Next Article in Journal
A Hybrid Vision and Optimization Strategy for Accurate 3D Laser Projection Calibration
Next Article in Special Issue
Multi-Scale Atrous Feature Fusion Based on a VGG19-UNet Encoder for Brain Tumor Segmentation
Previous Article in Journal
Innovative Skin Depigmenting Strategies: A Review
Previous Article in Special Issue
Abrupt Change Detection of ECG by Spiking Neural Networks: Policy-Aware Operating Points for Edge-Level MI Screening
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 16
Issue 4
10.3390/app16041736
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Medicine in the Age of Artificial Intelligence: Cybersecurity, Hybrid Threats and Resilience

by
Gordan Akrap
1,*,
Ivo Dumić-Čule
2,
Natalija Parlov
3 and
Sonja Jandroković
4
1
Dr. Franjo Tuđman Defense and Security University, 10000 Zagreb, Croatia
2
Department of Nursing, University North, 42000 Varazdin, Croatia
3
University of Zadar, 23000 Zadar, Croatia
4
Department of Ophthalmology and Optometry, School of Medicine, University Zagreb, 10000 Zagreb, Croatia
*
Author to whom correspondence should be addressed.
Appl. Sci. 2026, 16(4), 1736; https://doi.org/10.3390/app16041736
Submission received: 3 November 2025 / Revised: 1 February 2026 / Accepted: 4 February 2026 / Published: 10 February 2026
(This article belongs to the Special Issue Research on Artificial Intelligence in Healthcare)
Browse Figure
Review Reports Versions Notes

Abstract

Fast development of digital and computer systems has profoundly shaped the evolution of artificial intelligence (AI) and expanded its use across almost every aspect of society. Medicine stands among the fields most deeply transformed by this revolution where AI can accelerate diagnostic processes, personalize treatments, support clinical decision-making and enhance education. Yet the same technological progress that enables these benefits also introduces new vulnerabilities and exposure to growing cyber threats. As in other areas of use of digital and computer technologies (especially advanced ones), the possibility of their misuse for various purposes and with different motives is increasing: from personal revenge, through organized crime (national and international) and influencing operations to espionage and terrorism. This paper explores the dual nature of AI in medicine: as both an enabler of progress and a potential vector of systemic risk, through the lenses of information and cybersecurity, intelligence, and resilience. It examines the technological and organizational dimensions of these challenges by jointly analyzing documented AI-enabled clinical infrastructures, data flows, and security controls alongside governance structures, institutional responsibilities, and human factors shaping system resilience. As researchers, clinicians, technologists, intelligence analysts, and security professionals, we believe that this human dimension must guide all our efforts to ensure that AI (today and in the future) serves its true purpose: strengthening medicine’s capacity to heal, protect, learn, prevent, and uphold the dignity of human life.

1. Research Approach and Scientific Contribution

This paper is written as a conceptual and analytical review of cybersecurity and resilience challenges in contemporary healthcare systems. It combines interpretative analysis of scientific literature with European regulatory instruments. That includes: EU General Data Protection Regulation (GDPR), Directive on Security of Network and Information Systems (NIS2), EU Critical Entities Resilience Directive (CER), EU Cybersecurity Act (CRA), the AI Act, European Health Data Space (EHDS) and related legislation, EU Agency for Cybersecurity (ENISA) reports, and appropriate International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) technical standards. Rather than relying on a single empirical dataset, the review adopts a comparative approach to examine how digitalization, automation, and data-intensive technologies affect risk exposure and governance in healthcare infrastructures.
The sources analyzed were primarily published between 2019 and 2025, reflecting recent developments in healthcare regulation, cybersecurity threats, and system design practices. Through integrative analysis, the paper identifies recurring technical and organizational vulnerabilities and discusses governance principles that can support resilience-by-design across healthcare information systems. The comparative approach contrasted regulatory requirements and documented cyber incidents and healthcare technical architectures, while the integrative approach unified cybersecurity with governance and clinical workflow perspectives.
The scientific contribution of this review lies in its synthesis of cybersecurity practice, regulatory obligations, and healthcare system design considerations. By linking technical and governance perspectives, this paper proposes an interpretative resilience-by-design framework intended to support institutional decision-making and future empirical research, rather than to serve as a predictive or prescriptive model.

2. Research Methodology and Literature Review Design

This paper is a review of cybersecurity and resilience challenges in contemporary healthcare systems. Since the available evidence spans technical research, clinical practice, regulatory frameworks, and documented incidents, the analysis relies on comparative reading and critical interpretation rather than quantitative synthesis. The aim is to identify recurring risk patterns, structural weaknesses, and related governance gaps that affect the security and reliability of digitally enabled healthcare services.
The review draws on scientific literature, institutional reports, and technical standards to examine how modern healthcare information systems alter established cybersecurity risk profiles. Particular attention is given to systems that rely on large-scale data processing and automated analysis, as these can amplify the consequences of data integrity failures and system misuse, often compounded by organizational weaknesses. Risk mitigation is therefore discussed in relation to governance practices and system design choices rather than isolated technical controls. In addition to published research, the review incorporates documented cyber incidents and technical attack analyses from healthcare environments. Medical imaging systems based on the Digital Imaging and Communications in Medicine (DICOM) standard are used as a concrete example, as they are well documented and clinically critical. These cases illustrate how manipulation of data and workflows can affect downstream clinical processes, including image interpretation and decision support.
The literature review underlying all sections of this paper was conducted using a multi-layered search strategy, combining scientific databases with institutional, regulatory, and standards-based repositories. This approach reflects the reality that cybersecurity governance in healthcare is shaped as much by technical research as by regulatory, organizational, and related infrastructural constraints that should be taken into account.
Peer-reviewed literature was primarily identified through the following databases:
  • PubMed/MEDLINE, for biomedical, radiological, and clinical AI research
  • Scopus and Web of Science Core Collection, for interdisciplinary coverage across medicine, cybersecurity, AI, and governance
  • IEEE Xplore and ACM Digital Library, for technical research on cybersecurity, machine-learning vulnerabilities, Internet of Medical Things (IoMT), and system security
  • ScienceDirect (Elsevier) and SpringerLink, for health informatics, radiology, medical imaging, and AI security
  • Google Scholar, used as a supplementary tool for citation snowballing and identification of relevant literature where appropriate.
To capture governance, resilience, and regulatory dimensions not fully addressed in academic literature, the review also incorporated institutional and standards-based sources covering technical and clinical aspects, as well as organizational, legal, and strategic considerations of healthcare system security:
  • ENISA reports and repositories, including sectoral threat landscapes, NIS360 assessments, and guidance on securing machine-learning algorithms
  • EUR-Lex, for binding EU legislation relevant to healthcare, AI, cybersecurity, and critical infrastructure, including GDPR, AI Act, NIS2, CER, CRA, EHDS, Medical Device Regulation (MDR)
  • European Commission and DG HOME publications, particularly those addressing hybrid threats and resilience of critical entities
  • OpenAI research and policy reports, used to contextualize emerging malicious uses of AI
  • ISO/IEC standards repositories, including ISO/IEC 27001 [1], ISO/IEC 27002 [2], ISO/FDIS 27799 [3], ISO/IEC 42001 [4], ISO/IEC 23894 [5], and ISO/IEC 22301 [6], to anchor governance and control recommendations in established normative frameworks.
Search queries were organized around healthcare cybersecurity and medical imaging infrastructures, as well as system misuse and regulatory governance. Additional terms were used to capture vulnerabilities related to automated data analysis and clinical decision support where these were directly relevant to healthcare practice. This approach allowed structured retrieval of sources while preserving flexibility for interdisciplinary overlap. The literature search was conducted between September 2025 and January 2026. The primary publication window for included sources spans 2019 to 2025, reflecting the rapid evolution of AI deployment, cybersecurity threats, and regulatory frameworks in healthcare. Earlier foundational works were selectively included where necessary to establish technical baselines, such as the original design principles of DICOM or core concepts in artificial intelligence, when no recent equivalent sources existed.
Inclusion criteria: sources were included in this review if they contributed directly to the analysis of cybersecurity risks, artificial intelligence vulnerabilities, and resilience mechanisms in healthcare systems. This encompassed peer-reviewed scientific literature addressing AI and machine-learning security in clinical contexts, healthcare cybersecurity, and medical imaging infrastructures, including radiology workflows and DICOM/PACS environments. Authoritative institutional and regulatory documents were also included where they provided empirically grounded threat statistics, sector-specific risk assessments, or governance guidance relevant to healthcare AI and critical infrastructure protection. In addition, documented analyses of real-world incidents and attack vectors, such as ransomware campaigns, adversarial manipulation of medical images, and data-integrity compromises in DICOM-based systems, were included when supported by transparent technical or methodological descriptions.
Exclusion criteria: sources were excluded if they lacked clear relevance to healthcare or medical systems, addressed AI or cybersecurity only in a generic manner, or consisted primarily of opinion-based commentary without analytical grounding. Publications duplicating content covered by more authoritative or peer-reviewed sources were omitted to avoid redundancy. Literature describing outdated threat models or obsolete technological contexts without applicability to AI-enabled healthcare environments was also excluded. Materials lacking transparent sourcing or verifiable evidence were not considered, except where explicitly used as contextual background and clearly identified as such.
Rather than applying a systematic review or meta-analytic protocol, the study relies on comparative reading and integrative analysis. The reviewed literature was examined to identify common technical weaknesses and organizational failures, as well as misalignments between security standards and operational practice. This synthesis informed the development of an interpretative resilience framework, which is discussed using concrete healthcare scenarios rather than abstract models. Unlike existing cybersecurity or resilience models that primarily focus on isolated technical controls or organizational processes, the proposed framework adopts a cross-layer perspective that links data integrity, system design choices, and governance obligations across healthcare information systems.

