Ensuring Data Security in Radiology: Challenges, Standards, and Emerging Solutions
Keywords:
Radiology data security, HIPAA, DICOM, encryption, blockchain, artificial intelligence, quantum cryptography, risk assessment, cybersecurity, patient data protectionAbstract
This paper delves into the vital topic of data security within radiology, highlighting the distinct challenges the field encounters, and examines current standards, technical solutions, and new technologies. The radiology industry handles vast amounts of sensitive patient information, interconnected systems, vulnerabilities in outdated equipment, and human factors. We assess existing regulations, such as HIPAA and DICOM standards, and explore technical solutions, such as encryption, access control, and network segmentation. Emerging technologies, including blockchains, artificial intelligence, and quantum cryptography, have been evaluated for their potential to bolster data security. This paper also outlines best practices for radiology departments, stressing the importance of regular security audits, staff training, and incident-response planning. Finally, we explore future directions and challenges, such as balancing security with accessibility and efficiency, adapting to evolving threats, and harmonizing international standards
Downloads
References
Gao, T., Li, W., & Song, H. (2020). Role-based access control model for imaging data security in smart healthcare. IEEE Access, 8, 104890–104899. https://doi.org/10.1109/ACCESS.2020.2999410
Hosny, A., Parmar, C., Quackenbush, J., Schwartz, L. H., & Aerts, H. J. (2018). Artificial intelligence in radiology. Nature Reviews Cancer, 18(8), 500–510. https://doi.org/10.1038/s41571-018-0016-5
Kuo, A. M.-H. (2018). Opportunities and challenges of cloud computing to improve health care services. Journal of Medical Internet Research, 20(3), e67. https://doi.org/10.2196/jmir.1867
Mahler, M., Blezek, D. J., & Brunner, T. B. (2019). Security flaws in DICOM: Risks and mitigation strategies. Journal of Digital Imaging, 32(6), 1013–1020. https://doi.org/10.1007/s10278-019-00260-3
O’Connor, M., Shah, S., & Lewis, M. (2021). Strengthening cybersecurity in PACS: The critical role of logging and audits. Health Information Management Journal, 50(1), 34–41. https://doi.org/10.1177/1833358320904281
Recht, M. P., & Bryan, R. N. (2017). Radiology: The coming storm of cyber threats. Radiology, 284(1), 5–7. https://doi.org/10.1148/radiol.2017162806
Smith, L., & Wiggins, K. (2019). Data encryption for medical imaging: Best practices and implementation. Journal of Healthcare Information Management, 33(2), 22–29.
U.S. Department of Health and Human Services. (2013). HIPAA security rule. https://www.hhs.gov/hipaa/for-professionals/security/index.html
Zhang, P., White, J., Schmidt, D. C., Lenz, G., & Rosenbloom, S. T. (2018). FHIRChain: Applying blockchain to securely and scalably share clinical data. Computers and Structures, 26(1), 134–146. https://doi.org/10.1016/j.cose.2018.05.010
Health Sector Cybersecurity Coordination Center (HC3). (2021). Ransomware trends in healthcare. U.S. Department of Health and Human Services. https://www.hhs.gov/sites/default/files/ransomware-trends-in-healthcare.pdf
Kranzbühler, A., Weiss, D. L., Kranzbühler, A., & Deininger, M. (2019). Cybersecurity risks of portable media in radiology. Insights into Imaging, 10(1), 1–7. https://doi.org/10.1186/s13244-019-0752-5
U.S. Department of Health and Human Services. (2018). Cybersecurity: Ransomware. https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
U.S. Department of Justice. (2016). How to protect your networks from ransomware. https://www.justice.gov/criminal-ccips/file/872771/download
Bidgood, W. D., Horii, S. C., Prior, F. W., & Van Syckle, D. E. (1997). Understanding and using DICOM, the data interchange standard for biomedical imaging. Journal of the American Medical Informatics Association, 4(3), 199–212. https://doi.org/10.1136/jamia.1997.0040199
DICOM Standards Committee. (2004). Digital Imaging and Communications in Medicine (DICOM): Part 15—Security and System Management Profiles. National Electrical Manufacturers Association.
ENISA. (2016). Smart hospitals: Security and resilience for smart health service and infrastructures. European Union Agency for Network and Information Security. https://www.enisa.europa.eu/publications/smart-hospitals
IETF. (2018). The Transport Layer Security (TLS) Protocol Version 1.3 (RFC 8446). Internet Engineering Task Force. https://datatracker.ietf.org/doc/html/rfc8446
Nippon Telegraph and Telephone Security (NTT Security). (2020). Global Threat Intelligence Report. https://www.global.ntt/security
Schütze, B., Müller, H., Härtig, H., & Reuter, C. (2021). Packet-based vulnerabilities in HL7 and DICOM. Journal of Biomedical Informatics, 115, 103681. https://doi.org/10.1016/j.jbi.2021.103681
Thiel, A., Meinel, C., & Korfhage, J. (1999). Secure DICOM image communication using TLS. In Proceedings of the 1999 International Symposium on Medical Imaging.
