Image: Getty Images
As radiology practices shift toward cloud-based platforms and integrate AI-powered tools, will practices become more secure or more exposed to cyberattacks?
That question is explored in a recent white paper from the American College of Radiology (ACR) and the Society for Imaging Informatics in Medicine (SIIM). The authors suggest that third-party cloud and AI solutions may pose the risk of a single point of failure if not actively managed.1
That doesn’t mean, however, that modern systems are less secure. According to Demetri Giannikopoulos, chief innovation officer at Rad AI, a leader in generative AI solutions for radiology, many are designed with security in mind from the ground up. “The cloud and AI opportunity right now, from a security perspective, is if you have the right partner, you have an opportunity to reduce your exposure,” he says.
Radiology in the Crosshairs
Because radiology systems hold vast amounts of protected health information, they are an attractive target for hackers, who can sell that information on the dark web. The current threat landscape bears this out. A recent report indicates that smaller practices and imaging centers may be at the highest risk for ransomware and other incidents.2 In 2025, multiple practices experienced breaches. One involving a longstanding group in North Carolina caused so many downstream issues that the practice chose to shut down and sell to a local hospital group.3
On-Premises Vs. Cloud and AI Systems
The underlying commonalities among recent radiology breaches, according to Giannikopoulos, are on-premises systems and older technology. “The ACR-SIIM white paper cited that the average life of modality was seven to 10 years,” he says. “I’ve seen DEXA and fluoroscopy units that are even older than that, like 20 years old in some cases. Those are all generally on premises.”
Many older technologies predate modern health-care cybersecurity frameworks. In contrast, newer cloud-native and AI tools are designed to meet today’s cybersecurity expectations. “We have the benefit of being newer, taking a fresh set of eyes and learning from past approaches,” Giannikopoulos says.
Rad AI’s cloud-based reporting software, for example, complies with SOC 2 Type II standards, an independent audit that evaluates how well a company protects data over time. Rad AI also aligns with the National Institute of Standards and Technology risk management framework, an emerging set of guidelines for reducing cybersecurity risks.
Top Cybersecurity Tips
When it comes to radiologists protecting their systems and practices, Giannikopoulos concurs with many of the recommendations in the ACR-SIIM white paper. “Radiologists should set [cybersecurity] policies ahead of time,” he says. “Just like you should have a HIPAA breach policy, you need to have a [cybersecurity] policy in place so you can have the smoothest response to a breach with minimal disruption for everybody that’s on premises.”
Key questions radiologists should ask, Giannikopoulos says, are:
• Do you have a security response team in place?
• Do you have a failover response in the event of a ransomware attack?
• Do you have air-gapped backups, copies of data isolated from the main network so they can’t be accessed or encrypted during a ransomware attack?
When evaluating potential cloud and AI vendors, Giannikopoulos recommends not only asking about the company’s security protocols, but asking for and reviewing any documentation the vendor provides. In Rad AI’s case, radiologists can review the solution’s audit reports, penetration testing, and other documents on a dedicated website, www.trust.radiai.com.
Extending Lessons Learned
Even as radiology systems become more secure by design, hackers will continually develop workarounds to compromise them. For this reason, radiologists and health-care professionals should remain vigilant. They also can extend their impact by sharing lessons learned with people and organizations outside of health care.
“Our industry has put a lot of work into designing and implementing secure systems,” Giannikopoulos says. “Let’s be the lighthouse and show others how to do it.”
References
1. Silva III E. Looking at the year ahead for the JACR. J Am Coll Radiol. 2025;22(1):1. doi:10.1016/j.jacr.2024.11.002
2. Walter M. Patients file $5M class action lawsuit against one of America’s oldest radiology practices. Radiology Business. Dec. 17, 2024. Accessed Jan. 9, 2026. https://radiologybusiness.com/topics/healthcare-management/legal-news/patients-file-5m-class-action-lawsuit-against-1-americas-oldest-radiology-practices
3. Walter M. Cyberattack forces radiology practice to close for the foreseeable future. Radiology Business. Nov. 12, 2024. Accessed Jan. 9, 2026. https://radiologybusiness.com/topics/health-it/cyberattack-forces-radiology-practice-close-foreseeable-future
December 01, 2025 
