Safeguarding the future of radiology with imaging informatics

Shujah Das GuptaDhaval Shah
Mar 28, 2024

Dhaval Shah.Dhaval Shah.

With AI-mediated cyberattacks on the rise, radiologists can find it challenging to balance prompt patient access to diagnostic imaging while safeguarding sensitive healthcare data.

That's why prioritizing cybersecurity investments -- such as advanced network security systems supplemented by regular software updates, audits, and penetration assessments -- and offering staff training on keeping healthcare data and equipment safe can save radiology departments substantial expenses.

Shujah Das Gupta.Shujah Das Gupta.

Radiology's operating model depends heavily on interoperability between different healthcare and imaging systems for efficient patient examination and diagnosis. However, with the growing number of cybersecurity incidents, healthcare providers are actively seeking to increase investments in safeguarding data in the ever-evolving digital landscape. In a cybersecurity survey conducted by Ponemon Institute in 2023, 88% of healthcare organizations experienced an average of 40 attacks in the previous 12 months, with an average cost of $5 million.

In response to the escalating number of cybersecurity threats, governments and regulators are urging healthcare providers to establish cybersecurity programs aiming to safeguard the personal information of all individuals involved. With the help of new cybersecurity framework and policies, radiology teams can focus on faster diagnosis and treatment for the patients without compromising privacy or safety.

Emerging challenges

Radiology practices possess a vast volume of valuable patient data that necessitates secure storage by eliminating departmental silos and transmission, to ward off cybersecurity threats. However, the evolving radiology informatics landscape in clinical practice presents an ongoing data breach security challenge. Investment in robust cybersecurity measures, embracing interoperable systems, and deploying efficient enterprise storage solutions are imperative to effectively handle the escalating volume of radiology data.

The recent suspected cyberattack at Consulting Radiologists in Eden Prairie, MN, halted radiology operations for their affiliated healthcare facilities disrupting patient care and resulting in routing critical stroke and trauma patients to other facilities, according to a report from Pioneer Press. With growing radiology practices and outpatient imaging facilities, we will see an increase in outsourced diagnostic imaging. Designing cybersecurity training programs for radiologists is vital in order to strengthen the overall security posture of radiology practices and small healthcare facilities.

The impact of such malicious attacks is far-reaching on health organizations, leading to legal, reputational, and clinical damage or even loss of lives. Furthermore, the notable pattern between the highest average data breach costs and soaring malware costs in recent years cannot be ignored. It only makes sense that leading institutions like the World Health Organization (WHO) have called for bolstering cybersecurity through operational approaches. Indeed, the road to improved cyber resilience is tough, presenting many challenges and concerns.

Furthermore, radiology imaging IT departments still operate with legacy systems that often lack the latest security features and underlying operating system updates. Underinvestment in healthcare information technology (HCIT) cybersecurity programs is another factor; legacy radiology systems should be part of an ongoing HCIT security risk-mitigation plan. Lack of risk prioritization, fragmented governance, and cultural behaviors are other factors that hinder organizational cyber resilience. An acute shortage of cybersecurity professionals with specific skill sets only adds to the challenge of radiologists and healthcare professionals encountering unprecedented threats.

As a result, numerous radiology departments lack the necessary resources and expertise to combat these threats effectively, resulting in inconsistent adoption of stringent cybersecurity measures throughout the organization. The situation is exacerbated by the surge in data volumes from advanced imaging technologies, such as 3D mammography (also known as digital breast tomosynthesis), which produce images that are 20 times larger than conventional 2D mammograms. AI research for advanced image analytics is also playing a role.

Remote sharing of Personally Identifiable Information (PII), sensitive health data, and reliance on outdated software present significant vulnerabilities, providing potential avenues for unauthorized access and exploitation by hackers.

2024 03 29 Safeguarding Future Figure1

Offense is the best defense

The key to discovering attack strategies is to weed out the source first. Interestingly, employees are no longer the primary culprits in radiology cyberthreats, according to the Verizon 2022 Data Breach Investigations Report. The prominence of the Basic Web Application Attack pattern here signifies a shift in threat dynamics, relegating insider threats to a lesser role.

Underscoring the urgent need for fortified security measures, radiology departments must have stringent cybersecurity strategies in place to safeguard patient data against such attacks. In recent light of events, a Cisco Security Outcomes study cites that 96% of executives across diverse industries prioritize security resilience. The criticality is evident; radiology departments must view cybersecurity as a strategic imperative rather than an afterthought.

The technological complexities of medical imaging technology, followed by integration gaps with diverse IT systems, leave radiology departments further exposed to vulnerabilities.

Securing radiology units

Surging costs associated with data breaches have radiology executives investing in robust cybersecurity infrastructure and conducting regular vulnerability assessments to mitigate threats.

