Cyberattacks against hospitals and health systems are on the rise and radiology departments must be prepared to act if digital capabilities are shut down.

A story published Tuesday in the American College of Radiology Bulletin examined this topic in great depth, discussing lessons learned from real-world attacks, technology products to mitigate damage, mock training drills, and other steps radiology departments can take to prepare.

Unfortunately, Daniel Reardon, MPA, chief compliance officer for the ACR, says “there’s really not much a radiology practice can do to completely prevent a cyberattack,” he told the Bulletin. Instead, providers should focus on understanding how to handle what follows if IT starts shutting things down.

This will likely depend on practice type and size, Reardon explained, but having incident response protocols in place is a must. Preparing standardized forms for printable rad reports and developing a list of staff phone numbers should also be top of mind. Training staff to spot phishing tactics, multi-factor authentication and vetting security vendors are also crucial.

“I think sometimes radiologists forget that everything we do is digital,” Christopher Wald, MD, MBA, PhD, chair of the department of radiology at Lahey Hospital and Medical Center and chair of the ACR Commission on Informatics, said in the Feb. 23 story. “That means when a cyberattack happens, and your IT people pull the network cord to quarantine malware, radiology may lose every last bit of functionality it normally relies on. That might be hard to imagine, but it could happen to your practice.”

Read the entire story from the ACR below.