Fresh research from the University of East Anglia (UEA) could transform how the NHS protects patients' medical images from cyber‑attacks.
Computer scientists have developed a breakthrough way to encrypt medical images such as X‑rays, CT scans and MRIs, keeping them secure even if hospital networks are breached.
Medical imaging systems have been repeatedly identified as weak points, with many relying on legacy protocols that were never designed to be exposed to the internet, making image‑level encryption an urgent priority.
Developed by researchers at the University of East Anglia in collaboration with international partners, the new encryption approach uses advanced mathematical techniques to make each protected image uniquely unpredictable and extremely difficult to hack, while still fast enough for everyday NHS use.
Dr Hassan Malik, Associate Professor in Computing Sciences at UEA said: "Over the past two years, multiple high‑profile cyber incidents - such as 2024's Synnovis ransomware attack, which cost the NHS around £30m and crippled pathology services - have revealed just how vulnerable UK healthcare systems remain.
"We designed image‑level protection so that even if attackers reach hospital systems, the images themselves stay protected.
"With our approach, every scan becomes its own fortress."
Why this matters for patient safety and NHS resilience
Recent incidents across the NHS have shown that attackers often reach clinical or administrative systems via third‑party software, supplier vulnerabilities, outdated radiology equipment, or cross‑trust data exchange.
Once inside a network, unencrypted medical images can be accessed, copied, or leaked within minutes.
Image‑level encryption changes the situation entirely. Even if attackers breach a server, intercept a transfer, or access a PACS archive, the images remain unreadable without the key.
Jawaid Iqbal, Associate Professor at Riphah International University, Pakistan, said: "This approach helps keep private medical details safe and limits the damage hackers can cause if they get into hospital systems.
"The process meets modern expectations for data security and adds an extra layer of protection, even when older equipment or external suppliers create risks."
The method is designed to complement, rather than replace existing NHS cyber‑security measures, adding an extra layer of protection to some of the most sensitive data the NHS holds.
How the new method works
Chaotic mathematics (chaos theory) describes systems that follow simple rules but react so strongly to tiny changes that their outcomes look completely random. The 'Butterfly Effect' is an example of this, where wingbeats in one place can cause a hurricane in others.
Dr Malik said: "Because of this extreme sensitivity, chaos creates patterns that appear unpredictable, which is why it's useful in encryption, turning data into something that looks random and is extremely hard to reverse without the exact key.
"A major limitation of previous research solutions is speed - many are too slow for real‑time clinical use. Our new method is expressly engineered for NHS environments and can encrypt and decrypt images in around two-to-four seconds."
In addition to this speed, the new method integrates with existing systems, works across image types such as x-rays and MRIs, is lightweight enough for hospital servers, and can handle high-volume environments, such as emergency radiology.
This allows trusts to add strong image‑level protection without redesigning existing infrastructures.
Next steps
The team is now preparing pilot deployments with NHS partners to assess how the system performs across different setups, understand its impact on day‑to‑day radiology workflows, and explore how it can be integrated with national cybersecurity guidance over the long term.
As this next phase begins, NHS trusts, imaging technology vendors, and cybersecurity teams are invited to take part in shaping and evaluating the rollout.
A difficult job for hackers
The chaos-theory-based encryption uses systems that behave in extremely unpredictable ways - making it hard for hackers to guess how an image is being scrambled, using techniques such as:
S-Boxes: special tables that decide how parts of the image are substituted during encryption. Because these S‑Boxes change each time, attackers can't rely on fixed patterns to break the code.
Galois Field arithmetic: a type of mathematical system often used in cryptography. This helps mix and transform the image data in precise but very hard‑to‑reverse ways.
XNOR diffusion: a process that blends each pixel's data with its neighbours. This ensures that even tiny changes ripple across the whole image, hiding any recognisable structure.
'Safe and Quickest Medical Image Encryption using Logistic Map‑Derived S‑Boxes and Galois Field' is published in the Wiley Journal of Computational and Mathematical Methods.
