AI specialists strive to minimize cybersecurity risks

Philip Ward
Jul 12, 2023
2021 08 10 16 10 2928 Cybersecurity Lock V2 400

Radiology AI projects are complex and not risk-free, especially in terms of cybersecurity threats, Irish and U.S. experts have emphasized. To simplify the process, they have outlined how to improve security through better detection and preventative techniques.

"While the potential for AI to revolutionize the practice of radiology is clear, it is important to realize the potential impact of increased connectively and adoption of technology on the confidentiality, integrity, and availability of healthcare data," Dr. Brendan Kelly, specialist registrar in radiology and honorary clinical lecturer at St Vincent's University Hospital, Dublin, and colleagues noted in an article published by European Radiology on 7 July.

The authors' aim is to provide an introduction to radiology cybersecurity and give background to both general and healthcare-specific cybersecurity challenges. "Healthcare providers and device manufacturers have the advantage of being able to take inspiration from other industry sectors who are leading the way in the field," they state.

Graphic illustration of the scope of the article published on 7 July. Courtesy of Dr. Brendan Kelly et al and European Radiology.Graphic illustration of the scope of the article published on 7 July. Courtesy of Dr. Brendan Kelly et al and European Radiology.

Lessons of Irish cyberattack

The 2021 cyberattack on the Irish Health Service Executive (HSE) was a landmark case, not just in healthcare but globally within cybercrime, according to Kelly's joint first author Conor Quinn, lead incident response consultant at Rapid7 in Dublin and research fellow in cybersecurity at Boston College, Massachusetts, U.S.

"There had not been an incident where a country's health service provider was taken offline," he told AuntMinnieEurope.com. "The international attention put the threat actor under pressure, as within some cybercrime groups, healthcare organizations are off-limits. The threat actor (ransomware operator/affiliate – Conti) provided the decryption key for ransomed data/systems, which accelerated recovery, but it did not solve all the issues. It took months to fully understand the scale and to return to normal operations."

If cybersecurity is not taken seriously, patient outcomes can be affected, Quinn continued. "Every hospital should have a robust cybersecurity program to ensure protections are put in place and monitored. It is not just the responsibility of IT people; doctors and staff within the healthcare industry should be cyber-aware to ensure they are making the right decisions."

Due to the HSE cyberattack, Kelly had no access to his research data for over 16 weeks. "I wanted to use this time productively, and through my Fulbright network, had access to Conor and his academic supervisor Jim Burrell," he noted. "I understood involving radiology and AI increased the potential 'attack surface' for future attacks, and wanted to do all I could to ensure the security of my own data."

During this period, Kelly discovered many processes that he thought could benefit the wider community and decided to share them in a journal article.

Different types of agreements

When European hospitals implement AI, they typically enter into various contracts and agreements to ensure compliance with legal and ethical standards, Prof. Erik Ranschaert, PhD, past president of the European Society of Medical Imaging Informatics (EuSoMII), told AuntMinnieEurope.com. He said that the specific contracts and agreements may vary depending on the jurisdiction and the nature of the AI, but here are some common types:

  • Service Level Agreements (SLAs): SLAs outline the performance metrics, responsibilities, and expectations between the hospital and the AI provider. They specify factors such as system uptime, response times, and service quality.
  • Data Processing Agreements (DPAs): DPAs are crucial when AI involves the processing of personal data. They define the roles and responsibilities of the hospital as the data controller and the AI provider as the data processor. DPAs ensure compliance with the General Data Protection Regulation (GDPR) and govern data protection, security, and privacy obligations.
  • Software License Agreements: These agreements outline the terms and conditions for the use of AI software. They define the scope of the license, intellectual property rights, limitations of use, and any restrictions or obligations related to modifying or distributing the software.
  • Confidentiality and Non-Disclosure Agreements (NDAs): NDAs protect sensitive information exchanged between the hospital and the AI provider. They prevent the unauthorized disclosure or use of confidential data, proprietary algorithms, trade secrets, or any other confidential information.
  • Research Collaboration Agreements (RCAs): In cases where hospitals work with research institutions or universities, RCAs establish the terms.
  • Data Protection Impact Assessment (DPIAs): The DPIA makes an inventory of the potential risks in handling patient data (see European Commission website). This is not the same as the DPA.

To comply with GDPR, a data protection officer (DPO) needs to be appointed in every hospital to manage all issues related to data security and data transferring. Another consideration is the value of pseudonymization versus anonymization in data-deidentification (see 8 May 2023 article by IP, IT, and Data Protection Lawyer Magali Feys on LinkedIn).

"There's also a lot to say about the type of vendor that can be contracted," noted Ranschaert, who is a visiting professor at the University of Ghent, Belgium. "The safest method to work with is to use a single platform offering different solutions, so that five or 10 different contracts and procedures can be avoided when five or more AI solutions have to be implemented."

Overall, a well-orchestrated approach to security management and policy is crucial before implementing any AI-based solutions, he said.

Federated learning

Looking to the future, Kelly believes an important area is federated learning, which enables development of models trained locally in hospitals, instead of collecting the data from different institutions and storing the data centrally. This means sensitive data can remain with its data controller, avoiding the associated legal and security complications of transmitting data between institutions, he explained.

