Cyber security is the practice of protecting computer systems, networks, data, and digital assets from unauthorised access, theft, and damage. Nowhere is this more critical than in healthcare. Hospitals rely heavily on interconnected systems to manage patient information, diagnostic imaging, treatment planning, and communication across departments. MRI scanners, CT scanners, PET systems, and PACS servers generate and store vast amounts of highly sensitive data. This dependence on digital technology has created new opportunities for cyber criminals, who exploit vulnerabilities to steal information, disrupt services, or even jeopardise patient safety.
Cyber threats in healthcare can take many forms, including ransomware that locks radiology reports, phishing attacks targeting hospital staff, spyware that secretly collects patient data, or denial-of-service attacks that take critical systems offline. Some incidents aim to extort money, while others may disrupt care or damage institutional reputation.
Effective cyber security in a hospital setting involves a combination of technical safeguards, such as firewalls, VPNs, encryption, and patches, as well as human behaviour, including staff training, vigilance against phishing, and secure handling of patient data. The goal is to ensure the confidentiality, integrity, and availability of clinical information. Confidentiality means protecting patient records from unauthorised access. Integrity means ensuring that imaging data, diagnoses, and reports are accurate and unaltered. Availability means that clinicians have access to systems when they need them, without interruption.
As the digital health environment continues to evolve, cyber security in medical imaging is a shared responsibility. Radiographers, radiologists, physicists, IT teams, and even administrative staff all play a role in maintaining trust and protecting patient safety.
Watch the Cyber Security Video Before Starting the Scenario and Quiz
Training Scenario
This scenario has been developed to highlight essential cyber security issues through the daily operations of a large teaching hospital. By following the work of the Radiology and Nuclear Medicine Department, you will see how staff respond to potential cyber threats, implement protective strategies, and maintain secure imaging systems.
The scenario covers topics such as phishing, spyware, ransomware, firewalls, VPNs, patches, encryption, HTTPS, two-factor authentication, safe data disposal, and social engineering. Each example links directly to the kind of threats faced by hospitals worldwide.
Scenario: St. Catherine’s Hospital Radiology Department
A suspicious email in Radiology
On a busy Monday morning, Sarah, a radiographer in the CT suite, received an email that appeared to come from the hospital’s IT department. The message instructed her to log into a new “security portal” to confirm her PACS credentials. The email contained the hospital’s logo and a familiar sign-off, but Sarah noticed that the sender’s address contained an extra character. She reported it immediately.
The IT team confirmed it was a phishing attack designed to trick staff into disclosing usernames and passwords. If Sarah had entered her details, attackers could have gained access to PACS, potentially compromising patient images and reports.
Spyware hidden in a workstation
Later that week, a junior doctor downloaded what he believed was a “DICOM viewer” from an unofficial website to quickly review patient scans on his laptop. Within days, the IT department detected unusual traffic patterns leaving the radiology network. The program turned out to contain spyware — malicious software designed to secretly monitor user activity and steal information.
The spyware had been capturing keystrokes and attempting to send login credentials to an external server. Fortunately, the workstation was quarantined before the infection spread. The lesson was clear: never download unverified software into a hospital environment.
When ransomware strikes the imaging server
One Friday afternoon, radiologists across the hospital suddenly found themselves unable to access patient images. Instead of CT and MRI scans, the PACS terminals displayed a message demanding cryptocurrency payment to unlock encrypted files. This was a textbook case of ransomware.
Fortunately, the hospital IT department had implemented strict backup policies. Imaging data was backed up daily to an encrypted, offline server. Within hours, the system was restored, and patient care resumed without paying the ransom. The incident underscored how ransomware could paralyse clinical services if backups and contingency planning were absent.
Security patches and imaging modalities
During a departmental debrief, the hospital’s Chief Information Security Officer explained how many attacks exploit vulnerabilities in outdated software. Imaging systems such as MRI consoles, CT scanners, and PET workstations all rely on operating systems and specialist software. Vendors frequently release security patches to close vulnerabilities.
If patches are ignored, attackers may use them to access not only the imaging system but the wider hospital network. St. Catherine’s therefore adopted an automated patch management strategy and worked closely with scanner vendors to ensure updates were applied quickly, even to legacy systems.
The risk of zero-day attacks
Despite good patching practices, the team also learned about the risk of zero-day vulnerabilities — flaws that are unknown to the vendor and therefore have no patch yet. For a hospital, a zero-day attack could disrupt imaging workflows or expose patient data before detection. While impossible to prevent entirely, layered security defences such as intrusion detection systems and strong network monitoring helped reduce the risk.
