Protecting Radiology Data and Devices Against Cybersecurity Threats: A Joint White Paper of the ACR and Society for Imaging Informatics in Medicine

Po-Hao Chen; Benoit Desjardins; Brett Strassner; Reza Forghani; Robert Bodak; Judy Gichoya; James Whitfill; Eric C Ehman; Christoph Wald

doi:10.1016/j.jacr.2025.07.014

Protecting Radiology Data and Devices Against Cybersecurity Threats: A Joint White Paper of the ACR and Society for Imaging Informatics in Medicine

J Am Coll Radiol. 2025 Oct;22(10):1160-1172. doi: 10.1016/j.jacr.2025.07.014. Epub 2025 Aug 6.

Authors

Po-Hao Chen¹, Benoit Desjardins², Brett Strassner³, Reza Forghani⁴, Robert Bodak⁵, Judy Gichoya⁶, James Whitfill⁷, Eric C Ehman⁸, Christoph Wald⁹

Affiliations

¹ Vice Chair for Artificial Intelligence, Enterprise Diagnostics Institute, Cleveland Clinic, Cleveland, Ohio; Cleveland Clinic Lerner College of Medicine, Case Western Reserve University, Cleveland, Ohio; Chair, Data Science Summit, American College of Radiology; Chair, Security Subcommittee, Society for Imaging Informatics in Medicine. Electronic address: chenp2@ccf.org.
² Chief Medical Information Officer, Centre Hospitalier de l'Université de Montréal, Montréal, Quebec, Canada.
³ Radiation Protection Services Limited, Springfield, Illinois.
⁴ Chief of Imaging Informatics, Department of Radiology, AdventHealth Medical Group Central Florida Division, Maitland, Florida.
⁵ Section of Imaging Informatics, Enterprise Diagnostics Institute, Cleveland Clinic, Cleveland, Ohio.
⁶ Director of Healthcare Innovation and Translational Informatics Lab, Department of Radiology & Imaging Sciences, Emory University, Atlanta, Georgia.
⁷ HonorHealth, Scottsdale, Arizona; Arizona State University School of Medicine and Advanced Medical Engineering, Phoenix, Arizona; Senior Vice President, Chief Transformation Officer, HonorHealth.
⁸ Lead, Artificial Intelligence and Informatics, Abdominal Imaging Division, Department of Radiology, Mayo Clinic, Rochester, Minnesota; Chair, Mayo Clinic Enterprise Radiology Downtime Committee.
⁹ Department of Radiology, Mayo Clinic, Rochester, Minnesota; Chair, Commission on Informatics and Vice Chair, Board of Chancellors, ACR.

PMID: 40767823
DOI: 10.1016/j.jacr.2025.07.014

Abstract

Modern radiology relies entirely on digital imaging systems. Health care records draw cybercriminals' attention. On-site and cloud-based informatics systems, including artificial intelligence, can boost efficiency but also create weak points. Medical imaging systems must safeguard patient identities, control access, secure devices, and coordinate with patients, payers, and billing partners. Endorsed by the ACR and the Society for Imaging Informatics in Medicine, this white paper outlines steps to fortify the medical imaging pipeline methodically, train caregivers on the frontline, and develop incident response and recovery strategies for data breaches and disabling ransomware attacks. Additionally, building a culture of safety in imaging involves conducting routine simulations and actively engaging leadership. Taken together, these multidisciplinary interventions can minimize the clinical impact and operational implications of cybersecurity events, thereby maintaining patient trust in an increasingly interconnected imaging workflow.

Keywords: ACR; cybersecurity; privacy; radiology; ransomware.

Publication types

Consensus Statement
Research Support, N.I.H., Extramural
Research Support, Non-U.S. Gov't

MeSH terms

Computer Security* / standards
Confidentiality* / standards
Diagnostic Imaging*
Humans
Medical Informatics*
Radiology Information Systems* / standards
Radiology*
Societies, Medical
United States