A bug in a 30-year-old standard used for the exchange and storage of medical images has been uncovered. It allows an adversary to embed fully-functioning executable code into the image files captured by medical devices such as CT and MRI machines. This results in hybrid files that allow malware binaries to hide behind intact, standards-compliant images that preserve the original patient data as such, they can be used and shared by clinicians without arousing suspicion. Because of stringent privacy regulations in HIPAA regulations, medical device manufacturers and healthcare organizations often configure anti-malware software to ignore medical imagery.
Source: https://threatpost.com/hipaa-protected-malware-medical-images/143890/