Hospitals routinely transmit medical images only within their internal network which is protected by their firewall. However, with the advent of tele-radiology, there is an increasing need for doctors to transmit images to healthcare professionals all over the globe to seek high quality diagnoses or second opinions. As a result, medical image security has become an important issue when medical images are being transmitted over open network, where sensitive patient information is exposed to hackers or individuals with malicious intents. Possible security breaches may include tampering of images to include false data which may lead to wrong diagnosis and treatment.
There are several mandates and guidelines in place to protect sensitive patient information. The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare providers to take measures to ensure the security of medical images so as to protect patient's privacy. The Digital Imaging and Communication in Medicine (DICOM) standard a s to define a technical framework for application entities involved in the exchange of medical data to adhere to a set of security profiles. At present the DICOM standard does not address the security of patient data after it has been decrypted, and when it is no longer under the protection the private network.
Current security measures have their limitations. Cryptography is able to ensure security in terms of storage and transmission but once decrypted the information is no longer protected. Firewalls and access-control methods only protect the images up to the point of the internal networks. Authenticity problems are often a result of human actions such as illegal distribution or human error in transmitting to unauthorized individual. To ensure the authenticity of the images, the two common tools used are digital signature and watermark.
A digital signature is the non-repudiation, encrypted version of the message digest extracted from the data to prove integrity and originality. The security of digital signature often depends on the strength of the hash functions used to validate the signatures. It has been demonstrated that it is possible to generate two datasets with different content but having the same MD5 (Message-Digest algorithm 5) hash. As a result, it is then possible to append arbitrary data to the dataset and their hash value may still be the same. In mathematical terms, if MD5(x)=MD5(y), then MD5(x+q)=MD5(y+q)6 (where x and y could represent two different 128 bytes dataset and q is an arbitrary dataset of any length). We can then apply these concepts to medical images, for example, by modifying the first 1024 bits of the pixel values of an image. Consequently, two images can be nearly identical except for six pixels and the two images can produce the same MD5 hash. This shows that it could be possible for a hacker to tamper an image to include artifacts that may lead to wrong medical diagnosis, while keeping the MD5 of the image unchanged. This type of tampering may also give rise to serious security issues if the image was used in a legal or police investigation.
Watermarking is the practice of imperceptibly adding hidden data to the cover-signal (e.g. image, audio, video, or other work of media) in order to convey the hidden data. In the context of medical images, the hidden data can be used to verify the authenticity of the images. This provides an alternative technique to protect medical images. It allows messages to be indiscernibly embedded into an image by modifying the pixel values. Watermarks may be permanent or reversible. Permanent watermarks permanently modify the image in some controlled ways, while reversible watermarks allow these modifications to be completely reversed subsequently by an authorized person.
Because digital medical images can be easily modified, there is also a need to identify whether tampering has been performed on the images during transmission, and to locate the regions that have been tampered with.