Blog

High-end Medical Imaging Equipment At Risk Of Cyber Attacks?

Healthcare industry has been one of hackers’ favorite targets for quite some time now.In order to prove the damage that could be caused by malicious entities to patients, far beyond just stealing their data, few data scientists in Israel took matters into their own hands to bring to light the looming threats of the serious security weaknesses in medical imaging equipment and networks.

Who are the scientists and what did they do?

Yisroel Mirsky, Yuval Elovici at the Ben-Gurion University and two other associates at their Cyber Security Research Center in Israel developed malware using machine learning techniques with the aim of highlighting security issues in critical medical imaging equipment used for diagnosing conditions and also pointed the issues in networks that transmit those images — vulnerabilities that could have potentially life-affecting consequences if left unaddressed.

The software that was specifically designed to disrupt, damage, or gain unauthorized access, would let attackers modify CT or MRI scans before radiologists and doctors could examine them. They could remove real cancerous nodules and lesions before detection, thus allowing a high probability of misdiagnosis and possibly a failure to treat patients who need critical and timely care.

They used machine learning to rapidly assess scans passing through a Picture Archiving And Communication System (PACS). They could adjust and scale false tumors to conform to a patient’s unique anatomy and dimensions to make them more realistic. This damage mechanism can be automated so that once the malicious software is installed in a hospital’s network, it will operate independently to search and alter scans, to the extent of even searching the records of a specific patient.

Is it just theoretical knowledge?

No, it is not. The data scientists experimented real CT scans, 70 of which were modified by their malicious software, and they were able to trick three skilled radiologists into making the wrong diagnosis nearly every time.

In the case of scans in which cancerous nodules were fabricated/added by modification, the radiologists diagnosed cancer 99 percent of the time.

In cases where the malicious software removed and modified real cancerous scan areas from scans, the radiologists said those patients were healthy 94 percent of the time.

What are the consequences?

The researchers ran their test against a lung-cancer screening software tool that radiologists often use to confirm their diagnoses and were able to trick it into misdiagnosing the scans with false tumors every time.

The study focused on lung cancer scans only. However, the software can modify reports and scans for brain tumors, heart disease, blood clots, spinal injuries, bone fractures, ligament injuries, and arthritis, says Mirsky.

Such attackers could choose to modify random scans to create chaos and mistrust in medical equipment, or they could target specific patients, searching for scans tagged with a specific patient’s name or ID number. By doing so, they can prevent patients from receiving critical care or cause others who are not ill to receive unwarranted tests and treatment. The attackers could alter follow-up scans after treatment begins to falsely show tumors spreading or shrinking. It could only be left to the imagination of a hacker of the kind of havoc they would want to create!

Where do vulnerabilities reside?

• The vulnerabilities that would allow someone to alter scans reside in the equipment and networks these hospitals use to transmit and store CT and MRI images.
• These images are sent to radiology workstations and back-end databases through what’s known as a Picture Archiving and Communication System (PACS).
• The attack succeeds because hospitals don’t digitally sign the scans to prevent them from being altered without detection.
• The attack also works because hospitals don’t use encryption technology in their networks, thus leaving the door open for allowing an intruder on the network to see the scans and alter them.
• Encryption is still generally not used for compatibility reasons with the older and outdated systems that don’t have the ability to decrypt or re-encrypt images.
• The networks are either directly connected to the Internet or accessible through hospital machines that are connected to the Internet, becoming vulnerable without any firewall or other protection.
• To get the malicious software onto a network, attackers would either need physical access to the network — to connect a malicious device directly to the network cables — or they could plant it remotely from the Internet.

How to prevent this from happening

To prevent someone from accessing and altering Medical Imaging scans, ideally, hospitals would have to enable end-to-end encryption across their networks and digitally sign all images while also making sure that processes are set up to verify those signatures and highlight any images that aren’t properly signed. All loose ends in the network should be tied up and the legacy network should be upgraded to the latest secure one.

Defense is believed to be the only best offense. And in today’s world with cyber criminals getting innovative with their attacks, proactively protecting yourself against them is the best way to stay safe and secure.