CyberSecurity and Privacy

CYBERSECURITY AND PRIVACY

CyberSecurity and Privacy

Carestream's commitment to product security

The rapid adoption of electronic medical records and demand for greater access to patient services requires the highest data protection standards. Ensuring patient privacy and trust is critical. Carestream delivers product security that helps you achieve compliance with HIPAA, PIPEDA, EU Directive or additional regulations in your country. Together we can increase patient safety and meet clinical and business needs for confidentiality, integrity, availability and accountability in radiology workflow.

CyberSecurity and Privacy

Product Security

Healthcare IT professionals should take the time to review Carestream Health's product security documentation, these documents provide a high-level overview of the security configurations related to the operating systems for our products. Additional documentation assists customers in their purchasing decision related to the requirements and product capability specified by the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.

Many International security regulations require healthcare providers and payers to protect patient information from improper access, modification, and catastrophe loss. Carestream Health is committed to providing industry leading security capabilities in our products and service delivery.

Additional Product Security Information

Additional information may be found on our service portal located at: https://my.carestream.com/en/us/signin

This information is restricted to Carestream customers. For access, please contact Carestream and request Cyber Security End User Group Access to the Service Portal.

From the service portal, you may:

  • Subscribe for E-Mail notification for new security advisories
  • Download the latest security updates for your medical device
  • Find product security information such as network maps, software inventory / SBOM, firewall settings, and group policy configuration

Vulnerability Assessments

Digital Medical Solutions

Carestream Health remains committed to ensuring our products are safe, reliable, and secure. The cybersecurity threat environment continuously evolves requiring constant diligence and information sharing in order to mitigate potential risk and to keep equipment protected. Security advisories and relevant security patch information for Carestream products will be provided below.

Product Security Advisories Last Update
Print Nightmare 08/12/2021
CVE-2021-31166 - HTTP RCE 06/29/2021
Embedded TCP/IP Network Vulnerabilities
URGENT/11, Ripple20, Amnesia:33, NUMBER:JACK, NAME:WRECK
04/15/2021
Heap Overflow vulnerability in Google Chrome / Microsoft Edge 03/02/2021
Bad Neighbor Vulnerability 01/12/2021
Windows Embedded Standard 7 SP1 End of Service Life 10/06/2020
Bluetooth Low Energy Vulnerability 03/05/2020
CryptoAPI (Curveball) Vulnerability 02/04/2020
Remote Desktop Protocol Vulnerability (Bluekeep - Part 2) 06/07/2021
Meltdown and Spectre Vulnerabilities 01/18/2018
Wi-Fi Protected Access Key Reinstallation Attack (KRACK)
12/28/2017

General Data Protection Regulation "GDPR"

General Data Protection Regulation "GDPR"

There is a new European Privacy initiative--the General Data Protection Regulation "GDPR". This initiative takes effect on May 25, 2018. Please read closely the Annex which is incorporated into the agreement your company may have with Carestream.

HIPAA Overview

HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) was signed into law August 21, 1996. This legislation affects nearly everyone involved in healthcare from providers to healthcare information systems vendors. HIPAA contains provisions for:

  • Portability of insurance coverage as employees move from one employer to another.
  • Protection of patient-identifiable data from inappropriate disclosure and the type of information that must be protected and the circumstances.
  • Defined policies, analyses, practices, and mechanisms that must be conducted to ensure the privacy of “protected health information” (PHI) is maintained.
  • Government-mandated standards for electronic transactions, code sets and identifiers.

Related Resources:

Carestream HIPAA Business Associate Agreements

Carestream business associates must comply with HIPAA regulations. Please contact your local sales representative or contract manager for information about the provisions and terms in their agreement.

Correspondence should be mailed to:

Carestream Health, Inc.
Attn: US&C Contract Management
150 Verona Street
Rochester, NY 14608

Related Documents: