Picture Archiving and Communication System (PACS) servers are crucial for managing patient imaging data in medical institutions. This presentation explores the essential functions of PACS servers and the structure of DICOM (Digital Imaging and Communications in Medicine) files, emphasizing the importance of unique identifiers.

We discuss the processing and transmission of DICOM files using various protocols and uncover significant privacy and security risks associated with exposed PACS servers and DICOM files on the internet.

Our research has identified multiple vulnerabilities in PACS servers, including use-after-free, stack-based buffer overflow, and path traversal, which could disrupt medical operations or result in the deletion of patient data.

The goal of this presentation is to raise security awareness and provide practical mitigation strategies for medical staff and server developers to protect sensitive medical data.