3. Study Limitations

This review has several limitations that should be acknowledged. This review does not provide quantitative validation of specific controls or technologies. The diversity of healthcare systems, threat descriptions, and regulatory settings limits direct comparison across studies. While medical imaging systems are used as a detailed illustrative case, the findings should be understood as analytically transferable rather than universally applicable. Also, the reliance on authoritative reports and documented incidents means that some emerging threats may be underrepresented due to reporting delays or classification restrictions, particularly in the context of national security or critical infrastructure protection.
Future research could assess the proposed framework through expert-based validation methods, such as structured expert panels or Delphi studies, bringing together clinicians, cybersecurity professionals, regulators, and AI developers. The evaluation would focus on completeness, practical relevance, clarity of responsibility allocation, and the framework’s ability to support decision-making in realistic incident contexts.

4. Digital Interconnection: Risks, Intelligence, and the Rise of Artificial Hyperintelligence

In the last few years, Federal Bureau of Investigation (FBI) detected [7] a noticeable increase in cyber-attacks especially on healthcare systems, as well as the number of people who are potentially affected by these attacks, i.e., exposed to negative consequences. Similar data can be seen in IBM report for 2024 [8]. The number of cyber incidents against the healthcare sector has tripled in last decade [9]. Namely, the health system is part of the EU and national key critical infrastructure. The weakening or inability to provide adequate health care to the population creates negative consequences that have a rapid negative cascading effect on the ability of the entire society and the state: a reduction in the number of people of working age in the economy, defense, security, the media, the health system itself, and all parts of society.
The use of modern digital technologies in medicine and healthcare brings numerous advantages but also introduces new security challenges. These challenges can be classified into four thematic groups: technological, data/information-related, process-related, and human.
Technological challenges include all risks and threats arising from the use of various technologies, which users must be prepared to address. Many experts [10] emphasize that we are currently living in an era characterized by digital interconnectedness, referred to as the Internet of Things (IoT). Considering the rapid development of information and communication technologies, as well as the needs of the modern and future economy (and given that the healthcare system, medicine, and their associated economic sectors—as well as the dependence of a state’s and society’s economic, financial, and security policies on a high-quality, secure, efficient, and reliable healthcare system—can be regarded as its integral components), it is necessary to direct attention toward the characteristics of the forthcoming era.
We are already slowly but steadily entering a period that will be referred to as the Internet of Everything (IoE) [11]. IoE implies the further integration and development of IoT towards strong and comprehensive connectivity among people, data and information, devices, and related process activities driven by AI and edge computing technology. In other words, it represents the general hyper-connectivity of humans into a large network encompassing all possible devices, tools, and objects (both movable and immovable property). This interconnection will not be limited to networking alone but will also extend to guiding, proposing, and enhancing human living. In health care, this upgrade can be seen as a tool that will additionally increase healthcare systems’ functionality, including diagnostic. That means that within IoE, there is an IoMT (Internet of Medical Things) [12].
At the same time, security challenges and risks for those unprepared to face them will become significantly stronger, with much more intense occurrences and consequences of potential undesirable outcomes. IoE will create conditions enabling the transformation of existing artificial intelligence (AI) into a more intensive and capable variant: Artificial Hyperintelligence (AHI) and furthermore Artificial Superintelligence (ASI). Authors define hypothetical AHI as a one stage in AI development phase where AI will still obey to human instruction, but being able to think and decide. ASI is, as defined by IBM, “a hypothetical software-based artificial intelligence (AI) system with an intellectual scope beyond human intelligence. At the most fundamental level, this superintelligent AI has cutting-edge cognitive functions and highly developed thinking skills more advanced than any human.” [13,14] It is not a question of whether we are going to be faced with AHI and ASI. It is a question of when we are going to be faced with them, whether we are going to be prepared with this (r)evolution in AI technology, and which consequences we will deal with.

4.1. AI in Medicine and Healthcare

The analysis of risks and threats associated with the use of AI in medicine and healthcare will reach a new, higher level with its development and transformation. There exist multiple definitions of AI:
  • According to IBM, artificial intelligence (AI) is technology that enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity, and autonomy.
  • For UNESCO, artificial intelligence is enabling the development of invaluable services and is increasingly participating in various aspects of our lives. Built from data, hardware, and connectivity, AI allows machines to mimic human intelligence such as perception, problem solving, linguistic interaction, or creativity.
  • Artificial intelligence (AI) [15] is the capability of computational systems to perform tasks typically associated with human intelligence, such as learning, reasoning, problem solving, perception, and decision making.
These three, as well as numerous other definitions, indicate several dimensions essential for determining and understanding the role and application of AI:
  • Advanced computational and communication technology.
  • The output results depend on the input data and information processed by the technology.
  • The application of technology to input (and output) data and information imitates human cognitive processes but operates within a significantly shorter time and with a much larger number of input values.
  • The results assist in problem-solving, offer solutions, and establish the foundations for decision-making across various fields and scientific disciplines.

4.2. Influencing the System

The aforementioned points simultaneously represent advantages, disadvantages, and potential threats arising from the application of AI. The threats that current AI, its application, and its resulting outputs face stem from the characteristics and previously mentioned dimensions of the system:
  • Through successful cyberattacks on unprotected (or insufficiently protected) computer systems and communication technologies, attackers can gain access to algorithms and programs. They can modify them, and thereby directly influence the system’s reliability and accuracy. In most cases, human error [16,17] is the factor that leads to the success of this type of attack. This is particularly evident in situations involving remote work, where communication technologies (often unprotected) are used to access data and information from distant locations for analysis. This threat became especially prominent during the first wave of the COVID-19 pandemic when, in April 2020, the State of Israel, faced with a significant increase in the number of infected individuals, authorized remote work for numerous institutions. This led to a temporary decline in security measures, rules, and procedures, as well as technological safeguards and overall security culture. Iran [18] exploited this situation by organizing and executing a major cyberattack on systems responsible for controlling the production and distribution of drinking water for the population.
  • Every system contains several groups of data/information, and which may become targets of attack activities [19]. Health data enters the system through some of the external sensory units. Based on previously entered parameters, and existing knowledge, the system, by applying different computational algorithms to these data, analyzes them and offers certain solutions and options. In the absence of an external, undesirable process, these outputs represent the system’s final values, which serve as the basis for decision-making. The system does not make decisions. An attacker aiming to manipulate data entering the system [20] for the purpose of influencing AI used in medical or healthcare contexts can do so by interfering with the sensors that collect data. The attacker may also manipulate the information and knowledge stored in the system’s memory. They can alter, delete, add desired values, or render the data inaccessible. Each of these activities leads to undesirable consequences—namely, unreliable and inaccurate output values upon which decisions [21] are made.
  • Another potential point of manipulation lies in the output values, which can also be modified by an external process. Consequently, instead of original, relevant, truthful, reliable desired output results, the system user receives another output that deviates from the actual results as a result of malign influence and interference to the system. A special problem for an unprotected system is the influence of an unwanted process that, based on original output results, creates a new output value that directly affects the value of collected data and transforms them in different values. This change also leads to a mandatory change in system output in a negative sense. In this way, output values are disturbed by changing them into disinformation content.
Malicious and harmful data and information manipulation can occur both during the functional operation of the system and during its preparation phase-specifically, while entering reference values or storing them in memory [22]. An excellent example of inserting an external harmful process within a closed system is the Stuxnet virus [23], which manipulated both input and output data, leading to the destruction of a significant part of Iran’s uranium enrichment process.

5. Defense

Given the complexity of risks and threats that the healthcare and medical systems face in the application of AI in their operations, it is necessary to prepare and plan a serious organizational response [24,25]. Recent guidance from the U.S. Department of Homeland Security highlights how artificial intelligence should be deployed in sectors that provide essential public services. The DHS framework on AI in critical infrastructure emphasizes that AI-related risks must be managed across the full system lifecycle, from development and deployment to ongoing oversight. Rather than treating AI as a standalone technology, the framework frames it as part of operational risk management, where failures can directly affect safety and service continuity. This perspective is directly applicable to healthcare, where AI-supported systems form part of critical clinical infrastructure and must be governed accordingly [26].
Building on the dimensions discussed throughout the paper, these can be reformulated as a capability model consisting of inputs (clinical data, sensor outputs, training datasets), algorithms (AI models, decision-support logic), controls (technical safeguards, governance procedures, monitoring mechanisms), and outputs (diagnostic suggestions, clinical decisions, operational actions). Risk points here emerge at each interface: data poisoning and integrity loss at the input stage; model manipulation and bias within algorithms; control failures due to misconfiguration or organizational gaps; and clinical harm or loss of trust at the output stage.
Within this model, resilience-by-design is operationalized through verifiable requirements, including mandatory data provenance tracking, integrity verification at each processing stage, documented fallback procedures for AI system degradation, continuous logging of AI decisions, and periodic independent audits aligned with recognized security and AI governance standards.
The manufacturers of such systems must design them according to the highest level of resilience, following the principle of resilience by design in healthcare [9,27]. Acknowledging that no protective system is perfect and that every system will, sooner or later, become the target of an attack, the system must be programmed, managed, operated, and monitored in a way that enables it to emerge from every crisis stronger, safer, and more reliable.
The next level of responsibility lies with the institution that uses AI in its work. It must define clear rules and procedures for its use, both during functionality testing and user training as well as during continuous operational deployment. Efforts must be directed toward establishing and strengthening personal and organizational security culture, which can prevent the majority of attacks, since the people who use the system represent both its strongest and its most vulnerable link. System users must adhere to established rules and procedures.
At the same time, the institution must establish an independent monitoring function within the existing Information Security Management System (ISMS), or other applicable governance arrangements, ensuring functional independence of oversight while remaining aligned with organizational risk management, incident response, compliance processes, and continuous verification requirements. Maintaining the data, information, and knowledge integrity stored within the system is of critical importance. Therefore, redundancy—meaning backup storage of all data, information, and knowledge—is essential and indispensable to preserve system functionality during crises and to enable full recovery after the threat subsides, without major negative consequences.
Throughout this network of activities, close cooperation between system users and experts responsible for physical, informational, and digital security and system resilience is imperative. Applying the same principle that prevails in the world of geostrategy (no one can win any conflict or war if they are left alone), we consider it necessary to point out the need to integrate knowledge, capacities, capabilities, and technological and digital solutions that exist in other areas. We primarily mean technical and security-intelligence knowledge. Modern attackers choose, as their targets, those digital and computer systems where they can find the easiest, fastest, and most efficient way take control and transfer the crisis to other key critical infrastructures. The medical/healthcare system needs to be prepared for these challenges. This principle is of great relevance for modern imaging methods, since they are nowadays partly automatized, partly under control of AI and fully digitalized and available in virtual space.
A strategic resource that uses AI in its work is data that, in accordance with the rules and procedures of algorithms they review, transform them into useful information and can offer certain opinions and suggestions. If some harmful (intentional or unintentional) action (whether external or internal) violates the integrity of true data (its deletion, modification, entry of new data) as well as changes in the predicted algorithm, the positive and effective functionality and purposefulness of AI is called into question. Therefore, it is necessary to constantly take into account these facts in order to maintain the functionality of the system at an optimal level.
In this article, we will list the advantages and disadvantages of using AI for medical/healthcare purposes (by analyzing several case studies) and offer solutions so that the use of AI in these processes can be used better and safer.