Firewalls protecting imaging data
The hospital’s imaging systems were protected by multiple firewalls, which acted as gatekeepers between external networks, the hospital intranet, and radiology servers. These devices blocked suspicious incoming traffic, restricted outbound communication, and monitored unusual activity.
Radiology staff were also briefed on Distributed Denial-of-Service (DDoS) attacks, where attackers flood hospital servers with traffic to make them unavailable. Such an event could prevent clinicians from retrieving patient scans at critical moments. To mitigate this, St. Catherine’s partnered with its internet service provider to ensure filtering and traffic rerouting measures were in place.
Remote access and VPNs
Radiologists often worked remotely, reviewing imaging studies from home during overnight on-call shifts. To ensure security, they were required to connect through a Virtual Private Network (VPN), which created an encrypted tunnel between their device and the hospital’s network. This prevented outsiders from intercepting patient data.
The IT team also reminded staff of the dangers of using public Wi-Fi in airports or cafés. Without a VPN, attackers could eavesdrop on patient data in transit.
Encryption and secure communication
When sharing sensitive data, such as PET scan results for research collaborations, St. Catherine’s mandated the use of encryption. Encryption converts information into code that can only be read by authorised recipients, ensuring confidentiality.
In addition, staff were instructed to verify that hospital portals and clinical systems used HTTPS (HyperText Transfer Protocol Secure). This provided assurance that communications between browsers and servers were encrypted, safeguarding logins and transmitted imaging data.
Passwords and two-factor authentication
The IT department rolled out new password policies across Radiology. Staff were required to use strong passwords containing upper- and lowercase letters, numbers, and symbols, rather than simple words or repeated credentials.
They also implemented two-factor authentication (2FA) for PACS and RIS logins. Radiologists now had to enter their password and a one-time code sent to their phone or generated by an authentication app. This significantly reduced the chance of unauthorised access, even if a password were compromised.
Safe disposal of imaging hardware
Hospitals regularly upgrade equipment such as ultrasound machines, PACS servers, and diagnostic workstations. At St. Catherine’s, it was mandatory to securely wipe all hard drives before decommissioning. For highly sensitive devices, the safest method was physical destruction of drives to ensure patient data could never be recovered. This prevented criminals from extracting archived scans from discarded equipment.
Social engineering and the human factor
Not all attacks relied on technology. During training, staff were warned about social engineering tactics. Attackers might impersonate IT staff, call the radiology department, and request login details “for urgent maintenance.” Others might leave infected USB drives labelled “CT protocols” in staff areas, hoping someone would plug them in.
Radiology staff were told that human error was often the weakest link. Verifying requests, questioning unusual instructions, and reporting suspicious behaviour were vital to maintaining a secure environment.
Building a culture of security
To embed cyber security into everyday practice, St. Catherine’s introduced quarterly training sessions. Topics included recognising phishing emails, applying software updates, backing up data, and locking workstations when unattended. Posters in the radiology control rooms reminded staff: “Patient safety depends on data security.”
By reinforcing good habits and showing how cyber security directly affects patient care, the hospital fostered a culture where everyone felt responsible for protecting information systems.
Conclusion
The St. Catherine’s Hospital Radiology Department scenario illustrates how cyber security plays a critical role in modern healthcare. From phishing emails and spyware to ransomware, zero-day vulnerabilities, and social engineering, the threats are diverse and potentially devastating. In an imaging department, these risks can delay diagnoses, compromise patient privacy, and disrupt vital clinical workflows.
Through layered protections such as firewalls, VPNs, encryption, security patches, and strong password policies, combined with staff vigilance and regular training, the hospital was able to reduce its risk and maintain safe, reliable imaging services.
This scenario shows how the principles of cyber security directly support the confidentiality, integrity, and availability of patient imaging data — all essential to delivering high-quality care.
Transition to Quiz
You have now reviewed a clinical scenario that introduces the essential principles of cyber security in medical imaging. The following knowledge check quiz is based on the information presented above. Please refer back to the scenario if needed and use it to guide your answers.
Knowledge Check
Disclaimer
This training scenario is a fictional educational resource created for awareness and instructional purposes only. The characters, hospital names, systems, and incidents described are illustrative examples and do not represent real individuals, institutions, or actual events. While the content is informed by recognised cyber security practices in healthcare, it should not be considered a substitute for professional security advice, official guidance, or institutional policies.
Healthcare organisations should always consult qualified cyber security professionals, follow local regulations, and implement their own risk management strategies. The authors and publishers of this material accept no liability for any loss, damage, or disruption caused by reliance on the information contained in this scenario.
You are here: home »