Kelly, who is an ICAT HRB/Wellcome Trust academic fellow and PhD candidate at the Insight Centre for Data Analytics at University College Dublin, is now contributing to a federated cybersecurity project with colleagues at Stanford University in California. "So, watch this space!" he commented.

As well as the federated learning project, he is working to prospectively include these considerations in his research. Security was identified as a key concern of patients in another recent article, and he said he is placing it "front and center going forward."

The 7 July European Radiology article by Kelly, Quinn, and colleagues is available open access. Funding for the work came from the Fulbright-Ireland-USA HealthImpact and TechImpact.

Latest in Clinical News
2024 05 02 Ct Insider Figure 18 Resized Thumb
Imaging develops key role in stroke cases among younger patients
May 2, 2024
Running Knee Pain
Erasmus MC team investigates risk factors in osteoarthritis
May 1, 2024
Register today for a FREE webinar 8 May at 6 p.m. CET
Sponsored
Register today for a FREE webinar 8 May at 6 p.m. CET
May 2, 2024
Dr. Paul McCoubrie.
Why are the juniors revolting?
April 30, 2024
Related Stories
2016 08 30 09 29 44 134 Radiation Symbol Circle 400
Clinical News
U.K. updates processes on radiation regulations
2020 05 27 21 35 5485 Breast Cancer3 400
Artificial Intelligence
SBI to host August webinars on AI imaging bias and missed cancers
2021 05 17 16 39 4509 Cybersecurity Visual 400
Imaging Informatics
Cyberattacks have major impact on emergency radiology workflow
Register today for a FREE webinar 8 May at 6 p.m. CET
Sponsor Content
Register today for a FREE webinar 8 May at 6 p.m. CET
More in Clinical News
Imaging develops key role in stroke cases among younger patients
Radiologists must get up to speed on the diverse causes of stroke in younger people to ensure an accurate imaging workup, prizewinning Spanish researchers have underlined.
May 2, 2024
2024 05 02 Ct Insider Figure 18 Resized Thumb
Erasmus MC team investigates risk factors in osteoarthritis
By Will Morton
Physical activities like running may increase the risk of osteoarthritis in patients with lower muscle mass surrounding the knee joints, authors from Erasmus Medical Center (MC) in Rotterdam, the Netherlands, have reported.
May 1, 2024
Running Knee Pain
Struck off: Spanish radiologist guilty of misconduct
By Philip Ward
A Spanish radiologist has been found guilty of making two serious errors and subsequent dishonesty while working at a large London hospital. The doctor will now be erased from the register, pending an appeal period.
April 30, 2024
Martínez Higueros' errors occurred while she was a locum at the Chelsea and Westminster Hospital.
Why are the juniors revolting?
By Dr. Paul McCoubrie
The mood among the younger generation of radiologists in the U.K. is one of marked disgruntlement, writes Dr. Paul McCoubrie. A new survey suggests nearly 8 out of 10 trainees may leave the profession due to the extended roles of nonradiologists.
April 30, 2024
Dr. Paul McCoubrie.
Clinical evidence emerges on lung cancer screening
By Kate Madden Yee
Large studies such as the Dutch-Belgian Lung-Cancer Screening Trial have shown that lung cancer screening reduces mortality from the disease. New data have now come from a program in the U.S.
April 29, 2024
Lung Illustration Blue
New EUSOBI breast cancer screening recommendations focus on risk
By Erik L. Ridley
New breast cancer screening recommendations from the European Society of Breast Imaging (EUSOBI) include supplemental screening in average-to-intermediate risk women.
April 26, 2024
Eusobi 662be88122d7a V4 610x1220
CT reveals influence of diabetes on COVID-19 severity
By Kate Madden Yee
CT imaging reveals the influence of blood glucose levels on the severity of COVID-19, researchers have reported.
April 26, 2024
Diabetes Social
Esaote reports growth in fiscal year 2023
By AuntMinnieEurope.com staff writers
Italian medical device vendor Esaote posted increased revenues for fiscal year 2023, citing upticks in sales in its ultrasound and MRI sectors.
April 25, 2024
Euros Bills
Dutch cast new light on attendance rates for MRI screening
By Edna Astbury-Ward, PhD
The willingness of women with dense breasts to reattend for MRI screening is high, but more effort must be made to improve the overall patient experience if widespread supplemental MRI screening is to be implemented, Dutch researchers say.
April 24, 2024
Abstract Woman Dutch Flag
PET/CT superior to MRI for detecting spinal bone metastases
By Will Morton
A study posted by European Radiology has found Gallium-68 (Ga-68) DOTATATE PET/CT is effective for detecting spinal bone metastases in cases of neuroendocrine tumors.
April 24, 2024
Ppgl 167 250
German group shows how to cut radiation dose in intervention
By Philip Ward
Scientists have unveiled a prize-winning virtual reality tool designed to optimize radiation protection during interventional radiology procedures. It's now available for free download.
April 23, 2024
The room and all accessories have been designed to enable clinically useful training sessions. Courtesy of Silas Fuchs Northdocks GmbH.
High breast density tied to impaired recurrence-free cancer survival
By Amerigo Allegretto
Recurrence-free breast cancer survival is less likely in women with high breast density compared with women with low density, according to authors from Lund in Sweden.
April 22, 2024
Breast Mammography Scanner
Page 1 of 1246
Next Page