Weaponized Medical Images: Is Malware Hiding in Your MRI Results?

Researchers from Cylera Labs have recently discovered a flaw that enables malware to embed itself within medical imaging files. Once malware inserts itself into a DICOM file – the file type used to store imaging results from medical devices like CT and MRI machines – it can continue to covertly operate and execute its malicious payload while hiding imperceptibly among the patient’s scan results.

Since the malware does not damage the patient data while inserting itself into a DICOM file, it’s able to leave the file perfectly in-tact and usable. Clinicians could continue to use an infected imaging file, dubbed “PE/DICOM” files, during patient diagnosis and treatment without any indication that the file lives a double life as fully-functioning malware.

DICOM files contain sensitive medical information pertaining to individual patients and are thus classified as electronic protected health information, or ePHI. Such information is regulated under HIPAA and requires healthcare providers and their business associates to preserve the confidentiality, integrity, and availability of such data.

Once malware embeds itself into a DICOM file, it effectively “becomes” ePHI itself and inherits these protections that the real patient data affords. Any attempt to harm the malware file can now harm the patient information contained within it. The malware effectively exploits the nature and regulatory implications of the data it hides behind to protect itself from harm.

Potential Harms

This fusion of fully-functioning malware and ePHI creates a set of regulatory- and security-related concerns that did not previously have to be considered during incident response processes, such as:

  • Antivirus software can accidentally delete or leak ePHI to the cloud or public internet by performing standard analysis and remediation routines on PE/DICOM files. This could not only have regulatory consequences related to exposing protected patient data, but could also potentially disrupt clinical workflows relying on the availability of the affected files.

  • Security teams can accidentally delete or leak ePHI in the same way that an automated antivirus can; uploading suspicious files to cloud services such as VirusTotal, for example, is a common step used by analysts that would now upload the protected patient information in addition to the malware.

  • Security teams may be unable to delete/quarantine malware if they recognize it as not only a malware executable, but also a functional DICOM image file containing ePHI. Without proper tools to deal with PE/DICOM files, they may be forced to retain malware-infected files on their clinical systems.

  • Malware could evade detection by 1) antivirus software that was configured by the organization or device manufacturer to ignore clinical data, 2) by poorly-designed antivirus or sandbox software that ignores DICOM files as they do not seem executable, or 3) by human analysts who recognize the file as a fully-functioning DICOM image.

  • Malware payloads could spread throughout an organization as infected DICOM data is sent and saved to clinical systems during normal usage patterns, such as the viewing of imaging results by multiple practitioners. The malware payloads would lie latent in the data contained within these files and would need to be processed and activated by a secondary payload as part of a two-stage attack, which would involve modifying the file’s “Preamble” and executing the DICOM file directly.

The common thread through the potential impacts above, as well as the many ancillary impacts not listed here, is that they stem from clinical or regulatory implications of the patient data. This is one of the most interesting aspects of the PE/DICOM flaw: the vulnerability itself is not defined by just a software design weakness, but instead a software design weakness plus the regulatory and clinical context of the affected data.


The root of this issue is found in the DICOM file format’s specification, which includes a feature used to enable cross-compatibility of DICOM files and applications designed to view other image formats. This feature, whose purpose largely relates to providing compatibility with older systems, is exactly what can be misused to turn a DICOM file into an executable program - a key part of this attack.

The utility of the feature does not diminish its security risk, and its impact on security does not change the fact that this feature, when used as intended, does provide value. Modifications to the DICOM standard to remove the security risks while preserving the functionality originally intended may not be feasible. This makes it seem unlikely that the standard will change in any drastic way to compensate for the feature’s weakness and potential for misuse.

Organizations looking to proactively protect themselves from malware that may exploit this flaw should configure basic mechanisms for detecting PE/DICOM files, have tooling to neutralize detected files, and have tooling to separate the raw malware executable from the DICOM image file. These steps are discussed further in the analysis conducted by Cylera Labs, and the appropriate tooling is available from Cylera upon request.

Antivirus vendors should add similar mechanisms to recognize PE/DICOM files and handle them appropriately to ensure that patient information is not leaked to the cloud, deleted, or otherwise made inaccessible. We are pleased to already see vendors working to add such support to their products. Organizations interested in learning if their antivirus or EDR vendor is planning to implement PE/DICOM handling should inquire directly with their representative.


The increasing dependence of clinical care on network-connected systems introduces new dimensions of concern and complexity for hospitals and healthcare providers. This is perfectly illustrated by the PE/DICOM flaw: it is the nature of the data contained within DICOM files that gives the vulnerability its level of technical potency. If this issue was found in a non-medical imaging format the benefits to malware would be fewer and the risk would be less severe.

As the number of threats against healthcare networks and clinical devices rapidly grows it is often difficult, and perhaps even counterproductive, to focus too much on defending from any single threat or vulnerability. Rather, novel threats and attack vectors should influence how security, IT, and clinical engineering teams approach clinical cybersecurity in general, and should lead to stronger practices, more robust defenses, and more coordinated strategies.

Some of the key clinical cybersecurity principles informed by the PE/DICOM flaw include:

  • Cyber risk in healthcare must be assessed in a multidimensional way. Beyond the obvious impact of a cyber attack on the organization’s network and systems, security and IT teams should directly consider regulatory consequences, patient confidentiality, clinical continuity, and ultimately patient safety when considering risks and attacks.

  • Security teams must be cognizant of the clinical and regulatory impacts of their actions while responding to threats. Quarantining an infected file or medical device could ultimately cause more harm to the organization that the malware or threat itself.

  • Organizations must gain deeper visibility into their clinical networks, devices, and data flows as the size of their networks and threats against them continue to grow. An understanding of the typical patterns and behaviors present on these networks can help teams identify zero-day threats and attack vectors like this without prior knowledge of them.

Cylera is a patient-centric healthcare cybersecurity and intelligence company focused on changing how healthcare organizations protect and manage HIoT environments containing medical, OT, and IoT devices. Cylera’s MedCommand™ solution provides cybersecurity and clinical engineering teams with a unified solution to protect the safety of their patients, assets, and clinical workflows from cyberattacks. Click here to learn more.

Read more blog articles from Cylera.

Cylera is a Healthcare IoT cybersecurity and intelligence company built in close partnership with healthcare providers. Cylera built a next-generation platform that leverages AI-driven technology to deliver the strongest, most advanced cybersecurity and analytics solutions. 

Follow us

  • LinkedIn
  • Twitter
© 2020 Cylera. All Rights Reserved. Privacy Policy  |  Terms Of Use  |  Cookie Policy