Secure Your Care

Digital Radiography Cybersecurity & Privacy

Designed holistic protection
for your critical assets

: Defense-in-Depth of Samsung DR system

Healthcare organizations are becoming increasingly susceptible to cyber attacks compromising sensitive patient information.
As medical devices can be an entry point for attackers, cybersecurity is our top priority in designing, developing,
and maintaining products. We are committed to offering a proactive and optimal safeguard of DR equipment
and invaluable data against intensifying cyber threats.
Samsung’s digital X-ray systems are ready not only for today but also for the future with industry-leading technical measures
in multi-layered security controls.

Physical Layer

  • Protection case*for critical hardware module in a system from unauthorized access
  • Limited external port only used for file input and output against malicious hacking

*This feature is only for GM85.

OS hardening Layer

  • Operating system hardening in line with STIGs*
  • Secure Boot checking the integrity of boot S/W to prevent malware loading

*STIGs(Security Technical Implementation Guides) are comprehensive hardening guides published
by the DISA(Defense Information Systems Agency) of the Ut.S. Department of Defense.

Network Layer

  • Firewall preventing unintended intrusion through a network
  • WPA2 securing access to wireless communication between system components
  • VPN* supporting protected network communication against external breaches
  • DICOM TLS** for data encryption in transit

* VPN: Virtual Private Network
** TLS: Transport Layer Security

Access control Layer

  • Strengthened user account management with various password policies and access controls for patient data by account
  • Audit trail recording log of major events related to patient data
  • Service engineer access control using OTP and anonymizing of all patient data

Application Layer

  • Anti-malware protecting DR systems from viruses or ransomware
  • Whitelisting* allowing only validated S/W installation and execution for blocking malware
  • Remote software update to keep the latest version of S/W without service requests
  • SDLC** managing all stages in security from program code to final distribution
  • Digital Signature ensuring the integrity of S/W component in a system

* This feature is applied at customer’s request.
** SLDC(Secure-Software Development Life Cycle) is a process for planning, creating, testing,
and deploying an information system for creating high-quality software.

Data Layer

  • Storage Encryption preventing data leakage from system drives even if storage is physically detached
  • DICOM Tag Encryption protecting sensitive patient data in case of DICOM file theft

A reliable partner in an uncertain digital era

  • World-class
    Management System
    • · Received independent certification including ISO/IEC27001.
    • · Comply with Risk Management Framework (RMF) according to NIST SP 800-53
  • Government-grade
    Achieved government agency security including Authority to Operate (ATO) for the U.S. Department of Defense
  • Trusted by
    Security Experts
    Vulnerability monitoring with regular code-based reviews and integrated inspection by Samsung’s security experts

Comply with worldwide standards

  • Actions for GDPR
    General Data Protection Regulation (GDPR) includes stringent requirements that harmonize privacy and security laws throughout the EU. We are committed to offering functional support that helps users comply with GDPR, as outlined below:
    • Process & System to Ensure Data Subject’s Rights
    • Valid Consent to Process Personal Data
    • Data Protection Officer & Privacy Office
    • Strict Protection of Personal Data
  • Actions for HIPAA
    Health Insurance Portability and Accountability Act (HIPAA) in the U.S. covers Health Plans, Providers of medical or health services, and Health Care Clearinghouses. Since HIPAA mandates detailed privacy rules regarding how PHI can be used and disclosed, we take this into account when implementing features in our product. Our objective is to assist end-users in maintaining HIPAA compliance while using the device.
  • Actions for MDS²
    The Manufacturers Disclosure Statement for Medical Device Security (MDS2) provides information about the security implemented in medical devices with 216 questions that cover 23 security capabilities. The MDS2 is endorsed by the American College of Clinical Engineering (ACCE), ECRI (formerly the Emergency Care Research Institute), the National Electrical Manufacturers Association (NEMA), and the Healthcare Information and Management Systems Society (HIMSS). We provide a disclosure statement for each model in accordance with the standard template and will continue to offer technical and support information with transparency.