{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T16:57:35Z","timestamp":1776877055757,"version":"3.51.2"},"reference-count":43,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2025,8,4]],"date-time":"2025-08-04T00:00:00Z","timestamp":1754265600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,8,4]],"date-time":"2025-08-04T00:00:00Z","timestamp":1754265600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Digit Imaging. Inform. med."],"DOI":"10.1007\/s10278-025-01621-4","type":"journal-article","created":{"date-parts":[[2025,8,4]],"date-time":"2025-08-04T15:42:59Z","timestamp":1754322179000},"page":"1052-1063","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Protecting Radiology Data and Devices Against Cybersecurity Threats: A Joint White Paper of the American College of Radiology (ACR) and Society for Imaging Informatics in Medicine (SIIM)"],"prefix":"10.1007","volume":"39","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7698-5289","authenticated-orcid":false,"given":"Po-Hao","family":"Chen","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Benoit","family":"Desjardins","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Brett","family":"Strassner","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Reza","family":"Forghani","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Robert","family":"Bodak","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Judy","family":"Gichoya","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"James","family":"Whitfill","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eric C.","family":"Ehman","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christoph","family":"Wald","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,8,4]]},"reference":[{"key":"1621_CR1","unstructured":"Office of Civil Rights D of H and HR. OCR Portal of Health Information Breaches Affecting 500 or More Individuals [Internet]. 2025 [cited 2025 Feb 22]. Available from: https:\/\/ocrportal.hhs.gov\/ocr\/breach\/breach_report.jsf"},{"key":"1621_CR2","unstructured":"Alder S. Change Healthcare Responding to Cyberattack [Internet]. The HIPAA Journal; 2024 [cited 2025 Feb 22]. Available from: https:\/\/www.hipaajournal.com\/change-healthcare-responding-to-cyberattack\/"},{"key":"1621_CR3","unstructured":"Warner MR. Cybersecurity is Patient Safety [Internet]. Office of Senator Mark R. Warner; 2022 [cited 2025 Feb 22]. Available from: https:\/\/www.warner.senate.gov\/public\/_cache\/files\/f\/5\/f5020e27-d20f-49d1-b8f0-bac298f5da0b\/0320658680B8F1D29C9A94895044DA31.cips-report.pdf"},{"key":"1621_CR4","first-page":"119","volume-title":"Practical Imaging Informatics: Foundations and Applications for Medical Imaging","author":"J Whitfill","year":"2021","unstructured":"Whitfill J. Data Security and Patient Privacy. In: Branstetter BFI, editor. Practical Imaging Informatics: Foundations and Applications for Medical Imaging. 2nd ed. New York, NY: Springer; 2021. p. 119\u201330.","edition":"2"},{"key":"1621_CR5","doi-asserted-by":"crossref","unstructured":"European Society of Radiology (ESR). (2014) Renewal of radiological equipment. Insights Imaging. 5(5):543\u20136.","DOI":"10.1007\/s13244-014-0345-1"},{"key":"1621_CR6","unstructured":"Das Gupta S, Shah D. (2024) Safeguarding the future of radiology with imaging informatics. AuntMinnie.com. Mar 28"},{"issue":"3","key":"1621_CR7","doi-asserted-by":"publisher","first-page":"96","DOI":"10.2345\/0899-8205-55.3.96","volume":"55","author":"SL Grimes","year":"2021","unstructured":"Grimes SL, Wirth A. The Case for Medical Device Cybersecurity Hygiene Practices for Frontline Personnel. Biomed Instrum Technol. 2021 Jul;55(3):96\u20139.","journal-title":"Biomed Instrum Technol."