6. Cyber Intelligence and the Security of Digital Healthcare

Cybersecurity and intelligence in medicine have become inseparable from the rise of modern technology and especially AI tools, which are reshaping everyday clinical practice, hospital infrastructure, and health systems. As AI transforms diagnostics, patient monitoring, and decision support, it also creates numerous vulnerabilities that demand advanced security and intelligence frameworks. Modern healthcare is increasingly digital, relying on interconnected devices, smart sensors, electronic health records, and cloud-based analytics, thereby expanding the attack surface for cyber threats. Therefore, protecting healthcare tools and systems requires a convergence of cybersecurity engineering and threat intelligence [28]. The healthcare sector represents a significant target for cyberattacks and medical information theft, owing to its comparatively slower adoption of advanced data security measures relative to other critical industries.
Evidence from two surveys comprising 223 and 168 healthcare organizations and institutions indicated that more than 80% of them had experienced cyber incidents, compromising the data of more than 150 million patients in the United States [29,30]. These findings underscore the urgent need for increased investment of time and resources in enhancement of cybersecurity measures to protect healthcare technologies and ensure the confidentiality of patient information against unauthorized access. Healthcare providers and device manufacturers can enhance their cybersecurity by drawing lessons from industries such as finance and defense, which have long established robust security frameworks to safeguard sensitive information and prevent cyberattacks. By analyzing these strategies and tailoring them to the specific challenges of the healthcare sector, organizations can strengthen their cybersecurity posture and mitigate the risk of data breaches and other security incidents.
In 2021, the list of the top ten health technology hazards included the rapid adoption of telehealth technologies, the use of artificial intelligence applications in diagnostic imaging, and the remote operation of medical devices intended for bedside use [31].
Radiology departments, for instance, are among the most digitized units in modern healthcare, heavily relying on technology and more specifically on AI algorithms for image analysis, diagnosis assistance, and workflow optimization. Furthermore, these systems handle massive volumes of sensitive imaging data, making them targets for cyberattacks. Compromised radiological data could lead to diagnostic errors, delayed treatments, or manipulated results. Moreover, as AI models evolve, maintaining the confidentiality, integrity, and availability of data becomes a continuous process rather than a one-time configuration. Effective cybersecurity in AI-assisted radiology requires constant data protection, staff education on digital hygiene, and regular system audits [32].
The rapid advancement of AI and digital technologies has led to an unprecedented expansion of large, diverse datasets over the last decade [33]. DICOM, an international standard protocol developed over 30 years ago, has become one of the most widely adopted protocols in healthcare for managing and transmitting medical images, such as ultrasounds, MRIs, X-rays, and CT scans between different systems [34]. The researchers recently demonstrated that it was possible to use malware to alter the DICOM file format, emphasizing the need to continuously examine defense options of healthcare technologies [32].
A substantial increase in medical data produced by modern technologies in medicine faces the system with constant lack of medical professionals capable of interpreting the outputs. Therefore, AI is considered as a reasonable solution to overcome this human gap [35]. A decade ago, there was a lot of skepticism among healthcare professionals towards AI, due to the fear that they will be replaced by the technology [36]. Following initial skepticism, we proved in our recent research that nowadays, physicians and other healthcare stakeholders are generally accepting of AI as a tool utilized in everyday practice [37]. The current standpoint can be more defined in the way that AI is not meant to replace caregivers, but AI adopters will probably replace those who do not adopt AI. However, the most important step in the adoption process is continuous education [38]. Thus, it is crucial to enable healthcare professionals’ high-quality education in the field of cybersecurity, which should include understanding of ethics of data, access to data, data storage, data transfer, data labeling, and black box concept.
Auditing is an important quality improvement activity and has significant benefits for patients and healthcare systems in terms of enhanced care, safety, experience, and outcomes. Recently, the European Society of Radiology published a paper with recommendations to enhance radiological clinical audits [39]. Additionally, medical devices are subject to audits and should be designed for precise and safe clinical use and must record all user activities to enable incident analysis and root-cause identification. Such log data can subsequently inform cybersecurity enhancements, thereby strengthening the overall security of the institution. Therefore, audits of healthcare systems should be the joint result of cybersecurity principles and staff education where competency assessment may rely on practical, scenario-based activities and regular knowledge checks aligned with everyday clinical workflows, helping ensure that training outcomes translate into operational readiness.
Building on these reflections about system audits and digital accountability, it becomes evident that healthcare security cannot be treated as an isolated technical issue. Modern healthcare operates within a complex threat landscape where cyber, informational, human, and even geopolitical factors intersect. Attacks no longer aim solely to disrupt IT systems; they could increasingly exploit artificial intelligence used in diagnostics and decision-making, manipulate medical data, manipulate personnel because of their digital availability and digital footprint, and erode public trust in institutions.
Cybersecurity threats in DICOM-based medical imaging systems arise primarily from the fact that DICOM was originally designed for use in trusted, closed hospital networks [40]. In typical workflows, imaging modalities, or picture archiving and communication systems (PACS), workstations initiate a DICOM interconnection with a Picture Archiving and Communication System (PACS) server to exchange data. If the server is network-accessible and recognizes the client as authorized, communication proceeds; otherwise, the connection is rejected [41]. Security controls such as firewalls and strict allowlists are critical to prevent unauthorized DICOM communications. Despite these measures, studies have shown that thousands of DICOM servers worldwide have been exposed to the public internet, with many accepting unsolicited DICOM handshakes, highlighting widespread vulnerability [42]. Hospital network security is often insufficient, allowing external access in various cases. In 2017, investigators at Massachusetts General Hospital conducted a rapid scan of the entire IPv4 address space, completing the process in approximately 22 h, to identify publicly exposed DICOM servers [42]. This effort revealed 2782 unsecured servers worldwide, with the majority located in the United States. Among these systems, 821 accepted incoming DICOM connections, and 750 allowed remote querying of patient-related information. Similar findings were reported in 2018 by a cybersecurity researcher at McAfee, who used the internet search engine Shodan to locate DICOM servers directly accessible from the public internet [43]. More than 1100 exposed servers were identified globally, again predominantly in the United States. Using these unsecured systems, the researcher was able to download DICOM image data and even generate a three-dimensional printed model of a patient’s pelvic anatomy.
Security risks also exist within internal hospital networks. In one penetration test, researchers demonstrated that radiology images could be intercepted and altered during transfer from modality to PACS by inserting a small intermediary device into the network [44]. This attack required minimal physical access and time. Encrypting internal DICOM traffic could mitigate such risks, but encryption is often absent due to legacy system incompatibilities and assumptions of safety behind hospital firewalls. Additional protections against image tampering include digital signatures and embedded watermarking techniques [45,46].
Software-level vulnerabilities have also been identified. A reported exploit of the DICOM preamble showed that malicious code could be concealed within a DICOM file without affecting its appearance in standard viewers, potentially executing if opened as an executable. Mitigations include validating or removing the preamble during file import. Reflecting ongoing risk, multiple cybersecurity alerts related to vulnerabilities in commercial PACS systems and DICOM viewers have been issued in recent years [47].
Radiologists are commonly asked to review external patient images on portable media such as CDs or USBs. Such data carriers utilized for radiology image transfer could be vulnerable to tampering and may potentially contain malware that is auto executed onto a local computer. This risk can be reduced by using dedicated systems to securely ingest DICOM images from storage media into PACS instead of delivering physical CDs to radiologists’ workstations [48].
In March 2019, a cybersecurity researcher demonstrated that deep learning techniques could be leveraged to covertly manipulate medical images during transmission from imaging modalities to PACS systems [49]. The method employed two separate neural networks, one designed to introduce pathological findings and another to eliminate them from CT and MRI scans embedded in DICOM messages. The resulting alterations were highly convincing, with 99% of radiologists failing to detect the manipulations during image review. While deep learning-based image forgery had previously been demonstrated in other domains, this work represented the first documented application of such methods to the clandestine modification of three-dimensional medical imaging data.
Shortly thereafter, in April 2019, another researcher revealed a technique for embedding malicious software within DICOM files by exploiting the file preamble [50]. The approach involved repurposing the 128-byte preamble, intended to facilitate compatibility with non-DICOM software, to create a hybrid file format capable of executing code on Windows systems. By inserting executable headers and storing malware within private DICOM attributes, the researcher preserved the integrity of standard image data and public attributes. As a result, the altered files functioned normally within PACS and viewing workstations, displaying images without visible abnormalities, yet executed malicious code when run as a standalone file, ultimately compromising the host system.