Despite the foreboding threat techniques, many radiology operations tend to adopt a passive "wait-and-see" stance, however. Such a lax approach can neither safeguard patient data nor preemptively thwart security breaches. Fortunately, there are actionable measures that all radiology leaders can implement to bolster their defenses and uphold operational integrity. These steps include:

  • Encourage organization-wide training: Phishing is cyberattackers' primary technique for ransomware. Radiology departments can significantly reduce the damage of such attacks with proper training and awareness. Making leaders and employees aware of phishing and associated risks, the importance of strong passwords, and other cybersecurity issues can help mitigate attacks greatly.
  • Actively ensure compliance: Modernization projects such as interoperable systems and APIs can expose IT departments to potential vulnerabilities. Radiology departments should regularly audit old systems and check whether new ones comply with the latest global regulatory standards. This can help them enhance overall compliance and cybersecurity.
  • Explore Cloud-native security: By deploying cloud security solutions, radiology executives can store medical data in an encrypted format. These solutions are fortified by multiple protective layers and incorporate enterprise-grade security measures, real-time monitoring capabilities, and scalable storage capacity. Organizations can achieve two-way benefits by securely storing sensitive health data and driving robust security protocols.
  • Safeguarding patient consent management and privacy: Patient consent is a pivotal element in ensuring the privacy and protection of patient data. Radiology departments must be upfront about how patients' data is collected, utilized, and accessed with due diligence. With patient consent at the heart of operations, radiology staff can demonstrate their commitment to upholding patient privacy standards and adhere to ethical practices regarding data handling.
  • Proper scrutiny of third-party vendors: Radiology departments rely heavily on third-party vendors, including cloud, value-added service, and managed service providers, to fulfill their IT service needs. It is crucial to vet these vendors by reviewing their security protocols, evaluating their credentials, and assessing their compliance standards. For example, cloud vendors should have successfully undergone a HIPAA audit and obtained HITRUST certification. By selecting vendors through stringent cybersecurity measures and relevant certifications, radiology departments can ultimately safeguard patient data and uphold industry best practices.
  • Implementing zero-trust architecture: Zero-trust architecture strategy views every user or device attempting system access as potentially malicious until authentication and trust are established. How can radiology professionals safeguard their systems and data amid potential risks after architecture deployment? By employing top-tier encryption mechanisms to protect data in transit and at rest. This added layer fortifies security measures, reducing the risk of breaches or cyberattacks. Thus, organizations can bolster their overall cyber posture while shielding sensitive data from potential threats.
  • Viewing the security layer through a third-party expert lens: Are regular assessments enough to identify vulnerabilities and weaknesses in the security posture of radiology operations? A reputable third-party security firm can provide valuable insights about existing security measures and areas that need improvement. Tests are carried out to evaluate the organization's cybersecurity, penetration, and compliance standards.
  • Continuous monitoring: Radiology departments must regularly review and update cybersecurity policies and procedures. They must also conduct security assessments and offer advanced training on threats and prevention techniques. Executives must foster an environment where employees feel empowered to report suspicious activities.

2024 03 29 Safeguarding Future Figure2

By implementing these measures, radiology executives can transcend from a reactive to a more proactive approach, significantly enhancing their cyber posture.

Conclusion

With medical imaging centers facing aggressive attacks by the minute, it’s imperative to embrace a mindset shift – starting from cultivating a cybersecurity awareness culture to implementing proactive defense strategies and hiring experts with unique skill sets to help radiologists and department leads safeguard against cyber adversaries. Thus, with a collective approach to cybersecurity that combines people, mindset, and technologies, healthcare can win the war against cyberattacks.

Dhaval Shah is executive vice president and market head, MedTech, and Shujah Das Gupta is vice president, MedTech, at CitiusTech.

The comments and observations expressed are those of the authors and do not necessarily reflect the opinions of AuntMinnie.com.

Latest in Cybersecurity
Cyberattack Hacker
Cyberattacks: What can radiology do to boost protection?
January 5, 2024
An illustration of two types of adversarial attacks on breast imaging diagnosis. Adversarial noise applied in white-box attacks and adversarial samples produced by generative adversarial networks in black-box attacks can fool a deep learning diagnostic model to give wrong output, according to University of Pittsburgh researchers. The researchers have proposed two security schemes, called ARFL and LIDA, to make the models robust and resilient to adversarial attacks. (Image courtesy of Shandong Wu, PhD, Pittsburgh Center for AI Innovation in Medical Imaging)
New AI training strategies stiffen defense against adversarial attacks
December 15, 2023
Cybersecurity Locks 400
IMV: Cybersecurity for imaging equipment to increase in importance
September 15, 2023
2023 08 16 17 19 4897 2023 08 17 Kim Ransomware Interview 400
Cybersecurity analyst talks ransomware with AuntMinnie.com
August 16, 2023
Related Stories
Michael J. Cannavo.
Enterprise Imaging
The PACSman Pontificates: Dog tired after HIMSS 2024
Cyberattack Hacker
Cybersecurity
Cyberattacks: What can radiology do to boost protection?
An illustration of two types of adversarial attacks on breast imaging diagnosis. Adversarial noise applied in white-box attacks and adversarial samples produced by generative adversarial networks in black-box attacks can fool a deep learning diagnostic model to give wrong output, according to University of Pittsburgh researchers. The researchers have proposed two security schemes, called ARFL and LIDA, to make the models robust and resilient to adversarial attacks. (Image courtesy of Shandong Wu, PhD, Pittsburgh Center for AI Innovation in Medical Imaging)
Artificial Intelligence
New AI training strategies stiffen defense against adversarial attacks
Cybersecurity Locks
Cybersecurity
Suspected cyberattack affects Consulting Radiologists operations
More in Cybersecurity
Cyberattacks: What can radiology do to boost protection?
By Will Morton
In the wake of the 2021 attack on the Irish health system, authors from Cork have written about their experiences and how they've modified their approach to cybersecurity.
January 5, 2024
Cyberattack Hacker
New AI training strategies stiffen defense against adversarial attacks
By Liz Carey
Computer scientists are exploring how to protect against medical errors caused by adversarial attacks on AI machine learning diagnostic models.
December 15, 2023
An illustration of two types of adversarial attacks on breast imaging diagnosis. Adversarial noise applied in white-box attacks and adversarial samples produced by generative adversarial networks in black-box attacks can fool a deep learning diagnostic model to give wrong output, according to University of Pittsburgh researchers. The researchers have proposed two security schemes, called ARFL and LIDA, to make the models robust and resilient to adversarial attacks. (Image courtesy of Shandong Wu, PhD, Pittsburgh Center for AI Innovation in Medical Imaging)
IMV: Cybersecurity for imaging equipment to increase in importance
By Davin Korstjens
With an increase in equipment connectivity and hospital networking, cybersecurity is becoming a growing concern.
September 15, 2023
Cybersecurity Locks 400
Cybersecurity analyst talks ransomware with AuntMinnie.com
Lee Kim from the Healthcare Information and Management Systems Society spoke with AuntMinnie.com to talk about recent ransomware attacks and how hospital systems can protect themselves.
August 16, 2023
2023 08 16 17 19 4897 2023 08 17 Kim Ransomware Interview 400
Radiologist victim of random street attack in Portland, OR
By AuntMinnie.com staff writers
An Oregon interventional radiologist was attacked July 28 and beaten in the face by an unidentified assailant, according to a New York Post report.
August 3, 2023
2021 07 14 17 20 1479 Police Cars Emergency 400
Ransomware affects emergency radiology workflows
By Amerigo Allegretto
Ransomware attacks have a significant effect on emergency radiology workflows, as well as on acute care delivery and the personal well-being of healthcare providers, according to a study published June 15 in the Annals of Emergency Medicine.
June 19, 2023
2021 08 10 16 10 2928 Cybersecurity Lock V2 400
Subclinical atherosclerosis increases heart attack risk 8-fold
By Kate Madden Yee
Coronary atherosclerosis -- detected on coronary CT angiography (CCTA) -- increases a person's risk of heart attack eight-fold, a study published March 28 in the Annals of Internal Medicine has found.
March 30, 2023
2020 01 04 00 31 7725 Heart Attack Disease 3 D 400
SPECT comparable to conventional gamma for detecting heart attack
By Will Morton
SPECT cameras with cadmium zinc telluride detectors perform comparably to conventional gamma devices for imaging patients with suspected heart attack, according to researchers in Sweden.
March 15, 2023
2023 03 16 00 05 1424 2023 03 15 Spect Mi 20230317153901
Glassbeam unveils cloud platform with cybersecurity protection at RSNA 2022
By AuntMinnie.com staff writers
Medical data analytics firm Glassbeam announced that it is in the final stages of releasing its cloud-based platform SCALAR and healthcare application suite Clinsights with NIST 800-53 controls and continuous monitoring security framework.
November 29, 2022
2019 05 06 22 40 2229 Cybersecurity Locks 400
CTCA can assist in determining type of heart attack
By Kate Madden Yee
Quantifying a person's heart plaque using CT coronary angiography (CTCA) may help in determining the type of heart attack the patient is experiencing, according to research published October 27 in Radiology: Cardiothoracic Imaging.
October 30, 2022
2022 10 28 23 25 6599 2022 10 31 Ctca Heart Attack Figure4 20221028235705
Calif. imaging provider warns of data breach
By AuntMinnie.com staff writers
Cardiac Imaging Associates of Los Angeles is notifying some of its clients about a data privacy breach that occurred in spring which could affect their privacy.
October 9, 2022
2021 07 26 17 38 9344 Data Network Breach 400
Ukrainian radiology staff killed and injured in missile attack
By Frances Rylands-Monk
The owner of an imaging facility in Vinnytsia, 200 km southwest of Kyiv, has confirmed that a Russian cruise missile attack killed at least 24 civilians and wounded dozens more, including staff members.
July 19, 2022
2022 07 19 17 39 4271 2022 07 19 Ukraine Imaging Facility 20220719172651
Page 1 of 17
Next Page