Securing AI-Powered Radiotherapy: IoMT Defense for Siemens Healthineers Deployments

As we move through 2026, the convergence of Artificial Intelligence and clinical oncology is accelerating. Pantai Hospital Kuala Lumpur's recent deployment of a Siemens Healthineers AI-powered radiotherapy system marks a significant leap in personalized cancer care. However, for security practitioners, this represents a critical expansion of the attack surface. Integrating advanced AI into the radiotherapy stack—systems that rely on precise, non-negotiable data integrity—introduces high-stakes risks that demand immediate defensive rigor.

Introduction

The modernization of cancer therapy with AI-driven radiosurgery offers immense patient benefits, but it fundamentally changes the threat model for healthcare delivery. These systems are no longer isolated islands of operational technology (OT); they are deeply interconnected nodes within the hospital enterprise network, ingesting vast datasets to inform life-critical decisions. For SOC analysts and CISOs, the introduction of an AI-powered radiotherapy system like the one at Pantai Hospital is a trigger event: it requires a reassessment of network segmentation, vendor risk management, and integrity monitoring. The risk is no longer just data theft; it is the potential manipulation of treatment protocols or the disruption of essential care via ransomware targeting high-value IoMT assets.

Technical Analysis

Affected Product & Platform:

• Product: AI-Powered Radiotherapy System (Siemens Healthineers)
• Environment: Healthcare Clinical Environment (HCE), connecting to PACS (Picture Archiving and Communication Systems) and EMR/EHR systems.

System Architecture & Risk Vector: While the news item does not disclose a specific CVE, the deployment of AI-driven medical devices creates specific defensive challenges:

1. Data Pipeline Integrity: These systems aggregate patient imagery and historical data to train or infer treatment plans. The pipeline feeding the AI model is a high-value target. An adversary compromising the network segment could manipulate input data (DICOM headers or pixel data), potentially leading the AI to miscalibrate dosage.
2. Bidirectional Connectivity: Unlike legacy radiotherapy machines, modern AI-enabled units often require outbound connectivity for model updates, telemetry, and cloud-based collaboration. This pierces traditional "air-gapped" defenses, increasing exposure to web-based threats and supply-chain compromise.
3. OT/IT Convergence: The system acts as a bridge between highly sensitive clinical data (IT) and physical radiation delivery hardware (OT). A compromise here allows attackers to pivot from information technology into operational technology controls.

Defensive Perspective: In 2026, we see threat actors specifically hunting for AI workloads. Defenders must assume that any node contributing to an AI decision-making process is a target for data poisoning or model inversion attacks. The integrity of the treatment plan is the crown jewel.

Executive Takeaways

1. Enforce Strict Micro-Segmentation for IoMT: The AI-radiotherapy system must reside on an isolated VLAN, strictly separated from the general hospital network and the internet. Access should be controlled via a next-generation firewall with application-level inspection, allowing only necessary DICOM and HL7 traffic to and from specific PACS nodes.

2. Establish AI Supply Chain Integrity Controls: Treat the AI model updates from Siemens Healthineers as critical software updates. Implement a code-signing verification process before any model or algorithm update is applied to the production system. Ensure the supply chain for these updates is cryptographically verified to prevent the insertion of tampered models.

3. Implement Anomaly Detection on DICOM Traffic: Deploy monitoring (e.g., Zeek or specialized DPI) on the radiotherapy network segment. Detect anomalies in DICOM traffic volume or unusual metadata modifications. Sudden bulk extraction of patient imagery or modification of dosage parameters in transit should trigger an immediate high-severity alert.

4. Audit Vendor Remote Access Protocols: Vendors often require remote access for maintenance and calibration of these complex systems. Enforce a Zero Trust Network Access (ZTNA) model for all vendor connections. No static VPNs; session access must be time-bound, recorded, and require explicit approval from hospital biomedical engineering.

5. Harden the Underlying OS Stack: While the application is specialized, the underlying OS is often a standard Windows or Linux variant. Ensure the OS is hardened against commodity ransomware (e.g., 2026 variants) which often compromises medical devices as a stepping stone to the wider network.

Remediation

To secure the deployment of AI-powered radiotherapy systems like the one at Pantai Hospital, execute the following hardening steps immediately:

1. Network Isolation:

   • Verify that the radiotherapy system is placed in a dedicated security zone.
   • Configure firewall rules to allow traffic only from known PACS servers and the specific workstation used by oncologists. Block all internet egress unless absolutely necessary for clinical function, and if required, proxy it through an inspection tier.

2. Vendor Coordination:

   • Contact Siemens Healthineers support to obtain the latest security advisory and firmware version for the specific installed model.
   • Review the "Security Implementation Guide" provided by the vendor to ensure default passwords (if any) have been changed and unnecessary services (Telnet, FTP) are disabled.

3. Asset Inventory & Baselining:

   • Register the device in your Healthcare Security Management Platform (HSMP).
   • Establish a baseline of normal network activity and CPU usage for the AI inference engine. Deviations from this baseline often indicate compromise or hardware malfunction.

4. Access Control:

   • Ensure physical access to the console is restricted to authorized radiation oncologists and technicians.
   • Disable USB ports if clinical workflows permit to prevent malware introduction via physical media.

Related Resources

Security Arsenal Managed SOC Services AlertMonitor Platform Book a SOC Assessment soc-mdr Intel Hub