SYSTEMS NOMINAL THREAT LEVEL: ELEVATED 2 ACTIVE ADVISORIES
Tue, 28 Apr 2026 20:51:02 UTC
PENNAME.ORG
HEALTHCARE INFORMATION SECURITY PORTAL

Serving the healthcare infosec community since MMXXV  |  HIPAA · HITECH · FDA · OCR · Zero Trust · Medical Device Security

!! ALERT !!
[2026-04-28] PENNAME.ORG: PENNAME.ORG goes Live!

Threat modeling DICOM: when imaging metadata becomes the attack surface

date:2026-04-18 author:S. Architect categories:medical-devices, threat-modeling tags:dicom, imaging

DICOM tags travel with imaging studies across networks, storage tiers, and viewers, and almost none of them are validated by the systems that ingest them. This is the start of an attack surface most organizations have never enumerated.

Why DICOM is interesting

The DICOM standard defines thousands of tags, many of which contain free-text strings, file paths, and even embedded private data blocks vendors use for proprietary fields. Most viewers were written assuming this metadata is authentic and well-formed.

Sample attack paths

  • Patient name fields with embedded payloads that exploit string-handling bugs in viewer chrome.
  • Private tags carrying scripts that hospital-internal automation processes execute as part of routing.
  • Referenced SOP instances pointing at network paths the DICOM node will resolve.

Where to start

Inventory your DICOM nodes, identify the union of tags they all consume, and treat any field that ends up in a UI or a script as untrusted input. The same hygiene you apply to web inputs applies here — it just hasn’t historically been applied at all.

-- EOF --