7. Security Risks and Cyber Threats in Healthcare and the AI Dimension

In this paper, we argue that healthcare systems operate today within a uniquely volatile and interconnected security environment in which cyber, informational/data, and physical domains are no longer separate. We consider that this convergence has fundamentally transformed the nature of modern threats. Our perspective emphasizes the need to view these challenges as systemic—not as an isolated risk.
Unlike conventional cyber incidents (which typically seek to disrupt operations or steal data) hybrid/modern threats pursue broader operational, strategic, political, or ideological objectives in combined digital intrusions such as ransomware and malware attacks with disinformation and influence operations, supply chain compromise, manipulation of medical or administrative data, espionage and data exfiltration, sabotage of digital infrastructure, disruption of logistics, and critical supplies, and are even targeted to the whole critical infrastructure interference in order to amplify confusion and distrust in achieving systemic paralysis [50,51,52].
In the European Union’s Communication with Guidelines on the Resilience of Critical Entities “the term “hybrid threats” refers to when threat actors, state or non-state, seek to exploit the vulnerabilities of the EU to their own advantage by using a mixture of measures (i.e., diplomatic, military, economic, technological) in a coordinated way, while remaining below the threshold of formal warfare. This category, by definition, usually refers to more than one risk and should therefore be selected together with the other risks, as appropriate” [53].
The healthcare sector is uniquely exposed to such multidimensional assaults due to its dual character and potential impact—just by being simultaneously a critical national infrastructure and a humanitarian service. Hospitals and health networks hold vast amounts of high-value sensitive data and personal data. They depend on a large and complex ecosystem of suppliers and technologies and must maintain uninterrupted operations even under extreme pressure in different risk scenarios. Disrupting hospital information systems [54], corrupting diagnostic algorithms, tampering with patients’ electronic health records, halting the operation of life-support or infusion devices, manipulating AI-assisted systems, falsifying epidemiological dashboards, blocking emergency communication channels, or spreading false information about treatment outcomes can therefore achieve disproportionate social, psychological, political, and economic impact compared to attacks in other sectors. During crises (such as global pandemics and wars or “just” natural disasters) healthcare becomes not only an essential pillar of public welfare and social resilience and stability but also a symbolic and psychological target.
Research related to the protection of critical infrastructure indicates that an interdisciplinary approach is needed. We support this view and further stress that resilience in healthcare cannot rely solely on cybersecurity measures but must include different dimensions (related to the entire ecosystem of an organization; from its security cultural aspects and work habits, and the habits of collaboration among employees and associated personnel, suppliers and other), all the way to concrete improvements of legal, organizational, and technical measures. In our assessment, auditable and traceable health-data flows are a cornerstone of trust and operational continuity, particularly when AI systems are integrated into diagnostic and telemedicine platforms. We propose that monitoring mechanisms for data interception and manipulation should be continuously verifiable and independently auditable where it refers to: usage of immutable logging, cryptographic integrity checks, role-separated audit access, and external verification mechanisms that allow third-party auditors to validate system behavior, data integrity, and AI decision traces without reliance on internal operational staff.
Analyzing connected contexts, for example, Parlov et al. highlight that systems responsible for lawful interception and critical communication monitoring must be designed not only for regulatory compliance but also for resilience, emphasizing data integrity, auditability, and controlled access across complex provider infrastructures, where complexity is related to interconnected human-resource factors and not only technical [55]. When all factors related to business continuity in healthcare and all risks arising from organizational and technical factors are taken into account, the need for auditable and traceable health data flows becomes evident; from the use of AI in diagnostic systems to telemedicine platforms. It is crucial that interception or manipulation of medical data can be detected, verified, and contained before it cascades through the network, where verification must be continuously monitored.
We argue that modern and cyber-threat awareness in healthcare must extend beyond technical monitoring to include counter-influence intelligence as an institutional capability. Considering the fact that healthcare is part of the national resilience ecosystem and within the context of national security, it is necessary to take into account the need for interdisciplinarity in the applied protection measures of this type of critical infrastructure; particularly in aspects of strategic intelligence coordination, especially in monitoring influence operations or targeted disinformation that exploit public trust in medical institutions. Akrap argues that the protection of critical infrastructure cannot rely on isolated digital defense but must combine intelligence, early detection, and take into account hybrid-threat awareness [56]. Esterajher and Mihaljević also clearly pointed out information manipulation as one of the key tools for undermining democratic stability [57].
In the context of healthcare, distorted information; regardless of the manner of its distortion (accidental or intentional) or the areas it covers (which was particularly evident during the pandemic, such as vaccination, the safety of clinical trials, epidemiological statistics, and others) can rapidly destabilize decision-making or seriously undermine patient trust and the legitimacy of the institutions themselves. Countering such manipulation requires not only cybersecurity but also robust information governance and communication ethics frameworks within hospitals and public-health agencies.
Beyond the security-centric context, Deloitte’s research on data asset valuation shows that information now represents a core economic resource with measurable financial value [58]. For healthcare providers, this creates an obligation to treat clinical data, diagnostic images, AI training datasets, methodologies, and the technical aspects used as strategic assets, whose loss or compromise carries not only privacy-related but also financial and operational consequences. Recognizing the quantifiable value of data reframes cybersecurity from a cost center into a fundamental component of sustainable healthcare governance. Integrating data valuation into risk quantification enables healthcare organizations to align cybersecurity investment decisions and cyber-insurance coverage with the actual economic and clinical value of their data assets, thereby supporting more rational allocation of resources and informed governance choices.
Figure 1 presents the conceptual resilience-by-design framework proposed in this review. The framework is structured across four interrelated domains: (1) technological infrastructure, (2) data and AI lifecycle, (3) organizational governance, and (4) human and cognitive factors. These domains are connected through cross-cutting principles of auditability, accountability, and adaptive risk management. Mechanisms such as continuous monitoring, integrity verification, independent auditing, and structured education link the domains and enable feedback loops that support systemic resilience rather than isolated control implementation.
The bottom-up structure of the pyramid reflects the causal chain through which compromised data integrity propagates upward, affecting AI behavior, clinical decision-making, and patient safety. In this sense, unreliable data leads to unreliable AI outputs, flawed decisions, and potential clinical harm, underscoring why resilience must be established at all layers.
The framework is intended for hospital management, clinical department leaders, IT and cybersecurity teams, medical device and AI system suppliers, and regulatory or audit bodies. In practice, it is designed to influence decisions such as procurement of AI diagnostic tools, configuration of imaging and data pipelines, prioritization of cybersecurity investments, response to detected data integrity anomalies, and governance choices regarding AI deployment under regulatory constraints.

8. Risks of Using AI in Healthcare and Medicine

Following we have identified few perspectives that could be used in taking in mind the risks of using AI in healthcare and medicine.
From the management perspective, Martin and Baccarani frame artificial intelligence as a “Dr. Jekyll and Mr. Hyde” phenomenon, capable of supporting rational decisions while also generating systemic risk when left unchecked [59], which in today’s AI age might be the major challenge to deal with and is not only related to security. Within healthcare, this duality is most visible in diagnostic AI systems, which can drastically improve accuracy and efficiency but may also introduce biases and automate errors where outputs are contaminated, making it difficult to revert to the “unbiased” state due to the unknowns related to the “black box,” that is, the inability to fully understand the functioning of the algorithm during its autonomous adaptations and learning.
From the strategic point of view, Akrap and Kamenetskyi analyze identity-based targeting and the cognitive dimensions of hybrid warfare [60]. In the healthcare domain, similar tactics can manifest through campaigns targeted at specific professional groups (for instance, physicians, researchers, nurses, or hospital IT staff) with the intent to coerce, discredit, or mislead them—where protection against such threats demands integrated counter-influence measures as part of medical-institution preparedness. De Valk proposes a shift toward Augmented Intelligence as a way to bridge human reasoning and automated analysis in national-security environments [61]. This approach is particularly relevant for healthcare, where the combination of clinical expertise and AI-driven analytics can help detect early anomalies in patient data and epidemiological trends.
From an operational-security standpoint, Schmitt demonstrates that AI-enabled intrusion–detection systems can significantly enhance the protection of smart infrastructures [62]. Applied to hospital networks, these capabilities can help identify unusual traffic patterns, unauthorized access to medical equipment, anomalies in diagnostic-AI behavior, and other deviations from expected operation. Keeping that in mind, Schmitt also notes that reliance on AI for security introduces new dependencies that must themselves be audited and controlled to avoid cascading failures. In healthcare, much depends on IoT sensors and their connectivity with devices and wider systems, where the security of the communication protocols used has so far been partly neglected compared to IT itself, as the focus was not on the confidentiality and integrity of data but on their real-time availability. In continuation of this, Bharati and Podder discuss machine-learning vulnerabilities in IoT-based environments, where behavioral drift and data manipulation can compromise decision reliability [63]. Hospitals increasingly depend on IoT sensors and connected medical devices whose continuous data feeds could, and on an everyday larger scale do, support AI-based diagnostics, monitoring, and an increasing degree of treatment automation (where data are automatically used for further research). Any compromise in these data flows (whether by unintentional bias, malware, misconfiguration, or direct adversarial injection) can directly affect patient safety.
AI-assisted medical imaging systems illustrate how technical vulnerabilities can translate directly into clinical risk; radiology workflows increasingly rely on DICOM-based image exchange together with AI-supported analysis and clinical triage. As demonstrated by documented attacks on DICOM infrastructures, manipulation of medical images or their associated metadata at different stages of the workflow (such as during acquisition or transmission) can propagate into AI systems that depend on these inputs. In such cases, risk is no longer confined to data confidentiality or system availability but extends to the reliability of clinical reasoning itself.
When AI models are trained on compromised imaging datasets or ingest manipulated DICOM inputs in real time, they may produce erroneous outputs with high confidence that are difficult for clinicians to detect. This creates a distinct risk scenario in which adversarial interference at the data or protocol level can quietly distort diagnostic interpretation and affect subsequent clinical decisions. The DICOM example therefore shows that AI-related risks in healthcare do not arise solely from algorithmic bias or limited model transparency, but also from weaknesses in the digital infrastructures that support clinical data exchange.
From a regulatory standpoint, and in scope of selected EU regulation that is connected directly and indirectly to the healthcare sector, we observe that fragmented governance remains one of the major risks in healthcare AI deployment and recommend a unified approach to AI-risk management that aligns with GDPR [64], AI Act [65], NIS2 [66], CER [67], CRA [68], CSA [69] Data Act [70], Data Governance Act [71], EHDS [72], EU MDR [73], and other healthcare-specific directives, regulations, and compliance frameworks as well as guidelines and opinions issued by ENISA and European Commission. In practice, this patchwork often results in uncertainty: hospitals may satisfy data-protection rules under GDPR yet remain non-compliant with cybersecurity requirements under NIS2 or other regulations. The challenge is therefore not the lack of regulation, but the absence of a coherent governance model that links these rules within the specific operational context of healthcare, as also emphasized by Parlov et al. who propose an integrated framework for aligning the AI Act, GDPR, and ISO-based risk management standards [74].
Recent analyses, including Botunac et al. suggest that integrating AI-specific risk management within highly regulated sectors and with data-protection and resilience frameworks would prevent conflicting interpretations of supplier and controller responsibilities [75]. Such alignment is especially important where medical AI tools process patient data or interact with diagnostic equipment governed by the Medical Device Regulation (MDR). Likewise, Yigit et al. highlight that reliable deployment of AI in critical infrastructure demands common benchmarks and testbeds before real-world use [76]. Translating this to healthcare means that radiology and triage systems should be validated against sector-specific criteria for accuracy, robustness, and explainability rather than generic AI metrics. Without such practical coordination between legal and technical layers, even well-intentioned compliance can leave patients’ safety exposed.
Clarifying responsibilities across the AI lifecycle requires explicit RACI (Responsible, Accountable, Consulted and Informed role) allocation, where suppliers remain responsible for secure design, updates, and documented model behavior, while healthcare institutions act as controllers accountable for lawful use, data governance, configuration, and operational oversight, with shared responsibility for incident response and post-deployment monitoring.
From an institutional perspective, in the European Union’s strategic framework, the healthcare sector is recognized as one of the most exposed domains, where interconnected digital systems, information and operational technologies, sensorics, supply chain and human factors create multiple entry points for coordinated hybrid operations.
The European healthcare sector is experiencing rapid digital transformation driven by electronic health records (EHR), connected medical devices, connected IT/IoT/OT systems, the adoption of artificial intelligence (AI) in diagnostics and decision support and challenges related to the lack of competent of personnel in IT security areas. This evolution has also expanded the attack surface of hospitals, laboratories, healthcare suppliers, and personnel itself.

