Files using the Digital Imaging and Communications in Medicine (DICOM) standard can be abused to hide malware, the U.S. Department of Homeland Security (DHS) warned on Tuesday. Cylera’s Markel Picado Ortiz discovered a “fundamental design flaw” in DICOM, a widely used international standard for storing, transmitting, retrieving, processing and displaying medical imaging information. Ortiz discovered that a 128-byte section at the beginning of DICOM files, called a preamble, can be used to hide malicious executable code. The resulting file stores both the legitimate medical information — this information can be accessed by the user as the modifications don’t corrupt the file — and the malware. “A malicious actor could modify a DICOM file so that it is treated as both an executable program and as a DICOM file, and then a user might be convinced to execute the file via social engineering,” DICOM said. Recommendations for mitigating the risk include scanning DICOM files with antimalware software, being cautious with files from untrusted sources, and verifying the preamble to ensure it’s either cleared or safe.