large. But since once can hide nasty payloads anywhere in anything that may or may not be useful to an attacker …
1 Like