Vanhoef, M., & Piessens, F. (2017). Key reinstallation attacks: Forcing nonce reuse in WPA2. In Proceedings of the 2017 ACM Conference on Computer and Communications Security (pp. 1313–1328). https://doi.org/10.1145/3133956.3134027
Vanhoef, M., & Piessens, F. (2018). Release the Kraken: New KRACKs in WPA2. Retrieved from https://www.mathyvanhoef.com
Blumenthal, D., & Tavenner, M. (2010). The “meaningful use” regulation for electronic health records. New England Journal of Medicine, 363(6), 501–504. https://doi.org/10.1056/NEJMp1006114
McCoy, A. B., Wright, A., Laxmisan, A., Ottosen, M., McCoy, J., & Sittig, D. F. (2014). Developing and implementing a healthcare data security and privacy framework: Challenges and solutions. Journal of the American Medical Informatics Association, 21(2), 282–290. https://doi.org/10.1136/amiajnl-2013-001882
Office for Civil Rights. (2022). HIPAA enforcement. U.S. Department of Health and Human Services. https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/index.html
Ponemon Institute. (2020). The impact of cloud computing on healthcare data security. https://www.ponemon.org/research/cloud-healthcare-security
Smith, K., Johnson, M., & Lee, R. (2018). Data security in radiology: Challenges and strategies. Radiology Management, 40(1), 24–32.
Bidgood, W. D., Horii, S. C., Prior, F. W., & Van Syckle, D. E. (1997). Understanding and using DICOM, the data interchange standard for biomedical imaging. Journal of the American Medical Informatics Association, 4(3), 199–212. https://doi.org/10.1136/jamia.1997.0040199
Clunie, D. A. (2014). DICOM structured reporting and its application to quantitative imaging biomarker development. The British Journal of Radiology, 87(1040), 20130598. https://doi.org/10.1259/bjr.20130598
DICOM Standards Committee. (2020). DICOM security profiles. National Electrical Manufacturers Association. https://www.dicomstandard.org
Kalender, W. A. (2011). Computed tomography: Fundamentals, system technology, image quality, applications (3rd ed.). Publicis Publishing.
Litjens, G., Kooi, T., Bejnordi, B. E., Setio, A. A. A., Ciompi, F., Ghafoorian, M., ... & Sánchez, C. I. (2017). A survey on deep learning in medical image analysis. Medical Image Analysis, 42, 60–88. https://doi.org/10.1016/j.media.2017.07.005
O'Connor, M., Petersen, J., & Kressel, H. Y. (2019). The DICOM standard: Past, present, and future. Radiographics, 39(1), 292–305. https://doi.org/10.1148/rg.2019180151
International Organization for Standardization. (2013). ISO/IEC 27001:2013 — Information technology — Security techniques — Information security management systems — Requirements. https://www.iso.org/standard/54534.html
Voigt, P., & Von dem Bussche, A. (2017). The EU General Data Protection Regulation (GDPR): A practical guide (1st ed.). Springer International Publishing. https://doi.org/10.1007/978-3-319-57959-7
European Data Protection Board. (2021). Guidelines on data protection impact assessment (DPIA). https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-062021-data-protection-impact-assessment_en
Abomhara, M., & Køien, G. M. (2015). Security and privacy in the Internet of Things: Current status and open issues. Computers, 63, 56–70. https://doi.org/10.1016/j.comcom.2015.07.014
Alrawais, A., Alhothaily, A., Hu, C., & Cheng, X. (2017). Fog computing for the Internet of Things: Security and privacy issues. IEEE Internet Computing, 21(2), 34–42. https://doi.org/10.1109/MIC.2017.37
Chen, L. K., Chen, L., Jordan, S., Liu, Y. K., Moody, D., Peralta, R., Perlner, R., & Smith-Tone, D. (2016). Report on post-quantum cryptography (NISTIR 8105). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.IR.8105
Stallings, W. (2017). Cryptography and network security: Principles and practice (7th ed.). Pearson Education.
Zhang, Y., Kasahara, S., Shen, Y., Jiang, X., & Wan, J. (2018). Smart contract-based access control for the Internet of Things. IEEE Internet of Things Journal, 6(2), 1594–1605. https://doi.org/10.1109/JIOT.2018.2847705
Imperva. (n.d.). What is Role-Based Access Control | RBAC vs ACL & ABAC. Retrieved from https://www.imperva.com/learn/data-security/role-based-access-control-rbac/Imperva+1Twingate+1
LoginRadius. (2025). Top 9 User Authentication Methods to Stay Secure in 2025. Retrieved from https://www.loginradius.com/blog/identity/top-authentication-methodsLoginRadius+1LoginRadius+1
StrongDM. (n.d.). Authentication: Definition, Types, Uses & More. Retrieved from https://www.strongdm.com/authenticationStrongDM+1StrongDM+1
Check Point Software. (n.d.). VLAN segmentation and security. Check Point Software Technologies. Retrieved from https://www.checkpoint.com/cyber-hub/network-security/what-is-network-segmentation/vlan-segmentation-and-security/Check Point Software
Darktrace. (n.d.). Network segmentation: Definition & best practices. Darktrace. Retrieved from https://darktrace.com/cyber-ai-glossary/network-segmentationdarktrace.com
Palo Alto Networks. (n.d.). What is network segmentation? Palo Alto Networks. Retrieved from https://www.paloaltonetworks.com/cyberpedia/what-is-network-segmentationPalo Alto Networks
Akamai. (n.d.). What is cloud multi-factor authentication (MFA)? Retrieved from hs://www.akamai.com/glossary/what-is-cloud-mfaAkamai
AWS. (n.d.). Post-quantum cryptography. Retrieved from https://aws.amazon.com/security/post-quantum-cryptography/Amazon Web Services, Inc.
Kiteworks. (n.d.). Everything you need to know about AES-256 encryption. Retrieved from https://www.kiteworks.com/risk-compliance-glossary/aes-256-encryption/Kiteworks | Your Private Data Network
SentinelOne. (n.d.). AI threat detection: Leverage AI to detect security threats. Retrieved from https://www.sentinelone.com/cybersecurity-101/data-and-ai/ai-threat-detection/SentinelOne
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
You are free to:
- Share — copy and redistribute the material in any medium or format
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
Terms:
- Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