9. AI and the European Union Agency for Cybersecurity

Against this background of documented vulnerabilities, hybrid threat dynamics, and increasing reliance on AI-supported clinical systems, guidance from European cybersecurity authorities provides an important institutional perspective on risk prioritization and governance gaps in healthcare. According to the ENISA Threat Landscape: Health Sector (2023), which analyzes reported incidents between January 2021 and March 2023 based on open-source intelligence, national CSIRT reporting, and regulatory disclosures, ransomware remains the dominant threat; representing 54% of all incidents, often coupled with data exfiltration and breaches (46%), resulting in significant disruptions to hospital operations and exposure of sensitive patient data. Healthcare providers were the primary targets, with hospitals accounting for 42% of the total incidents. Data-related threats and denial-of-service attacks (9%) also pose an increasing risk, especially during emergencies and critical service delivery. The same report highlights that only 27% of healthcare organizations in the EU have a dedicated ransomware defense program, while 40% lack cybersecurity awareness training for non-IT personnel. Moreover, 95% of organizations face difficulties performing risk assessments, and 46% have never conducted one [52].
The ENISA NIS360 (2024) report underlines the sector’s high dependency on ICT systems (scoring 7/10) and moderate operational resilience. It stresses the need for aligning the NIS2 Directive, Medical Device Regulation, AI Act, and other regulations to establish a unified governance model for digital health resilience [77]. Healthcare organizations should embed cybersecurity requirements into procurement and vendor contracts, conduct regular supplier security audits, establish mechanisms related to monitoring cloud services, and ensure compliance with EU standards on AI safety and data integrity.
As AI becomes deeply integrated into clinical environments, ENISA’s Securing Machine Learning Algorithms (2021) report emphasizes the importance of addressing AI-specific risks such as data poisoning, adversarial attacks, model evasion and inversion, and oracle attacks. It recommends incorporating adversarial training with methods to clean the training dataset from suspicious samples, data validation mechanisms, and differential privacy techniques using mathematical privacy protection techniques to protect AI-based diagnostic and predictive systems from manipulation [78].
Complementing ENISA’s threat intelligence initiatives through issuing guidance and reports, the OpenAI Disrupting Malicious Uses of AI (2025) report demonstrates how malicious actors increasingly exploit AI to automate social engineering, malware development, disinformation, and scam operations, which include the creation of fake recruitment campaigns, deceptive influence operations, AI-assisted cyber intrusions, and other adversarial techniques [79]. In healthcare, such methods could be used to detect fraudulent telemedicine platforms, impersonation of medical staff, or disinformation targeting vaccination campaigns.
Given this evolving landscape and rising hybrid threats, healthcare systems must move from reactive compliance to proactive governance, which requires embedding continuous auditing and adaptive oversight into cybersecurity management, but also in management of personnel. Regular AI system audits, penetration testing, supply-chain assessments, and continuous trainings of personnel should verify the effectiveness of implemented controls and ensure that machine-learning models, data pipelines, connected medical devices, and overall information security in an organization remain secure throughout their lifecycle.
Furthermore, independent audits aligned with standards such as:
-
ISO/IEC 27001 (Information security management systems) [1],
-
ISO/IEC 27002 (Guidance for controls in information security management systems) [2],
-
upcoming EU cybersecurity certification framework,
-
and upcoming ISO/FDIS 27799:2025 (Health Informatics-Information security controls in health based on ISO/IEC 27002) [3]
Can provide formal assurance that both clinical and AI systems meet security, privacy, and reliability requirements and:
-
ISO/IEC 42001/23894 [4,5] (AI management systems/AI risk management,
-
with soon to come CEN CENELEC’s harmonized standards related to AI Act compliance).
Additionally, ISO 28000 (security management systems) [80] for supply chain security and ISO 22301 (business continuity management systems) [6] could help to understand critical processes and their dependencies on third parties (critical and key ICT suppliers), and the need to be continuously monitored.

10. What Institutions Should Do

Insights from ENISA’s sectoral threat intelligence and OpenAI’s recent analysis of malicious AI applications point to the need for a layered, adaptive approach to cybersecurity in healthcare. Rather than relying on isolated technical defenses, institutions should develop a coordinated framework that connects prevention, protection, and response into a continuous learning cycle:
  • Prevention and early detection must become proactive functions.
    1.1.
    AI-driven monitoring tools and sector-specific threat-intelligence platforms can help identify ransomware activity, phishing campaigns, hybrid attacks and other precursors before they escalate into full incidents.
    1.2.
    Integrating automated anomaly detection across clinical and administrative networks allows security teams to act before patient data or operational continuity are endangered.
  • Protection depends on designing resilience into systems from the start. In AI-assisted imaging, resilience-by-design requires that image integrity, provenance, and auditability (as proofs) are preserved throughout the full DICOM lifecycle, from acquisition to AI inference and clinical decision making.
    2.1.
    Embedding resilience-by-design principles, employing adversarial-resistant machine-learning models, enforcing strong encryption throughout AI-enabled medical and supply-chain environments, auditing logs, and keeping an eye on access and privileged rights ensure that the systems can withstand and recover from attempted compromise.
  • Effective response combines technology and human capability.
    3.1.
    AI-assisted forensic analysis can accelerate threat attribution and containment, but its value depends on well-trained personnel.
    3.2.
    Regular cybersecurity education and training (particularly on recognizing AI-driven social-engineering tactics) should be paired with ongoing audits of both information-security controls and AI models to verify their compliance and resilience.
When applied together, these layers form a dynamic defense model in which healthcare organizations not only react to attacks but continuously strengthen their systems through learning and adaptation. In practice, these principles must be translated into safeguards for concrete clinical workflows. Medical imaging infrastructures provide a clear example. Institutions should treat DICOM-based environments not merely as data transport mechanisms, but as critical components of AI-supported diagnostic systems. This implies that integrity controls, authentication, encryption, logging, and anomaly detection must be applied consistently across imaging modalities, PACS, AI analysis pipelines, and archival systems. Without such end-to-end protection, even well-designed AI tools remain vulnerable to upstream manipulation that can compromise clinical outputs while bypassing conventional security monitoring focused on network availability or perimeter defense.
Training outcomes should be defined in terms of measurable improvements in incident recognition, reporting accuracy, adherence to security procedures, and informed use of AI outputs in clinical decision-making. A phased deployment roadmap may begin with baseline awareness training, followed by role-specific technical education, integration with audit and monitoring processes, and periodic reassessment aligned with system updates and evolving threat landscapes (Table 1).