},{"key":"1621_CR8","unstructured":"HIPAA Journal Staff. (2021) Radiology Specialists Facing Class-Action Lawsuit Over PACS Data Breach [Internet].HIPAA Journal. Available from: https:\/\/www.hipaajournal.com\/radiology-specialists-facing-class-action-lawsuit-over-pacs-data-breach\/"},{"key":"1621_CR9","unstructured":"Davis J. (2021) Millions of medical images, patient data remain exposed via PACS flaws [Internet]. SC Media; Available from: https:\/\/www.scworld.com\/news\/millions-of-medical-images-patient-data-remain-exposed-via-pacs-flaws"},{"key":"1621_CR10","doi-asserted-by":"crossref","unstructured":"Cawthra J, Kuruvilla J, Littlefield K, Niemeyer B, Wang S, Williams R, et al. (2020) Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector [Internet]. National Institute of Standards and Technology (NIST). Available from: https:\/\/www.nccoe.nist.gov\/publication\/1800-24\/VolA\/","DOI":"10.6028\/NIST.SP.1800-24"},{"issue":"9","key":"1621_CR11","doi-asserted-by":"publisher","first-page":"828","DOI":"10.1016\/j.jacr.2023.06.023","volume":"20","author":"C Shah","year":"2023","unstructured":"Shah C, Nachand D, Wald C, Chen PH. Keeping Patient Data Secure in the Age of Radiology Artificial Intelligence: Cybersecurity Considerations and Future Directions. J Am Coll Radiol. 2023 Sep;20(9):828\u201335.","journal-title":"J Am Coll Radiol."},{"issue":"12","key":"1621_CR12","doi-asserted-by":"publisher","first-page":"8833","DOI":"10.1007\/s00330-023-09860-1","volume":"33","author":"BS Kelly","year":"2023","unstructured":"Kelly BS, Quinn C, Belton N, Lawlor A, Killeen RP, Burrell J. Cybersecurity considerations for radiology departments involved with artificial intelligence. Eur Radiol. 2023 Jul 7;33(12):8833\u201341.","journal-title":"Eur Radiol"},{"issue":"8","key":"1621_CR13","doi-asserted-by":"publisher","first-page":"e38372","DOI":"10.2196\/38372","volume":"12","author":"Z Zandesh","year":"2024","unstructured":"Zandesh Z. Privacy, Security, and Legal Issues in the Health Cloud: Structured Review for Taxonomy Development. JMIR Form Res. 2024 Feb 12;8:e38372.","journal-title":"JMIR Form Res."},{"key":"1621_CR14","unstructured":"Mirsky Y, Mahler T, Shelef I, Elovici Y. (2023) CT-GAN: Malicious Tampering of 3D Medical Imagery using Deep Learning [Internet]. arXiv; 2019 [cited Feb 8]. Available from: http:\/\/arxiv.org\/abs\/1901.03597"},{"issue":"4","key":"1621_CR15","doi-asserted-by":"publisher","first-page":"737","DOI":"10.1007\/s10278-022-00664-1","volume":"35","author":"G McGinty","year":"2022","unstructured":"McGinty G. #DitchtheDisk. J Digit Imaging. 2022 Aug;35(4):737\u20138.","journal-title":"J Digit Imaging"},{"key":"1621_CR16","unstructured":"American College of Radiology.(2019) ACR\u2013AAPM\u2013SIIM Practice Parameter for Electronic Medical Information Privacy and Security [Internet]. Jan. Available from: https:\/\/www.acr.org\/-\/media\/ACR\/Files\/Practice-Parameters\/Elec-Info-Privacy.pdf"},{"key":"1621_CR17","unstructured":"United States Health and Human Services. The HIPAA Security Rule [Internet]. Available from: https:\/\/www.hhs.gov\/hipaa\/for-professionals\/security\/index.html"},{"key":"1621_CR18","unstructured":"U.S. Code of Federal Regulations, Title 45, \u00a7 164.308: Administrative safeguards [Internet]. Available from: https:\/\/www.ecfr.gov\/current\/title-45\/subtitle-A\/subchapter-C\/part-164\/subpart-C\/section-164.308"},{"key":"1621_CR19","unstructured":"U.S. Code of Federal Regulations, Title 45, \u00a7 164.310: Physical Safeguards [Internet]. Available from: https:\/\/www.ecfr.gov\/current\/title-45\/subtitle-A\/subchapter-C\/part-164\/subpart-C\/section-164.310"},{"key":"1621_CR20","unstructured":"U.S. Code of Federal Regulations, Title 45, \u00a7 164.312: Technical Safeguards [Internet]. Available from: https:\/\/www.ecfr.gov\/current\/title-45\/subtitle-A\/subchapter-C\/part-164\/subpart-C\/section-164.312"},{"key":"1621_CR21","unstructured":"United States Health and Human Services. The HIPAA Privacy Rule [Internet]. Available from: https:\/\/www.hhs.gov\/hipaa\/for-professionals\/privacy\/index.html"},{"key":"1621_CR22","unstructured":"U.S. Code of Federal Regulations, Title 21, \u00a7 11.10: Controls for closed systems [Internet]. Available from: https:\/\/www.ecfr.gov\/current\/title-21\/chapter-I\/subchapter-A\/part-11\/subpart-B\/section-11.10"},{"key":"1621_CR23","unstructured":"National Institute of Standards and Technology. NIST SPECIAL PUBLICATION 1800\u201326 [Internet]. [cited 2025 Apr 11]. Available from: https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.1800-26.pdf"},{"key":"1621_CR24","unstructured":"Office of Consumer Affairs and Business Regulation. 