New Malicious Medical DICOM Image Files Cause HIPAA Headache

Sergiu Gatlan reports:

Malicious DICOM files can be crafted to contain both CT and MRI scan imaging data and potentially dangerous PE executables, a process which can be used by threat actors to hide malware inside seemingly harmless files.

Cylera’s Markel Picado Ortiz achieved this by taking advantage of a DICOM format design flaw which allows for the “128-byte section at the beginning of the file, called the Preamble,” to be modified to add compatibility with non-DICOM image viewers.

Read more on BleepingComputer.

h/t,@MRJDWoodard

About the author: Dissent