11. Conclusions

The transformation of healthcare through artificial intelligence represents not only a technological shift, but also a structural change in how clinical systems are designed, operated, and governed. Medicine has always relied on trust and professional responsibility, and these foundations are increasingly mediated by digital infrastructures that process data, support decisions, and shape clinical workflows. While AI offers significant potential to improve diagnostics and clinical efficiency, it also introduces risks that extend beyond conventional cybersecurity concerns and directly affect patient safety and institutional reliability. This review contributes by linking documented imaging-system vulnerabilities to AI-related clinical risk and governance requirements in healthcare. In that context, we strongly support the opinion of the European Committee of the Regions on Cybersecurity of Hospitals and Healthcare Providers (C/2025/4415), which rightly stresses that cybersecurity in healthcare is a matter of European and local security, not just of IT management [81]. We fully share its view that cybersecurity must be designed into healthcare systems from the very beginning, that local and regional levels must be empowered to act, and that patient safety and trust depend on mature and well-coordinated digital resilience. The Committee’s call for “cybersecurity-by-design” and for regional cybersecurity support centres echoes our own argument that resilience must be built collectively through cooperation, education, sharing of expertise and caring for each other in new ways, rather than through fragmented or reactive responses (or, even worse, confusing responses).
Security and privacy are two sides of the same coin. Protecting patient data means protecting patient dignity. It means recognizing that every dataset represents a human story, and that every breach is not merely a loss of information but also a violation of trust. As researchers, clinicians, technologists, intelligence analysts, and security professionals, we believe that this profoundly human dimension must guide all our efforts to integrate AI safely, ethically, and responsibly into medical practice.
Our collective conclusion is therefore simple but urgent: developing and improving societal trust in health and medical sectors through its resilience against modern and emerging cyber-related threats. Artificial intelligence will undoubtedly continue to reshape medicine and healthcare, but whether it strengthens or undermines the human values at its core depends on the decisions we make today.
In our experience, we have seen how the growing dependence of medicine and healthcare on interconnected digital systems (from hospital networks to wearable sensors and AI-driven diagnostic models) creates both a large opportunity and maybe even larger vulnerability if risk scenarios are not properly taken. When digital infrastructure becomes the foundation of public health—any compromise in its integrity can rapidly escalate from a technical failure into a social, ethical, national—and even geopolitical crisis. In this sense, medical and healthcare security and resilience is inseparable from national and European resilience—from institutional integrity and from the protection of the public trust that sustains healthcare itself.

Funding

This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

No new data were created or analyzed in this study. Data sharing is not applicable to this article.

Acknowledgments

To ensure clarity and consistency in English, AI-based translation tools were used for language translation and style polishing. The content, structure, and scientific contributions remain the sole work of the authors.

Conflicts of Interest

The authors declare no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
AHIArtificial Hyperintelligence
AIArtificial Intelligence
ASIArtificial Superintelligence
BCMSBusiness Continuity Management System
CENEuropean Committee for Standardization
CENELECEuropean Committee for Electrotechnical Standardization
CEREU Critical Entities Resilience Directive
CRACyber Resilience Act
CSAEU Cybersecurity Act
CSIRTComputer Security Incident Response Team
DG HOMEEC Directorate-General for Migration and Home Affairs
DHSDepartment of Homeland Security (USA)
DICOMDigital Imaging and Communications in Medicine
ECEuropean Commission
EHDSEuropean Health Data Space
EHRElectronic Health Records
ENISAEU Agency for Cybersecurity
ESREuropean Society of Radiology
FBIFederal Bureau of Investigation (USA)
FDISFinal Draft International Standard
GDPREU General Data Protection Regulation
GPAIGeneral-Purpose Artificial Intelligence
ICSIndustrial Control Systems
IECInternational Electrotechnical Commission
IoEInternet of Everything
IoMTInternet of Medical Things
IoTInternet of Things
IPv4Internet Protocol ver. 4
ISMSInformation Security Management System
ISOInternational Organization for Standardization
LLMLarge Language Models
MDRMedical Device Regulation
MLMachine Learning
MRIMagnetic Resonance Imaging
NIS2Directive on Network and Security of Information Systems
OTOperational Technology
PACSPicture Archiving and Communication System
RACIResponsible, Accountable, Consulted, Informed
SCADASupervisory Control and Data Acquisition
UNESCOUnited Nations Educational, Scientific and Cultural Organization

