I had a CT scan taken last month and my GP wanted to have a look at the images himself, so I stopped by the hospital this morning to ask for a copy.

The young lady at the medical imaging front desk just needed my name and data of birth (not what I’d call strict authentication… [1]). A couple minutes later I had a still-warm CD in hand, so obviously the first thing I did at home is to plop it into my computer’s drive.

A quick look at the files doesn’t promise much good: Autorun.inf and friends. Plopping it into a Windows system (with autorun enabled) confirmed things: it runs some application that just copies some information to disk and then launches the image viewing application…

While this may be convenient I would expect anyone who has a professional need to deal with such information to already have a DICOM image viewer installed and WIBNI vendors of devices that create and manage these images did the right thing and not teach doctors to run applications from questionable sources [2].

[1] Unless she has X-Ray Vision and compared me to the images she had on-screen?
[2] Say, a patient. The hospital’s logo printed on the CD is hardly an unforgeable indication of origin.