Version 1.0

Effective date:

Feb 5, 2026

Hardware and software

Network and cybersecurity requirements


Network Performance Requirements

Adequate network performance is critical to ensure timely access to medical images and stable viewer operation. While the system may function under a range of conditions, faster networks with lower latency significantly improve usability and reliability. 


Minimum Network Specifications 

The following minimum requirements must be met for acceptable performance: 

  • Download speed: greater than 50 Mbps 

  • Network latency: less than 30 milliseconds 

Networks that do not meet these thresholds may experience slower image loading times, delayed viewer responsiveness, or degraded user experience. 


Optimal Performance Configuration 

For optimal performance and scalability, the following environment is recommended: 

Component 

Requirement 

Access Method

Webbased viewer launched via an integrated worklist system 

Authentication 

User login through the worklist (e.g., SSO or rolebased authentication) 

Cloud Provider 

Google Cloud Storage or another supported cloud storage service 

Encryption 

AES256 encryption at rest; TLS 1.2 or higher for data in transit 

Integration 

PACS worklist integration with viewer launch support 


Cybersecurity Controls 

The following cybersecurity controls are strongly recommended to protect patient data, ensure system integrity, and support regulatory compliance. 

Log Management 

It is strongly recommended that network, system, and storage (bucket/object) logs are enabled, captured, and retained.

  • Logs should include access events, authentication attempts, and system activity. 

  • Logs should be centralized using a Security Information and Event Management (SIEM) system. 

  • The SIEM system should be configured to:  

    • Generate alerts for securityrelevant events 

    • Detect anomalous behavior that may indicate misuse or breach 

Effective log management supports incident investigation, audit readiness, and ongoing security monitoring. 

Encryption of Data at Rest 

All storage systems containing medical images or associated metadata must be encrypted: 

  • Minimum required encryption: AES256 

  • Encryption method and key management configuration depend on the selected cloud provider. 

Encrypting data at rest protects against unauthorized access in the event of infrastructure compromise. 

Encryption of Data in Transit 

All data transmitted between systems must be protected in transit: 

  • Required protocol: TLS 1.2 or higher 

  • Applies to data transferred:  

    • From PACS systems to cloud storage 

    • Between cloud storage and the Viewer 

    • Between worklist systems and viewer launch endpoints 

Secure transmission ensures patient data confidentiality and integrity while traversing the network. 

Firewall Configuration 

Firewall rules should be configured to limit network access to only required services. 

  • The Viewer requires access only to:  

    • The worklist system 

    • The cloud storage environment hosting imaging data 

  • Inbound and outbound traffic unrelated to these services should be restricted or blocked. 

Network segmentation and leastexposure firewall rules reduce attack surface and improve overall system security. 

User Permissions and Access Control 

User and service access should follow the Principle of Least Privilege (PoLP): 

  • Users must only have access necessary for their clinical or operational role. 

  • Authentication via the worklist system is required prior to launching the Viewer. 

  • Service accounts used for automation or system integration:  

    • Must have restricted permissions 

    • Should only access required storage or compute resources 

  • Rolebasedbased access control (RBAC) is recommended wherever supported. 

Proper access control limits unauthorized activity and reduces the impact of compromised credentials.