References

  1. ISO/IEC 27001:2022; Information Technology—Security Techniques—Information Security Management Systems—Requirements. ISO/IEC: Geneva, Switzerland, 2022.
  2. ISO/IEC 27002:2022; Information Security, Cybersecurity and Privacy Protection—Information Security Controls. ISO/IEC: Geneva, Switzerland, 2022.
  3. ISO/FDIS 27799:2025; Health Informatics—Information Security Controls in Health Based on ISO/IEC 27002. ISO: Geneva, Switzerland, 2025.
  4. ISO/IEC 42001:2023; Information Technology—Artificial Intelligence—Management System. ISO: Geneva, Switzerland, 2023.
  5. ISO/IEC 23894:2023; Information Technology—Artificial Intelligence—Guidance on Risk Management. ISO/IEC: Geneva, Switzerland, 2023.
  6. ISO/IEC 22301:2019; Security and resilience—Business Continuity Management Systems—Requirements. ISO: Geneva, Switzerland, 2019.
  7. American Hospital Association; Federal Bureau of Investigation. 2024 FBI Internet Crime Report. 2025. Available online: https://www.aha.org/system/files/media/file/2025/05/2024-fbi-internet-crime-report.pdf (accessed on 4 January 2026).
  8. IBM. Healthcare Industry Attack Trends 2024. 2024. Available online: https://www.ibm.com/think/insights/healthcare-industry-attack-trends-2024 (accessed on 4 January 2026).
  9. Li, S.; Surineni, K.; Prabhakaran, N. Cyber-Attacks on Hospital Systems: A Narrative Review. Am. J. Geriatr. Psychiatry Open Sci. Educ. Pract. 2025, 7, 30–39. [Google Scholar] [CrossRef]
  10. Jain, S.; Sukul, P.; Groppe, J.; Warnke, B.; Harde, P.; Jangid, R.; Rehan, W.; Cotrado, Y.; Fischer, S.; Groppe, S. A Scientometric Analysis of Reviews on the Internet of Things. J. Supercomput. 2025, 81, 757. [Google Scholar] [CrossRef]
  11. Elsevier. Internet of Everything. ScienceDirect Topics, Computer Science. Available online: https://www.sciencedirect.com/topics/computer-science/internet-of-everything (accessed on 3 February 2026).
  12. Asimily. 10 IoT Healthcare Examples. 2021. Available online: https://asimily.com/blog/10-iot-healthcare-examples/ (accessed on 3 February 2026).
  13. Stryker, C.; Kavlakoglu, E. What Is Artificial Intelligence (AI)? IBM Think. Available online: https://www.ibm.com/think/topics/artificial-intelligence (accessed on 15 October 2025).
  14. Mucci, T.; Stryker, C. What Is Artificial Superintelligence? IBM Think. 2025. Available online: https://www.ibm.com/think/topics/artificial-superintelligence (accessed on 2 October 2025).
  15. Russell, S.J.; Norvig, P. Artificial Intelligence: A Modern Approach, 4th ed.; Pearson: Hoboken, NJ, USA, 2021. [Google Scholar]
  16. Infosecurity-Magazine. Data Breaches and Human Error. Available online: https://www.infosecurity-magazine.com/news/data-breaches-human-error/ (accessed on 2 October 2025).
  17. SentinelOne. Key Cyber Security Statistics for 2025. 2025. Available online: https://www.sentinelone.com/cybersecurity-101/cybersecurity/cyber-security-statistics/ (accessed on 2 October 2025).
  18. Industrial Cyber. OTORIO Confirms Iranian Hackers Gained Access to ICS At an Israeli Water Reservoir. Available online: https://industrialcyber.co/news/otorio-confirms-iranian-hackers-gained-access-to-ics-at-an-israeli-water-reservoir/ (accessed on 1 October 2025).
  19. Finlayson, S.G.; Chung, H.W.; Kohane, I.S.; Beam, A.L. Adversarial Attacks Against Medical Deep Learning Systems. arXiv 2018, arXiv:1804.05296. Available online: https://arxiv.org/abs/1804.05296 (accessed on 1 October 2025).
  20. Finlayson, S.G.; Bowers, J.D.; Ito, J.; Zittrain, J.L.; Beam, A.L.; Kohane, I.S. Adversarial Attacks on Medical Machine Learning. Science 2019, 363, 1287–1289. [Google Scholar] [CrossRef]
  21. Trifunović, D.; Bjelica, Z. Cyber War—Trends and Technologies. Natl. Secur. Future 2020, 21, 65–94. [Google Scholar] [CrossRef]
  22. OWASP Foundation. ML02:2023 Data Poisoning Attack. Available online: https://owasp.org/www-project-machine-learning-security-top-10/docs/ML02_2023-Data_Poisoning_Attack (accessed on 1 October 2025).
  23. Scherpenisse, W. The Stuxnet Operation: Why It Is Not Plausible That DUTCH Intelligence and Security Services Acted Independently. Erasmus School of Law News. Available online: https://www.eur.nl/en/esl/news/stuxnet-operation-why-it-not-plausible-dutch-intelligence-and-security-services-acted-independently (accessed on 1 October 2025).
  24. Shutenko, V.; Solovei, A. Disadvantages of AI in Healthcare: What CTO Should be Aware of (+Real Case and Security Expert Predictions). TechMagic. 2025. Available online: https://www.techmagic.co/blog/cons-of-ai-in-healthcare (accessed on 10 January 2026).
  25. Biasin, E.; Kamenjašević, E.; Ludvigsen, K.R. Cybersecurity of AI medical devices: Risks, legislation, and challenges. In Research Handbook on Health, AI and the Law; Solaiman, B., Cohen, I.G., Eds.; Edward Elgar Publishing Ltd.: Cheltenham, UK, 2024; Chapter 4. Available online: https://www.ncbi.nlm.nih.gov/books/NBK613217/ (accessed on 1 October 2025).
  26. U.S. Department of Homeland Security. Groundbreaking Framework for the Safe and Secure Deployment of AI in Critical Infrastructure. DHS News Release. 2024. Available online: https://www.dhs.gov/archive/news/2024/11/14/groundbreaking-framework-safe-and-secure-deployment-ai-critical-infrastructure (accessed on 3 January 2026).
  27. Skills for Health. Types of Resilience Impacting Healthcare. Available online: https://www.skillsforhealth.org.uk/article/types-of-resilience-impacting-healthcare/ (accessed on 14 January 2026).
  28. Damar, M.; Özen, A.; Yılmaz, A. Cybersecurity in the Health Sector in the Reality of Artificial Intelligence, and Information Security Conceptually. J. AI 2024, 8, 61–82. [Google Scholar] [CrossRef]
  29. Kruse, C.S.; Frederick, B.; Jacobson, T.; Monticone, D.K. Cybersecurity in Healthcare: A Systematic Review of Modern Threats and Trends. Technol. Health Care 2017, 25, 1–10. [Google Scholar] [CrossRef]
  30. HIMSS. 2020 HIMSS Healthcare Cybersecurity Survey. Available online: https://www.himss.org/resources/2020-himss-healthcare-cybersecurity-survey/ (accessed on 12 October 2025).
  31. ECRI. Top 10 Health Technology Hazards for 2021: Expert Insights from Health Devices. 2021. Available online: https://assets.ecri.org/PDF/Solutions/Device-Evaluations/ECRI-Top10Hazards_2021_EB.pdf (accessed on 12 October 2025).
  32. Kelly, B.S.; Quinn, C.; Belton, N.; Lawlor, A.; Killeen, R.P.; Burrell, J. Cybersecurity Considerations for Radiology Departments Involved with Artificial Intelligence. Eur. Radiol. 2023, 33, 8833–8841. [Google Scholar] [CrossRef] [PubMed]
  33. Dinov, I.D. Volume and Value of Big Healthcare Data. J. Med. Stat. Inform. 2016, 4, 3. [Google Scholar] [CrossRef] [PubMed]
  34. Mildenberger, P.; Eichelberg, M.; Martin, E. Introduction to the DICOM Standard. Eur. Radiol. 2002, 12, 920–927. [Google Scholar] [CrossRef]
  35. Rimmer, A. Radiologist Shortage Leaves Patient Care at Risk, Warns Royal College. BMJ 2017, 359, j4683. [Google Scholar] [CrossRef]
  36. European Society of Radiology (ESR). Impact of Artificial Intelligence on Radiology: A EuroAIM Survey among Members of the European Society of Radiology. Insights Into Imaging 2019, 10, 105. [Google Scholar] [CrossRef]
  37. Dumić-Čule, I.; Orešković, T.; Brkljačić, B.; Kujundžić Tiljak, M.; Orešković, S. The Importance of Introducing Artificial Intelligence to the Medical Curriculum—Assessing Practitioners’ Perspectives. Croat. Med. J. 2020, 61, 457–464. [Google Scholar] [CrossRef]
  38. Orešković, T.; Snoj, Ž.; Sanwalka, M.; Brkljačić, B.; Kujundžić Tiljak, M.; Orešković, S.; Dumić-Čule, I. A Survey on Practitioners’ Attitudes toward Artificial Intelligence in Radiology. Croat. Med. J. 2023, 64, 289–291. [Google Scholar] [CrossRef] [PubMed]
  39. Howlett, D.C.; Kumi, P.; Kloeckner, R.; Bargallo, N.; Baessler, B.; Becker, M.; Ebdon-Jackson, S.; Karoussou-Schreiner, A.; Loewe, C.; Sans Merce, M.; et al. Clinical Audit in European Radiology: Current Status and Recommendations for Improvement Endorsed by the European Society of Radiology (ESR). Insights Into Imaging 2023, 14, 71. [Google Scholar] [CrossRef]
  40. Bidgood, W.D., Jr.; Horii, S.C.; Prior, F.W.; Van Syckle, D.E. Understanding and using DICOM, the data interchange standard for biomedical imaging. J. Am. Med. Inform. Assoc. 1997, 4, 199–212. [Google Scholar] [PubMed]
  41. Desjardins, B.; Mirsky, Y.; Ortiz, M.P.; Glozman, Z.; Tarbox, L.; Horn, R.; Horii, S.C. DICOM images have been Hacked! Now What? AJR Am. J. Roentgenol. 2020, 214, 727–735. [Google Scholar] [CrossRef] [PubMed]
  42. Stites, M.; Pianykh, O.S. How secure is your radiology department? mapping digital radiology adoption and security worldwide. AJR Am. J. Roentgenol. 2016, 206, 797–804. [Google Scholar] [CrossRef]
  43. Beek, C. McAfee Researchers Find Poor Security Exposes Medical Data to Cybercriminals. Available online: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-researchers-find-poor-security-exposes-medical-data-to-cybercriminals/ (accessed on 5 January 2026).
  44. Mirsky, Y.; Mahler, T.; Shelef, I.; Elovici, Y. CT-GAN: Malicious Tampering of 3D medical imagery using deep learning. In SEC’19: Proceedings of the 28th USENIX Conference on Security Symposium; USENIX Association: Berkeley, CA, USA, 2019; pp. 461–478. [Google Scholar]
  45. Zermi, N.; Khaldi, A.; Kafi, R.; Kahlessenane, F.; Euschi, S. A DWT-SVD based robust digital watermarking for medical image security. Forensic Sci. Int. 2021, 320, 110691. [Google Scholar] [CrossRef] [PubMed]
  46. Cao, F.; Huang, H.K.; Zhou, X.Q. Medical image security in a HIPAA mandated PACS environment. Comput. Med. Imaging Graph. 2003, 27, 185–196. [Google Scholar] [CrossRef]
  47. Nguyen, X.V.; Petscavage-Thomas, J.M.; Straus, C.M.; Ikuta, I. Cybersecurity in radiology: Cautionary Tales, Proactive Prevention, and What to do When You Get Hacked. Curr. Probl. Diagn. Radiol. 2025, 54, 245–250. [Google Scholar] [CrossRef] [PubMed]
  48. Eichelberg, M.; Kleber, K.; Kammerer, M. Cybersecurity challenges for PACS and medical imaging. Acad. Radiol. 2020, 27, 1126–1139. [Google Scholar] [CrossRef]
  49. Mirsky, Y.; Mahler, T.; Shelef, I.; Elovici, Y. CT-GAN: Malicious tampering of 3D medical imagery using deep learning. arXiv 2019, arXiv:1901.03597. [Google Scholar] [CrossRef]
  50. National Institute of Standards and Technology (NIST). National Vulnerability Database. Available online: https://nvd.nist.gov/vuln (accessed on 8 January 2026).
  51. Wolff, J. The Cybersecurity Threat Ailing Healthcare. Econofact. 2024. Available online: https://econofact.org/the-cybersecurity-threat-ailing-healthcare (accessed on 21 September 2025).
  52. European Union Agency for Cybersecurity (ENISA). ENISA Threat Landscape: Health Sector (January 2021 to March 2023); ENISA: Athens, Greece, 2023. [Google Scholar] [CrossRef]
  53. European Commission. Communication from the Commission: Guidelines on the Resilience of Critical Entities. In Annex to Commission Communication C(2025) 6094 Final; Directorate-General for Migration & Home Affairs: Brussels, Belgium, 2025; Available online: https://home-affairs.ec.europa.eu/document/download/27705476-e221-48e3-ab8f-ab3e95545726_en?filename=Communication%20with%20guidelines%20on%20the%20resilience%20of%20critical%20entities-annex_en.pdf (accessed on 21 October 2025).
