![](https://hitconsultant.net/wp-content/uploads/2024/05/Merge-DICOM-Toolkit.png)
What you should know:
– Security researchers at Nozomi Network Labs identified three vulnerabilities in the Merge DICOM Toolkit C/C++ SDK (versions prior to v5.18).
– These vulnerabilities could be exploited by attackers to crash medical imaging systems via seemingly innocuous actions such as opening a DICOM file or processing network data.
The Importance of DICOM Fusion Toolkit
In the world of medical imaging, the Merge DICOM toolkit plays a vital role. This software library ensures seamless management of medical images (such as X-rays and MRIs) by enabling their storage, sharing and access across various healthcare systems. It is an essential piece of technology for accurate diagnostics and rapid treatment.
Potential impact on hospitals
A compromised medical imaging system could have serious consequences. This could disrupt workflows, delay diagnoses and even impact patient care. In a hospital environment, where every second counts, such disruptions can be critical.
How attackers could exploit these vulnerabilities
These vulnerabilities could be exploited by attackers to disrupt critical healthcare systems:
- CVE-2024-23912 and CVE-2024-23913: These vulnerabilities allow attackers to crash DICOM viewers by sending them malformed DICOM files. This could potentially delay diagnoses and treatment.
- CVE-2024-23914: This vulnerability could allow attackers to exploit weaknesses in the network communications protocol used by DICOM-enabled devices (such as ultrasound or CT devices). A successful attack could crash these devices, hindering their ability to function.
Fixes and Fixes
Fortunately, Merge by Merative has fixed these vulnerabilities in the latest version of the Merge DICOM Toolkit C/C++ SDK (v5.18). Here's what you can do:
- Health Care Providers: Urgently check if any of your medical imaging software is using a vulnerable version (prior to v5.18) of Merge DICOM Toolkit. If so, update to the latest version (v5.18) immediately.
- Software developers: If you are developing healthcare software that uses Merge DICOM Toolkit, be sure to use the latest patched version (v5.18) to protect your users from these vulnerabilities.
The Importance of Software Supply Chain Security
This incident highlights the importance of software supply chain security in the healthcare industry. Vulnerabilities in widely used libraries such as Merge DICOM Toolkit can create significant security risks for healthcare systems. By working together, software developers, healthcare providers, and security researchers can ensure the safety and security of critical medical technologies.