Carestream's commitment to product security
The rapid adoption of electronic medical records and demand for greater access to patient services requires the highest data protection standards. Ensuring patient privacy and trust is critical. Carestream delivers product security that helps you achieve compliance with HIPAA, PIPEDA, EU Directive or additional regulations in your country. Together we can increase patient safety and meet clinical and business needs for confidentiality, integrity, availability and accountability in radiology workflow.
Healthcare IT professionals should take the time to review Carestream Health's product security documentation, these documents provide a high-level overview of the security configurations related to the operating systems for our products. Additional documentation assists customers in their purchasing decision related to the requirements and product capability specified by the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.
Many International security regulations require healthcare providers and payers to protect patient information from improper access, modification, and catastrophe loss. Carestream Health is committed to providing industry leading security capabilities in our products and service delivery.
Additional information may be found on our service portal located at: https://my.carestream.com/en/us/signin
This information is restricted to Carestream customers. For access, please contact Carestream and request Cyber Security End User Group Access to the Service Portal.
From the service portal, you may:
Digital Medical Solutions
Carestream Health remains committed to ensuring our products are safe, reliable, and secure. The cybersecurity threat environment continuously evolves requiring constant diligence and information sharing in order to mitigate potential risk and to keep equipment protected. Security advisories and relevant security patch information for Carestream products will be provided below.
|Product Security Advisories||Last Update|
|CVE-2021-31166 - HTTP RCE||06/29/2021|
|Embedded TCP/IP Network Vulnerabilities
URGENT/11, Ripple20, Amnesia:33, NUMBER:JACK, NAME:WRECK
|Heap Overflow vulnerability in Google Chrome / Microsoft Edge||03/02/2021|
|Bad Neighbor Vulnerability||01/12/2021|
|Windows Embedded Standard 7 SP1 End of Service Life||10/06/2020|
|Bluetooth Low Energy Vulnerability||03/05/2020|
|CryptoAPI (Curveball) Vulnerability||02/04/2020|
|Remote Desktop Protocol Vulnerability (Bluekeep - Part 2)||06/07/2021|
|Meltdown and Spectre Vulnerabilities||01/18/2018|
|Wi-Fi Protected Access Key Reinstallation Attack (KRACK)
General Data Protection Regulation "GDPR"
There is a new European Privacy initiative--the General Data Protection Regulation "GDPR". This initiative takes effect on May 25, 2018. Please read closely the Annex which is incorporated into the agreement your company may have with Carestream.
The Health Insurance Portability and Accountability Act (HIPAA) was signed into law August 21, 1996. This legislation affects nearly everyone involved in healthcare from providers to healthcare information systems vendors. HIPAA contains provisions for:
Carestream HIPAA Business Associate Agreements
Carestream business associates must comply with HIPAA regulations. Please contact your local sales representative or contract manager for information about the provisions and terms in their agreement.
Correspondence should be mailed to:
Carestream Health, Inc.
Attn: US&C Contract Management
150 Verona Street
Rochester, NY 14608