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth [Internet]. Nov, 2009. Available from: https:\/\/www.mass.gov\/doc\/201-cmr-17-standards-for-the-protection-of-personal-information-of-residents-of-the-commonwealth\/download"},{"key":"1621_CR25","doi-asserted-by":"publisher","first-page":"106576","DOI":"10.1109\/ACCESS.2020.3000421","volume":"8","author":"AA Hady","year":"2020","unstructured":"Hady AA, Ghubaish A, Salman T, Unal D, Jain R. Intrusion Detection System for Healthcare Systems Using Medical and Network Data: A Comparison Study. IEEE Access. 2020;8:106576\u201384.","journal-title":"IEEE Access."},{"key":"1621_CR26","doi-asserted-by":"crossref","unstructured":"Nguyen XV, Petscavage-Thomas JM, Straus CM, Ikuta I. Cybersecurity in radiology: Cautionary Tales, Proactive Prevention, and What to do When You Get Hacked. Curr Probl Diagn Radiol. 2024","DOI":"10.1067\/j.cpradiol.2024.07.010"},{"issue":"6","key":"1621_CR27","doi-asserted-by":"publisher","first-page":"1527","DOI":"10.1007\/s10278-020-00393-3","volume":"33","author":"M Eichelberg","year":"2020","unstructured":"Eichelberg M, Kleber K, K\u00e4mmerer M. Cybersecurity in PACS and medical imaging: an overview. J Digit Imaging. 2020;33(6):1527\u201342.","journal-title":"J Digit Imaging."},{"key":"1621_CR28","unstructured":"U.S. Food and Drug Administration. Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions, Guidance for Industry and Food and Drug Administration Staff [Internet]. 2023. Available from: https:\/\/www.fda.gov\/media\/119933\/download"},{"key":"1621_CR29","unstructured":"U.S. Department of Health and Human Services. Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP) [Internet]. U.S. Department of Health and Human Services; 2023. Available from: https:\/\/405d.hhs.gov\/Documents\/HICP-Main-508.pdf"},{"key":"1621_CR30","unstructured":"Health Information Technology for Economic and Clinical Health (HITECH) Act [Internet]. 2009. Available from: https:\/\/www.govinfo.gov\/content\/pkg\/PLAW-111publ5\/pdf\/PLAW-111publ5.pdf"},{"key":"1621_CR31","unstructured":"Office for Civil Rights, U.S. Department of Health and Human Services. Breach Notification Rule [Internet]. 2013. Available from: https:\/\/www.hhs.gov\/hipaa\/for-professionals\/breach-notification\/index.html"},{"key":"1621_CR32","unstructured":"Federal Food, Drug, and Cosmetic Act, \u00a7 524B [Internet]. Available from: https:\/\/www.federalregister.gov\/documents\/2023\/09\/27\/2023-20955\/cybersecurity-in-medical-devices-quality-system-considerations-and-content-of-premarket-submissions"},{"issue":"3","key":"1621_CR33","doi-asserted-by":"publisher","first-page":"495","DOI":"10.1055\/s-0039-1692678","volume":"10","author":"E Larsen","year":"2019","unstructured":"Larsen E, Hoffman D, Rivera C, Kleiner BM, Wernz C, Ratwani RM. Continuing Patient Care during Electronic Health Record Downtime. Appl Clin Inform. 2019 May;10(3):495\u2013504.","journal-title":"Appl Clin Inform."},{"issue":"3","key":"1621_CR34","doi-asserted-by":"publisher","first-page":"731","DOI":"10.1007\/s10278-021-00466-x","volume":"34","author":"PH Chen","year":"2021","unstructured":"Chen PH, Bodak R, Gandhi NS. Ransomware Recovery and Imaging Operations: Lessons Learned and Planning Considerations. J Digit Imaging. 2021 Jun;34(3):731\u201340.","journal-title":"J Digit Imaging."},{"key":"1621_CR35","doi-asserted-by":"crossref","unstructured":"Maggio LA, Dameff C, Kanter SL, Woods B, Tully J. (2020) Cybersecurity Challenges and the Academic Health Center: An Interactive Tabletop Simulation for Executives. Acad Med J Assoc Am Med Coll. 24","DOI":"10.1097\/ACM.0000000000003859"},{"key":"1621_CR36","unstructured":"Federal Bureau of Investigation. (2016) Ransomware Prevention and Response for CISOs [Internet].Federal Bureau of Investigation. Available from: https:\/\/www.fbi.gov\/file-repository\/ransomware-prevention-and-response-for-cisos.pdf"},{"key":"#cr-split#-1621_CR37.1","doi-asserted-by":"crossref","unstructured":"Cichonski P, Millar T, Grance T, Scarfone K. (2012) Computer Security Incident Handling Guide\u202f: Recommendations of the National Institute of Standards and Technology [Internet]. National Institute of Standards and Technology","DOI":"10.6028\/NIST.SP.800-61r2"},{"key":"#cr-split#-1621_CR37.2","unstructured":"2012 Aug [cited 2025 Apr 16] p. NIST SP 800-61r2. Report No. NIST SP 800-61r2. Available from: https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-61r2.pdf"},{"key":"1621_CR38","unstructured":"Centers for Medicare & Medicaid Services, U.S. (2025) Department of Health and Human Services. 