|
Secretariat:
1300 North 17th Street, Suite 900
Arlington, VA 22209, USA
http://dicom.nema.org
dicom@medicalimaging.org
+1-703-841-3259
|
T-con notes
WORKING GROUP 14
Security
January 17, 2018
Voting Members Present Represented by
ACR James Philbin
JIRA Takashi Igarashi for Akihiro Yomoda
PixelMed David Clunie
Voting Members Not Present Represented by
Agfa Healthcare To Be Assigned
CMDS/CFDA Jia Zheng
Change Healthcare Roger Trevisan
GE Healthcare Francisco Sureda
Hologic Jeff Garrett
Laitek Doug Sluis
OFFIS Marco Eichelberg
Panasonic Healthcare Katsuya Watanabe
Philips Healthcare Ben Kokx
Siemens Hans-Martin Von Stockhausen
Stryker Communications Corey Cochran
Univ. of Arkansas, Med. Sciences Lawrence Tarbox
Alternate Voting Members, Observers, Guests Present
Fairhaven Technology Rob Horn
FUJIFILM Medical Systems Masao Murata
MITA/DICOM Secretariat Stephen Vastagh
John Moehrke
Rogan-Delft BV Pim Philipse
Presiding Officers Lawrence Tarbox, User Co-Chair
MITA/DICOM Secretary Pro Tem Stephen Vastagh
-
Opening
The meeting was called to order at 9.00 USA Eastern Time. The Secretary reviewed the antitrust rules. The Agenda was approved. The review of the Minutes from December 13, 2017 t-con was postponed.
-
Administrative
The Secretary reported that no nominations were received for Industry Co-Chair. Thereafter, D. Clunie nominated Past Industry Co-Chair, Rob Horn, to serve again representing his own consulting company, in the position of Industry Co-Chair. The participants supported his nomination unanimously. The Secretary will circulate the nomination and a ballot.
-
Security articles (DICOM, HL7)
The following article was reported
https://www.enterpriseinnovation.net/article/dicom-unknown-vulnerability-cyberattacks-healthcare-industry-1675831549
A brief discussion concluded that the issues are not with the DICOM Standard; rather, with the implementations thereof.
It was decided that WG-14 should refer the article to the MII Section of MITA and to IHE Radiology.
It was also noted that at least one similar article focused on HL7 vulnerabilities, as well (https://www.sans.org/reading-room/whitepapers/vpns/hl7-data-interfaces-medical-environments-attacking-defending-achilles-heel-healthcare-38010 )
-
NIST Cybersecurity Center of Excellence
D. Clunie informed WG-14 about the NIST activities: identify a problem and assemble a solution. E.g. took interest infusion pumps, conducted tests and published an implementation guide type document.
The NIST CSF (cybersecurity framework) is now seeking comments on how to prioritize security issues. D. Clunie highlighted medical imaging PACS systems as a potential area of inquiry.
David briefed the NIST group on PACS. The work is done by MITRE contractors and NIST employees. The PACS project is a U.S. Government-funded project, thus open information.
The NIST Group is inviting industry representatives. DICOM WG-14 can get involved collectively or members individually. Contact 301-975-0200, Jennifer Cawthra, Healthcare Community of Interest. jennifer.cawthra@nist.gov .
https://nccoe.nist.gov/projects/use-cases/health-it/pacs
-
ISO standard on software asset management
Rob Horn reported briefly on standardized way to maintain system updates (with or without identifying locations.)
-
CP – PurposeOfUse – J. Moehrke asked the status due to interest by IHE Connectathon discussions. R. Horn will follow-up
-
Agenda for the Feb. 21, 2018 WG-14 t-con
-
NIST (Center of Excellence) follow-up (see item 4 above.)
-
Masao Murata e-mail and Presentation on harmonization of standards (posted as < AuditTrail20170907.pptx> in the Feb 21 meeting folder. Was posted in the Jan. 17 folder – nobody from JIRA was available to present.
-
Sup204 (of WG-14)- retiring three old profiles and adding two new profiles
R Horn will review the LB comments by January 24 and -if editorial only- Rob will ask for time on March Agenda for Sup204-FT .
-
Sup 206 (of WG-14)
R. Horn has a draft. Clarify how to proceed: whether JIRA will submit a new Work Item or will use the draft that Rob provided to JIRA (See WG-06 Sups directory for the rough initial; draft. JIRA has the option to use Rob’s draft to add the profile. The CRYPTREC recommendations should be referenced in the new DICOM standard text write-up. In the review the questions had to do with patent issues (CRYPTREC has been patented.) Some of the patents have been confirmed to meet the DICOM requirement of reasonable licensing terms. The DICOM-acceptable licensing terms of some of the other patents still need to be confirmed.
ACTION ITEM: Rob to write to JIRA requesting confirmation by Tuesday, January 24, whether all remaining patent licensing terms have been found conforming to DICOM’s terms. If terms are satisfactory Rob Horn will ask for Agenda time for Sup 206 at the March WG-06 meeting. If no response or no satisfactory response from JIRA, the sup206 will be delayed.
Secretary’s Note: Done; see e-mail in the Feb. 21 Meeting folder.
7.5 Sup207 (of WG-31)
what does WG-14 wish to do about security conformance clauses and security in the DICOM Conformance Statement?
-
Coordination of WG-14 with IHE ITI, JIRA, ISO 215, other relevant activities
Discuss how will coordination be accomplished?
-
New JIRA Profile
JIRA is interested in adding one new Japanese profile to the DICOM Standard; this would be a new work item. JIRA may submit a Work Item proposal at the April DCS meeting. WG-06 pointed out that the Work Item for Sup 204 could accommodate the development of this new profile.
-
Addressing security concerns during DICOM maintenance and development
The t-con participants decided to recommend to WG-06 to require that each proposed CP and Supplement addresses security implications of the subject of CPs and Supplements (revise and include in templates.)
-
Next Meetings
T-con: 3rd Wednesday’s of month
-
Wednesday, Feb. 21, 2018, 09:00-10:00 USA ET
-
Wednesday, March 21, 2018, 09:00-10:00 USA ET
-
Wednesday, April 18, 2018, 09:00-10:00 USA ET
In person
-
Adjournment
The meeting was adjourned at 10:10 USA Eastern Time.
Reported by Stephen Vastagh, Secretary Pro Tem
Reviewed by: Clark Silcox
DICOM WG-14 Page of Minutes 2018-01-17
Dostları ilə paylaş: |