Keeping Zombie Radiology at Bay

My least favorite celebration of the year ended October 31 without (real) bloodshed and with all of my body parts, and those of everyone I know, intact. Radiologists seeking to join in could do so with specialty merchandise.

 Zazzle asked the brain dead – or their mimics – to plunk down $20 for a coffee mug and $30 for a tote, each emblazoned with “Attack of the Zombie” and a humanoid figure bearing absolutely no discernible resemblance to a radiologist (http://www.zazzle.com/attack_of_the_zombie_radiologist_bag-149372381811842836).  Have dot coms no shame?

But it got me thinking…what exactly would a zombie radiologist look like? The answer may be right in front of us.

Last summer, a report surfaced about a “Zombie imaging computer” at Beth Israel Deaconess Medical Center in Boston. This computer wasn’t supposed to connect to the Internet but it did – and apparently on its own (“Zombie Imaging Computer Steals Mystery Data,” http://www.radiologydaily.com/daily/practice-management/zombie-imaging-computer-steals-mystery-data/). A vendor using the Internet to conduct routine maintenance failed to restore the computer’s default settings. Then, when no one was looking, the workstation signed onto the Web and, soon infected by malware, began transmitting data about thousands of radiology patients.

Such a story might be filed under the anomalous pages of “when good computers go bad,” if it weren’t for the extraordinary hacking potential that medical computers represent. Particularly at risk are those widely networked into picture archiving and communications systems (PACS), as well as ones linked globally to support radiology. As more and more reach into the cloud for their data, the opportunity for mischief increases. (“Information Security Risk Management Framework for the Cloud Computing Environments,” http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5577860 ) This opportunity will be amplified many times over when the use of smartphones and other mobile devices to send medical images becomes commonplace.

The radiology community should already be well aware of the risks. A decade ago, Dr. John Eng of Johns Hopkins University warned of the dangers facing radiology from attacks that might compromise one computer and spread through the network (http://radiology.rsna.org/content/220/2/303.full#sec-5). Firewalls and other such security measures can go a long way toward deterring intruders. But as the Zombie computer at Beth Israel makes clear, not all possibilities can be foreseen.

Diligence and caution are critical…or zombie radiology may become all too real.