 |
VOOZH | about |
|
VOOZH | about |
As the use of AI and cloud-based systems expands in radiology, learn how to remain secure.
As radiology practices shift toward cloud-based platforms and integrate AI-powered tools, will practices become more secure or more exposed to cyberattacks?
That question is explored in a recent white paper from the American College of Radiology (ACR) and the Society for Imaging Informatics in Medicine (SIIM). The authors suggest that third-party cloud and AI solutions may pose the risk of a single point of failure if not actively managed.1
That doesnβt mean, however, that modern systems are less secure. According to Demetri Giannikopoulos, chief innovation officer at Rad AI, a leader in generative AI solutions for radiology, many are designed with security in mind from the ground up. βThe cloud and AI opportunity right now, from a security perspective, is if you have the right partner, you have an opportunity to reduce your exposure,β he says.
Radiology in the Crosshairs
Because radiology systems hold vast amounts of protected health information, they are an attractive target for hackers, who can sell that information on the dark web. The current threat landscape bears this out. A recent report indicates that smaller practices and imaging centers may be at the highest risk for ransomware and other incidents.2 In 2025, multiple practices experienced breaches. One involving a longstanding group in North Carolina caused so many downstream issues that the practice chose to shut down and sell to a local hospital group.3
On-Premises Vs. Cloud and AI Systems
The underlying commonalities among recent radiology breaches, according to Giannikopoulos, are on-premises systems and older technology. βThe ACR-SIIM white paper cited that the average life of modality was seven to 10 years,β he says. βIβve seen DEXA and fluoroscopy units that are even older than that, like 20 years old in some cases. Those are all generally on premises.β
Many older technologies predate modern health-care cybersecurity frameworks. In contrast, newer cloud-native and AI tools are designed to meet todayβs cybersecurity expectations. βWe have the benefit of being newer, taking a fresh set of eyes and learning from past approaches,β Giannikopoulos says.
Rad AIβs cloud-based reporting software, for example, complies with SOC 2 Type II standards, an independent audit that evaluates how well a company protects data over time. Rad AI also aligns with the National Institute of Standards and Technology risk management framework, an emerging set of guidelines for reducing cybersecurity risks.
Top Cybersecurity Tips
When it comes to radiologists protecting their systems and practices, Giannikopoulos concurs with many of the recommendations in the ACR-SIIM white paper. βRadiologists should set [cybersecurity] policies ahead of time,β he says. βJust like you should have a HIPAA breach policy, you need to have a [cybersecurity] policy in place so you can have the smoothest response to a breach with minimal disruption for everybody thatβs on premises.β
Key questions radiologists should ask, Giannikopoulos says, are:
β’ Do you have a security response team in place?
β’ Do you have a failover response in the event of a ransomware attack?
β’ Do you have air-gapped backups, copies of data isolated from the main network so they canβt be accessed or encrypted during a ransomware attack?
When evaluating potential cloud and AI vendors, Giannikopoulos recommends not only asking about the companyβs security protocols, but asking for and reviewing any documentation the vendor provides. In Rad AIβs case, radiologists can review the solutionβs audit reports, penetration testing, and other documents on a dedicated website, www.trust.radiai.com.
Extending Lessons Learned
Even as radiology systems become more secure by design, hackers will continually develop workarounds to compromise them. For this reason, radiologists and health-care professionals should remain vigilant. They also can extend their impact by sharing lessons learned with people and organizations outside of health care.
βOur industry has put a lot of work into designing and implementing secure systems,β Giannikopoulos says. βLetβs be the lighthouse and show others how to do it.β
References
1. Silva III E. Looking at the year ahead for the JACR. J Am Coll Radiol. 2025;22(1):1. doi:10.1016/j.jacr.2024.11.002
2. Walter M. Patients file $5M class action lawsuit against one of Americaβs oldest radiology practices. Radiology Business. Dec. 17, 2024. Accessed Jan. 9, 2026. https://radiologybusiness.com/topics/healthcare-management/legal-news/patients-file-5m-class-action-lawsuit-against-1-americas-oldest-radiology-practices
3. Walter M. Cyberattack forces radiology practice to close for the foreseeable future. Radiology Business. Nov. 12, 2024. Accessed Jan. 9, 2026. https://radiologybusiness.com/topics/health-it/cyberattack-forces-radiology-practice-close-foreseeable-future