  54. Mlinarić, R. KBC Zagreb Reportedly Targeted by LockBit 3.0 Hacker Group. HINA. 2024. Available online: https://www.hina.hr/news/11667074 (accessed on 30 September 2025).
  55. Parlov, N.; Sičaja, Ž.; Katulić, T.; Luša, R. Information Security and the Lawful Interception of Communications through Telecom Service Providers Infrastructure: Advanced Model System Architecture. Polic. I Sigur. 2021, 30, 112–130. [Google Scholar]
  56. Akrap, G. Hibridne Prijetnje i Izazovi—Operacije Utjecaja i Moderno-Sigurnosno Okružje; Hrvatska sveučilišna nakalda, Zagreb, Croatia, Sveučilište u Mostaru: Mostar, Bosnia and Herzegovina, 2023. [Google Scholar]
  57. Esterajher, J.; Mihaljević, P. Manipulacija Informacijama kao Ugroza Demokracije. In Zbornik Radova Međunarodne Znanstveno-Stručne Konferencije 6. Istraživački Dani Visoke Policijske Škole u Zagrebu—“Idemo li Ukorak s Novim Sigurnosnim Izazovima?”; Cajner Mraović, I., Kondor Langer, M., Eds.; Ministarstvo Unutarnjih Poslova Republike Hrvatske: Zagreb, Croatia, 2020; pp. 465–477. Available online: https://cpi.gov.hr/UserDocsImages/konferencije/IDVPS/VII/zbornik/MUP%20zbornik%20radova%207%20-%206%20Esterajher.pdf (accessed on 21 October 2025).
  58. Deloitte. Understanding the Value of Your Data Assets. 2020. Available online: https://www.deloitte.com/content/dam/assets-shared/en_gb/legacy/docs/Valuation-Data-Digital.pdf (accessed on 20 October 2025).
  59. Martin, J.A.; Baccarani, C. AI in Management: Dr. Jekyll or Mr. Hyde? In Proceedings of the 11th European International School on Information and Communication Technologies (EISIC); University of Verona: Verona, Italy, 2021; Available online: https://sites.les.univr.it/eisic/wp-content/uploads/2021/10/27-Martin-Baccarani.pdf (accessed on 20 October 2025).
  60. Akrap, G.; Kamenetskyi, M. Hybrid Threats and the Power of Identity—Comparing Croatia and Ukraine. In Preparing for Hybrid Threats to Security—Collaborative Preparedness and Response; Borch, O.J., Heier, T., Eds.; Routledge: London, UK; New York, NY, USA, 2024; pp. 218–233. [Google Scholar] [CrossRef]
  61. de Valk, G. Analytic Black Holes: A Data-Oriented Perspective. Natl. Secur. Future 2022, 23, 21–48. [Google Scholar] [CrossRef]
  62. Schmitt, M. Securing the Digital World: Protecting Smart Infrastructures and Digital Industries with Artificial Intelligence (AI)-Enabled Malware and Intrusion Detection. J. Ind. Inf. Integr. 2023, 36, 100520. [Google Scholar] [CrossRef]
  63. Bharati, S.; Podder, P. Machine and Deep Learning for IoT Security and Privacy: Applications, Challenges, and Future Directions. Secur. Commun. Netw. 2022, 2022, 1–41. [Google Scholar] [CrossRef]
  64. European Parliament; Council of the European Union. Regulation (EU) 2016/679 of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation). OJ L 119. 4 May 2016, pp. 1–88. Available online: https://eur-lex.europa.eu/eli/reg/2016/679/oj (accessed on 20 October 2025).
  65. European Parliament; Council of the European Union. Regulation (EU) 2024/1689 of 13 June 2024 Laying Down Harmonised rules on Artificial Intelligence (Artificial Intelligence Act). OJ L 158. 27 June 2024, pp. 1–210. Available online: http://data.europa.eu/eli/reg/2024/1689/oj (accessed on 20 October 2025).
  66. European Parliament; Council of the European Union. Directive (EU) 2022/2555 of 14 December 2022 on Measures for a High Common Level of Cybersecurity Across the Union, Amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and Repealing Directive (EU) 2016/1148 (NIS 2 Directive). OJ L 333. 27 December 2022, pp. 80–152. Available online: https://eur-lex.europa.eu/eli/dir/2022/2555/oj (accessed on 20 October 2025).
  67. European Parliament; Council of the European Union. Directive (EU) 2022/2557 of 14 December 2022 on the Resilience of Critical Entities and Repealing Council Directive 2008/114/EC. OJ L 333. 27 December 2022, pp. 164–198. Available online: https://eur-lex.europa.eu/eli/dir/2022/2557/oj/eng (accessed on 21 October 2025).
  68. European Parliament; Council of the European Union. Regulation (EU) 2024/2847 of 23 October 2024 on Horizontal Cybersecurity Requirements for Products with Digital Elements and Amending REGULATIONS (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act). OJ L. 20 November 2024. Available online: https://eur-lex.europa.eu/eli/reg/2024/2847/oj/eng (accessed on 21 October 2025).
  69. European Parliament; Council of the European Union. Regulation (EU) 2019/881 of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on Information and Communications Technology Cybersecurity Certification and Repealing Regulation (EU) No 526/2013 (Cybersecurity Act). OJ L 151. 7 June 2019, pp. 15–69. Available online: https://eur-lex.europa.eu/eli/reg/2019/881/oj/eng (accessed on 21 October 2025).
  70. European Parliament; Council of the European Union. Regulation (EU) 2023/2854 of 13 December 2023 on Harmonised Rules on Fair Access to and Use of Data (Data Act). OJ L. 22 December 2023. Available online: https://eur-lex.europa.eu/eli/reg/2023/2854/oj (accessed on 21 October 2025).
  71. European Parliament; Council of the European Union. Regulation (EU) 2022/868 of 30 May 2022 on European Data Governance and Amending Regulation (EU) 2018/1724 (Data Governance Act). OJ L 152. 3 June 2022, pp. 1–44. Available online: https://eur-lex.europa.eu/eli/reg/2022/868/oj (accessed on 21 October 2025).
  72. European Parliament; Council of the European Union. Regulation (EU) 2025/327 of 11 February 2025 on the European Health Data Space and Amending Directive 2011/24/EU and Regulation (EU) 2024/2847. OJ L 2025/327. 5 March 2025. Available online: https://eur-lex.europa.eu/legal-content/HR/TXT/?uri=OJ:L_202500327 (accessed on 21 October 2025).
  73. European Parliament; Council of the European Union. Regulation (EU) 2017/745 of 5 April 2017 on Medical Devices, Amending Directive 2001/83/EC, Regulation (EC) No 178/2002 and Regulation (EC) No 1223/2009 and Repealing Council Directives 90/385/EEC and 93/42/EEC. OJ L 117. 5 May 2017, pp. 1–175. Available online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02017R0745-20250110 (accessed on 20 October 2025).
  74. Parlov, N.; Mateša, B.; Mladinić, A. Structuring AI Risk Management Framework: EU AI Act FRIA, GDPR DPIA and ISO 42001/23894. In 2025 14th Mediterranean Conference on Embedded Computing (MECO); IEEE: Budva, Montenegro, 2025; pp. 1–8. [Google Scholar] [CrossRef]
  75. Botunac, I.; Parlov, N.; Bosna, J. Opportunities of Gen AI in the Banking Industry with Regards to the AI Act, GDPR, Data Act and DORA. In Proceedings of the 2024 13th Mediterranean Conference on Embedded Computing (MECO); IEEE: Budva, Montenegro, 2024. [Google Scholar] [CrossRef]
  76. Yigit, Y.; Ferrag, M.A.; Ghanem, M.C.; Sarker, I.H.; Maglaras, L.A.; Chrysoulas, C.; Moradpoor, N.; Tihanyi, N.; Janicke, H. Generative AI and LLMs for Critical Infrastructure Protection: Evaluation Benchmarks, Agentic AI, Challenges, and Opportunities. Sensors 2025, 25, 1666. [Google Scholar] [CrossRef]
  77. European Union Agency for Cybersecurity (ENISA). ENISA NIS360 2024: ENISA Cybersecurity Maturity & Criticality Assessment of NIS2 Sectors; ENISA: Athens, Greece, 2025. [Google Scholar] [CrossRef]
  78. European Union Agency for Cybersecurity (ENISA). Securing Machine Learning Algorithms; ENISA: Athens, Greece, 2021. [Google Scholar] [CrossRef]
  79. OpenAI. Disrupting Malicious Uses of AI: June 2025; OpenAI: San Francisco, CA, USA, 2025. [Google Scholar]
  80. ISO 28000:2022; Security and Resilience—Security Management Systems—Requirements. ISO: Geneva, Switzerland, 2022.
  81. European Committee of the Regions. Opinion—Cybersecurity of Hospitals and Healthcare Providers. Own-initiative opinion C/2025/4415. OJ C. 29 August 2025. Available online: https://eur-lex.europa.eu/eli/C/2025/4415/oj (accessed on 22 October 2025).
Applsci 16 01736 g001
Figure 1. Resilience-by-Design Pyramid for AI-Enabled Healthcare Systems. Source: Author’s work.
Figure 1. Resilience-by-Design Pyramid for AI-Enabled Healthcare Systems. Source: Author’s work.
Applsci 16 01736 g001
Table 1. Layered Defense Model for AI-Enabled Healthcare Systems. Source: Author’s work.
Table 1. Layered Defense Model for AI-Enabled Healthcare Systems. Source: Author’s work.
DEFENSE LAYERKEY MECHANISMS AND CONTROLSCLINICAL/OPERATIONAL SCOPEMEASURABLE OUTCOMES AND VERIFICATION
1. Prevention and Early DetectionAI-driven monitoring; sector-specific threat intelligence; automated anomaly detection across clinical and administrative networksHospital IT/OT networks; EHR systems; PACS; IoMT and AI-enabled servicesReduced time to detection; increased early incident identification; verified through monitoring metrics, alert accuracy, and incident statistics
2. Protection (Resilience-by-Design)Data integrity and provenance controls; adversarial-resistant AI models; encryption of data in transit and at rest; access and privilege management; continuous log auditingDICOM lifecycle (acquisition, transmission, AI inference, clinical decision); supply-chain and AI pipelinesVerified integrity of medical data and AI outputs; compliance with security policies; audit logs and integrity checks confirm control effectiveness
3. Effective Response and RecoveryAI-assisted forensic analysis; incident response procedures; trained personnel; coordinated audit and compliance checksIncident handling across clinical workflows; post-incident system validationReduced impact duration; successful containment; post-incident audits and root-cause analyses
4. Education and Continuous ImprovementBaseline cybersecurity awareness; role-specific technical training; periodic reassessment aligned with system and threat evolutionClinical staff, IT/security teams, management and system ownersImproved incident recognition and reporting accuracy; training assessments; audit-aligned competency evaluations
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Akrap, G.; Dumić-Čule, I.; Parlov, N.; Jandroković, S. Medicine in the Age of Artificial Intelligence: Cybersecurity, Hybrid Threats and Resilience. Appl. Sci. 2026, 16, 1736. https://doi.org/10.3390/app16041736

AMA Style

Akrap G, Dumić-Čule I, Parlov N, Jandroković S. Medicine in the Age of Artificial Intelligence: Cybersecurity, Hybrid Threats and Resilience. Applied Sciences. 2026; 16(4):1736. https://doi.org/10.3390/app16041736

Chicago/Turabian Style

Akrap, Gordan, Ivo Dumić-Čule, Natalija Parlov, and Sonja Jandroković. 2026. "Medicine in the Age of Artificial Intelligence: Cybersecurity, Hybrid Threats and Resilience" Applied Sciences 16, no. 4: 1736. https://doi.org/10.3390/app16041736

APA Style

Akrap, G., Dumić-Čule, I., Parlov, N., & Jandroković, S. (2026). Medicine in the Age of Artificial Intelligence: Cybersecurity, Hybrid Threats and Resilience. Applied Sciences, 16(4), 1736. https://doi.org/10.3390/app16041736

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop