5 takeaways from new ACR, Society for Imaging Informatics in Medicine cybersecurity guidance

Marty Stempniak | | Radiology Business | Imaging Informatics
cybersecurity hacker ransomware cyber data breach

Experts are offering five takeaways from a new joint white paper issued by the American College of Radiology and Society for Imaging Informatics in Medicine on Tuesday. 

The two recently convened a panel of multidisciplinary stakeholders to discuss this issue, including radiologists, technologists, informaticists and physicists. ACR and SIIM were prompted by a rising number of cyberattacks on the industry and radiology’s status as a prime hacker target, due to its heavy reliance on technology. 

Both societies said they are “committed to safeguarding medical imaging” against this growing threat, with HHS estimating there were 725 reported healthcare breaches last year alone. 

“The daily operations of radiology and enterprise imaging departments increasingly rely on technology that has become ever more interconnected within and across a health network,” lead author Po-Hao Chen, MD, MBA, an informatics expert with the Cleveland Clinic, and colleagues concluded. “Taken together, these multidisciplinary interventions can minimize the data risk, privacy concerns, and financial implications of data breaches and disabling attacks and help maintain patient trust,” they added later. 

Subscribe to Radiology Business News

The white paper outlines strategies to mitigate risk and restore regular operations in the event of an attack. It includes an overview of the current landscape, discussing different types of vulnerabilities, along with best practices on how to handle a hacking incident. 

Here are their five takeaways: 

  1. Radiology is vulnerable: The modern radiology practice or hospital department is “highly vulnerable” to cyberattacks. Protecting data, devices and workflows requires layered administrative, physical and technical safeguards throughout an organization’s operations. 
  2. Improving one’s odds: Effective incident response—including coordination among teams and regular simulation drills—can improve a radiology group’s odds of maintaining clinical continuity during a ransomware attack or other technology outages. 
  3. Importance of training: Robust staff education and administrative oversight are both critical, the authors emphasized. Most successful cybersecurity threats exploit human behavior, making ongoing training “central to security.” 
  4. AI, cloud add risk: Cloud storage and artificial intelligence integration can increase complexity and potential vulnerabilities. However, radiology groups can mitigate risk through data encryption, vendor compliance and monitoring for adversarial threats. 
  5. Fostering culture: Organizations should seek to build a proactive culture, which performs regular cyber-safety drills during downtime and strives to sustain patient trust. 

“Establishing a culture of safety is a challenging yet important part of building resilience,” the authors advised. “With a dedicated group of downtime champions, the larger department can more effectively simulate and practice different downtime contingencies, refining procedures and protocols through frequent exercises.”

You can read much more in the white paper, which is published in both the Journal of the American College of Radiology and the Journal of Imaging Informatics in Medicine. Other authors included Benoit Desjardins, MD, PhD, chief medical information officer and cardiovascular radiologist with the University of Montreal Hospital Center; Brett Strassner, MA, medical physicist at Radiation Protection Services; Reza Forghani, MD, PhD, chief of imaging informatics at AdventHealth Medical Group, Central Florida Division; Robert Bodakk an imaging informatics analyst with extensive experience as a radiologic technologist; Judy Gichoya, MD, MS, associate professor in Emory University’s Department of Radiology & Imaging Sciences; James Whitfill, MD, MBA, senior vice president and chief transformation officer at HonorHealth; Eric Ehman, MD, chair of the Mayo Clinic Enterprise Radiology Downtime Committee; and Christoph Wald, MD, PhD, MBA, chair of the ACR Commission on Informatics and vice chair of the ACR Board of Chancellors. 

Related Articles:

One of America’s oldest continuously operating radiology groups suffers apparent cyberattack
PET imaging provider hit with multi-state phishing attack
4 cybersecurity best practices for radiology groups
Radiology group cyberattack exposes private info of over 150,000 patients
HHS penalizes imaging provider for allegedly violating patient privacy laws
Radiologists warn of cybersecurity risks stemming from large language model use
Radiology Business Marty Stempniak
Marty Stempniak

Marty Stempniak has covered healthcare since 2012, with his byline appearing in the American Hospital Association's member magazine, Modern Healthcare and McKnight's. Prior to that, he wrote about village government and local business for his hometown newspaper in Oak Park, Illinois. He won a Peter Lisagor and Gold EXCEL awards in 2017 for his coverage of the opioid epidemic. 

Related Content

Economics of radiology AI: Strategies to get paid
Cloud-native AI offers advantages in radiology efficiency
Why RadNet is betting heavily on AI to reshape radiology workflows
Leveraging IT and AI to transform 3D imaging lab workflows at Banner Health
What makes AI a friend, foe or time thief in radiology?
American College of Radiology offers cybersecurity resources

Around the web

Health Exec
Does the US have what it takes to stay ahead of China in medical advancement?
Health Exec
Whistleblower: Abbott Laboratories and Hawaiian provider colluded to use more medical devices
Health Exec
Lawsuit alleges communication failures at PeaceHealth led to patient’s death

Subscribe to Radiology Business News

Subscribe to Radiology Business News