Researchers in Israel have developed fake cancerous nodes malware to draw attention to serious security weaknesses in medical imaging equipment and networks.
The software, designed by experts at the Ben Gurion University Cyber Security Research Center, aimining to draw attention to cybersecurity issues associated with networked medical equipment, and to show how attackers can use malicious programmes to dupe doctors into misdiagnosing patients.
Yisroel Mirsky, Yuval Elovici and two others at the Ben-Gurion University Cyber Security Research Center in Israel who created the malware say that attackers could target a presidential candidate or other politicians to trick them into believing they have a serious illness and cause them to withdraw from a race to seek treatment. The research isn’t theoretical. In a blind study the researchers conducted involving real CT lung scans, 70 of which were altered by their malware, they were able to trick three skilled radiologists into misdiagnosing conditions nearly every time. In the case of scans with fabricated cancerous nodules, the radiologists diagnosed cancer 99 percent of the time. In cases where the malware removed real cancerous nodules from scans, the radiologists said those patients were healthy 94 percent of the time.
Even when the radiologists were made aware that the scans were being altered, they still struggled to make a correct diagnosis.
“Our research shows how an attacker can realistically add or remove medical conditions from CT and MRI scans,” said Dr. Yisroel Mirsky, lead researcher in Ben-Gurion University’s Department of Software and Information Systems Engineering (SISE).
He continued: “In particular, we show how easily an attacker can access a hospital’s network, and then inject or remove [images of] lung cancer from a patient’s CT scan.”
How does this happen?:
According to Yisroel Mirsky, of Ben Gurion University, in Israel, the problem is that hospitals don’t digitally sign scans nor do they encrypt information on PACS systems. Data shared outside the hospital is treated differently than that shared within.
Researchers say their malware was trained through machine learning to quickly evaluate scans passing through a PACS network and to add/remove malignant growths to conform to a patients’ anatomy.