BACK TO NEWS
CERT Advisories

Critical Vulnerabilities in MedDream PACS Premium Expose Healthcare Systems to Attacks

2 min readSource: INCIBE-CERT

INCIBE-CERT warns of multiple high-severity flaws in MedDream PACS Premium, risking unauthorized access and data breaches in medical imaging systems.

Critical Flaws in MedDream PACS Premium Pose Risks to Healthcare Infrastructure

The Spanish National Cybersecurity Institute’s Computer Emergency Response Team (INCIBE-CERT) has disclosed multiple vulnerabilities in MedDream PACS Premium, a widely used medical imaging and picture archiving system. The flaws, if exploited, could enable unauthorized access, data breaches, and potential disruption of healthcare services.

Technical Details of the Vulnerabilities

While specific CVE identifiers have not been publicly disclosed in the initial advisory, INCIBE-CERT has classified the vulnerabilities as high-severity. The flaws are likely to involve:

  • Authentication bypass or weak access controls
  • Improper input validation, leading to injection attacks
  • Insecure deserialization or misconfigurations in the PACS software

MedDream PACS Premium is deployed in hospitals and diagnostic centers to manage DICOM (Digital Imaging and Communications in Medicine) images, making it a critical component of healthcare IT infrastructure. Exploitation of these vulnerabilities could allow attackers to:

  • Access sensitive patient imaging data
  • Tamper with diagnostic records
  • Disrupt medical imaging workflows

Impact Analysis

Healthcare organizations relying on MedDream PACS Premium are at risk of:

  • Data breaches compromising patient confidentiality (HIPAA/GDPR violations)
  • Operational disruptions affecting radiology and diagnostic services
  • Ransomware or malware deployment via exploited vulnerabilities

Given the system’s integration with hospital networks, these flaws could serve as an entry point for broader attacks on healthcare IT environments.

Recommendations for Security Teams

INCIBE-CERT urges affected organizations to:

  1. Apply patches immediately once the vendor (Softneta) releases updates
  2. Isolate PACS systems from non-essential network segments
  3. Monitor for suspicious activity, including unauthorized access attempts
  4. Review access controls and enforce least-privilege principles
  5. Conduct vulnerability scans to identify exposed instances

For further details, refer to the INCIBE-CERT advisory.

This is a developing story. Updates will be provided as more technical details emerge.

Share

TwitterLinkedIn