• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

3 Critical Vulnerabilities Found in Merge DICOM Toolkit

by Fred Pennic 05/02/2024 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

What You Should Know:

– Security researchers at Nozomi Networks Labs identified three vulnerabilities in the Merge DICOM Toolkit C/C++ SDK (versions prior to v5.18). 

– These vulnerabilities could be exploited by attackers to crash medical imaging systems through seemingly harmless actions like opening a DICOM file or processing network data.

The Importance of the Merge DICOM Toolkit

In the world of medical imaging, the Merge DICOM Toolkit plays a vital role. This software library ensures seamless handling of medical images (like X-rays and MRIs) by allowing them to be stored, shared, and accessed across various healthcare systems. It’s a critical piece of technology for accurate diagnoses and timely treatments.

Potential Impact on Hospitals

A compromised medical imaging system could have serious consequences. It could disrupt workflows, delay diagnoses, and even impact patient care. In a hospital setting, where every second counts, such disruptions can be critical.

How Attackers Could Exploit These Vulnerabilities

These vulnerabilities could be exploited by attackers to disrupt critical healthcare systems:

  • CVE-2024-23912 & CVE-2024-23913: These vulnerabilities allow attackers to crash DICOM viewers by sending them malformed DICOM files. This could potentially delay diagnoses and treatment.
  • CVE-2024-23914: This vulnerability could enable attackers to exploit weaknesses in the network communication protocol used by DICOM-enabled devices (like ultrasound or CT machines). A successful attack could crash these devices, hindering their ability to function.

Patching and Remediation

Fortunately, Merge by Merative has addressed these vulnerabilities in the latest release of the Merge DICOM Toolkit C/C++ SDK (v5.18). Here’s what you can do:

  • Healthcare providers: Urgently check if any of your medical imaging software uses a vulnerable version (prior to v5.18) of the Merge DICOM Toolkit. If so, update to the latest version (v5.18) immediately.
  • Software developers: If you develop healthcare software that utilizes the Merge DICOM Toolkit, ensure you are using the latest patched version (v5.18) to protect your users from these vulnerabilities.

The Importance of Software Supply Chain Security

This incident highlights the importance of software supply chain security in the healthcare industry. Vulnerabilities in widely used libraries like the Merge DICOM Toolkit can create significant security risks for healthcare systems. By working together, software developers, healthcare providers, and security researchers can ensure the safety and security of critical medical technologies.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Virta Health CEO: GLP-1s Didn’t Kill Weight Watchers, Its Broken Model Did

Most-Read

Lessons Learned from The Change Healthcare Cyberattack, One Year Later

Lessons Learned from The Change Healthcare Cyberattack, One Year Later

Blue Cross Blue Shield of Massachusetts Launches "CloseKnit" Virtual-First Primary Care Option

Blue Cross Blue Shield of Massachusetts Launches “CloseKnit” Virtual-First Primary Care Option

Omada Health Launches "Nutritional Intelligence" with AI Agent OmadaSpark

Omada Health Soars in NASDAQ Debut, Signaling Digital Health IPO Rebound

Medtronic to Separate Diabetes Business into New Standalone Company

Medtronic to Separate Diabetes Business into New Standalone Company

White House, IBM Partner to Fight COVID-19 Using Supercomputers

HHS Sets Pricing Targets for Trump’s EO on Most-Favored-Nation Drug Pricing

23andMe to Mine Genetic Data for Drug Discovery

Regeneron to Acquire Key 23andMe Assets for $256M, Pledges Continuity of Consumer Genome Services

CureIS Healthcare Sues Epic: Alleges Anti-Competitive Practices & Trade Secret Theft

The Evolving Role of Physician Advisors: Bridging the Gap Between Clinicians and Administrators

The Evolving Physician Advisor: From UM to Value-Based Care & AI

UnitedHealth Group Names Stephen Hemsley CEO as Andrew Witty Steps Down

UnitedHealth CEO Andrew Witty Steps Down, Stephen Hemsley Returns as CEO

Omada Health Files for IPO

Omada Health Files for IPO

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |