A Cyber-Security Risk Assessment Methodology for Medical Imaging Devices: the Radiologists’ Perspective

Tom Mahler, Erez Shalom, Arnon Makori, Yuval Elovici, Yuval Shahar

Research output: Contribution to journalArticlepeer-review

2 Scopus citations


Medical imaging devices (MIDs) are exposed to cyber-security threats. Currently, a comprehensive, efficient methodology dedicated to MID cyber-security risk assessment is lacking. We propose the Threat identification, ontology-based Likelihood, severity Decomposition, and Risk assessment (TLDR) methodology and demonstrate its feasibility and consistency with existing methodologies, while being more efficient, providing details regarding the severity components, and supporting organizational prioritization and customization. Using our methodology, the impact of 23 MIDs attacks (that were previously identified) was decomposed into six severity aspects. Four Radiology Medical Experts (RMEs) were asked to assess these six aspects for each attack. The TLDR methodology’s external consistency was demonstrated by calculating paired T-tests between TLDR severity assessments and those of existing methodologies (and between the respective overall risk assessments, using attack likelihood estimates by four healthcare cyber-security experts); the differences were insignificant, implying externally consistent risk assessment. The TLDR methodology’s internal consistency was evaluated by calculating the pairwise Spearman rank correlations between the severity assessments of different groups of two to four RMEs and each of their individual group members, showing that the correlations between the severity rankings, using the TLDR methodology, were significant (P < 0.05), demonstrating that the severity rankings were internally consistent for all groups of RMEs. Using existing methodologies, however, the internal correlations were insignificant for groups of less than four RMEs. Furthermore, compared to standard risk assessment techniques, the TLDR methodology is also sensitive to local radiologists’ preferences, supports a greater level of flexibility regarding risk prioritization, and produces more transparent risk assessments.

Original languageEnglish
Pages (from-to)666-677
Number of pages12
JournalJournal of Digital Imaging
Issue number3
StatePublished - Jun 2022
Externally publishedYes

Bibliographical note

Publisher Copyright:
© 2022, The Author(s) under exclusive licence to Society for Imaging Informatics in Medicine.


Part of the research was funded by the Israeli National Cyber Security Authority (NCSA). National Cyber Security Research Center (CSRC),Ben-Gurion University of the Negev (IL),875–376-11,Tom Mahler

FundersFunder number
Israeli National Cyber Security Authority
National Centre for Supercomputing Applications


    • Cyber-Security
    • Medical Imaging Devices
    • Risk Assessment
    • Severity Aspects
    • Severity Assessment
    • Utility


    Dive into the research topics of 'A Cyber-Security Risk Assessment Methodology for Medical Imaging Devices: the Radiologists’ Perspective'. Together they form a unique fingerprint.

    Cite this