Critical-risk tools in AWS HealthImaging MCP Server
11 of the 39 tools in AWS HealthImaging MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
bulk_delete_by_criteriaDestructiveDelete multiple image sets matching specified criteria.
-
delete_datastoreDestructiveDelete a data store from AWS HealthImaging.
-
delete_image_setDestructiveDelete an image set.
-
delete_instance_in_seriesDestructiveDelete a specific instance in a series.
-
delete_instance_in_studyDestructiveDelete a specific instance in a study.
-
delete_patient_studiesDestructiveDelete all studies for a specific patient.
-
delete_series_by_uidDestructiveDelete a series by SeriesInstanceUID using metadata updates.
-
delete_studyDestructiveDelete all image sets for a specific study.
-
remove_instance_from_image_setDestructiveRemove a specific instance from an image set using DICOM hierarchy operations.
-
remove_series_from_image_setDestructiveRemove a specific series from an image set using DICOM hierarchy operations.
-
untag_resourceDestructiveRemove tags from a resource.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.