Security of patient and study data associated with DICOM images when transferred using compact disc media.

The transmission of patient and imaging data between imaging centers and other interested individuals is increasingly achieved by means of compact disc digital media (CD). These CDs typically contain, in addition to the patient images, a DICOM reader and information about the origin of the data. While equipment manufacturers attach disclaimers to these discs and specify the intended use of such media, they are often the only practical means of transmitting data for small medical, dental, or veterinary medical centers. Images transmitted by these means are used for clinical diagnosis. This has lead to a heavy reliance on the integrity of the data. This report describes attempts to alter significant patient and study data on CD media and their outcome. The results show that data files are extremely vulnerable to alteration, and alterations are not detectable without detailed analysis of file structure. No alterations to the DICOM readers were required to achieve this; changes were applied only to the data files. CDs with altered data can be readily prepared, and from the point of view of individuals viewing the images, function identically to the original manufacturer's CD. Such media should be considered unsafe where there is a potential for financial or other gain to be had from altering the data, and the copy cannot be cross-checked with the original data.