Tripwire Collaborates with NIST on New Guide Available to Help Healthcare Providers Secure Medical Imaging Data

PORTLAND, Ore. – September 16, 2019 – Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced that it has been working closely with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on a project to help healthcare delivery organizations secure the Picture Archiving and Communication System (PACS).

The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. I’m excited to share that the NCCoE has just released draft practice guide NIST Special Publication 1800-24, Securing Picture Archiving and Communication System.

This practice guide aims to help healthcare organizations reduce the risk of malicious actors compromising the confidentiality, integrity and availability of the PACS ecosystem. Standards and best practices were used to deploy strong authentication solutions that use open and scalable standards. The guide also maps capabilities to NIST guidance and control families, including the NIST Cybersecurity Framework.

This practice guide demonstrates how commercially available technologies, like Tripwire Enterprise®, can be integrated with existing tools to support asset management through secure configuration management (SCM) and file integrity monitoring (FIM) capabilities.

“Advancements in medical imaging technology are helping patients get diagnosed and treated more quickly and effectively. But unsecured systems can open the door to breaches of patient data and could potentially risk patient safety,” said Jennifer Cawthra, NIST NCCoE healthcare sector lead. “Our Securing Picture Archiving and Communication System guidance shows how healthcare delivery organization can take advantage of these technologies while also ensuring patient data is protected.”

“Maintaining secure and compliant configurations is critical to any organization’s system integrity, especially in complex and highly sensitive environments such as healthcare,” said Tim Erlin, vice president of product management and strategy. “To minimize the attack surface and reduce risk of inadvertently exposing data, healthcare systems should be configured properly and then monitored for any changes that could weaken security or result in non-compliance.”

Please download the practice guide and share your thoughts with the NCCoE on how to strengthen it. The public comment period closes on November 18, 2019.

*While the example implementations use certain products, NIST and the NCCoE do not endorse these products. The guide presents the characteristics and capabilities of those products, which an organization’s security experts can use to identify similar standards-based products that will fit within with their organization’s existing tools and infrastructure.


About Tripwire

Tripwire is the trusted leader for establishing a strong cybersecurity foundation. Partnering with Fortune 500 enterprises, industrial organizations and government agencies, Tripwire protects the integrity of mission-critical systems spanning physical, virtual, cloud and DevOps environments. Tripwire’s award-winning portfolio delivers top critical security controls, including asset discovery, secure configuration management, vulnerability management and log management. As the pioneers of file integrity monitoring (FIM), Tripwire’s expertise is built on a 20+ year history of innovation helping organizations discover, minimize and monitor their attack surfaces.

Learn more at", get security news, trends and insights at, or connect with us on LinkedIn, Twitter and Facebook.

Press Contacts

Ray Lapena
PR Manager