42 CFR \u00a7 482.15: Condition of Participation: Emergency Preparedness [Internet]. Available from: https:\/\/www.ecfr.gov\/current\/title-42\/chapter-IV\/subchapter-G\/part-482\/subpart-B\/section-482.15"},{"issue":"5","key":"1621_CR39","doi-asserted-by":"publisher","first-page":"e10059","DOI":"10.2196\/10059","volume":"20","author":"MS Jalali","year":"2018","unstructured":"Jalali MS, Kaiser JP. Cybersecurity in Hospitals: A Systematic, Organizational Perspective. J Med Internet Res. 2018 May 28;20(5):e10059.","journal-title":"J Med Internet Res"},{"key":"1621_CR40","unstructured":"ASPR TRACIE. Cyber Incident Response Checklist [Internet]. 2021. Available from: https:\/\/files.asprtracie.hhs.gov\/documents\/healthcare-system-cybersecurity-incident-response-checklist.pdf"},{"key":"1621_CR41","unstructured":"ASPR TRACIE. (2020) Cyber Incident System Restoration Checklist [Internet]. Available from: https:\/\/files.asprtracie.hhs.gov\/documents\/healthcare-system-cybersecurity-incident-system-restoration-checklist.pdf"},{"key":"1621_CR42","doi-asserted-by":"publisher","first-page":"205520762110593","DOI":"10.1177\/20552076211059366","volume":"7","author":"H Ghayoomi","year":"2021","unstructured":"Ghayoomi H, Laskey K, Miller-Hooks E, Hooks C, Tariverdi M. Assessing resilience of hospitals to cyberattack. Digit Health. 2021;7:20552076211059366.","journal-title":"Digit Health"}],"container-title":["Journal of Imaging Informatics in Medicine"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10278-025-01621-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10278-025-01621-4","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10278-025-01621-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T16:21:59Z","timestamp":1776874919000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10278-025-01621-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,4]]},"references-count":43,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2026,4]]}},"alternative-id":["1621"],"URL":"https:\/\/doi.org\/10.1007\/s10278-025-01621-4","relation":{},"ISSN":["2948-2933"],"issn-type":[{"value":"2948-2933","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,8,4]]},"assertion":[{"value":"23 June 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 July 2025","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 July 2025","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 August 2025","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Not human or animal subject research.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics Approval"}},{"value":"Not human or animal subject research.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent to Participate"}},{"value":"Not human or animal subject research.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for Publication"}},{"value":"Po-Hao Chen received grant funding from Siemens Healthineers AG, the National Institutes of Health, and the Arthritis Foundation.Reza Forghani received grant funding from Nuance Communications Inc., Canon Medical Systems Corporation (also non-financial support and speaking\/lecture fees), General Electric Company, the NIH, and the National Science Foundation; provided consulting\/advisory services to PaxeraHealth Corp. and Neuropacs Corp.; and holds U.S. Patent No. 11,257,210 B2 issued to the Royal Institution for the Advancement of Learning.Judy Gichoya received speaking\/lecture fees from the National Bureau of Economic Research, Cook Medical LLC, and APPOS CME and grant funding from Lunit Inc., the Clarity Consortium, and the Bunkerhill Foundation.Christoph Wald serves as Chair, Commission on Informatics, and Vice Chair, Board of Chancellors, American College of Radiology and provides consulting\/advisory services to Deepc (with equity) and Radpair.All other authors declare no known competing financial interests or personal relationships that could have influenced this work.","order":5,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of Interest"}}]}}