Malicious Cyber Attacks can Falsify Results of CT and MRI Scanners

Hashem said to Yehoshua, “Do not be frightened or dismayed. Take all the fighting troops with you, go and march against Ai. See, I will deliver the king of Ai, his people, his city, and his land into your hands. Joshua 8:1 (The Israel Bible™)

People who are admitted to a medical center for an emergency or even a planned operation typically worry that the surgical team will be skilled and rested. It doesn’t enter their mind that the hospital may be at risk because of malicious cyber attacks on its sensitive electronic equipment.

However, an Israeli specialist in this growing and increasingly worrisome field has just declared at a meeting of the Radiological Society of North American (RSNA) in Chicago that Internet connectivity of medical imaging equipment raises the potential danger for such attacks.

Ben-Gurion University of the Negev researcher and doctoral candidate Tom Mahler presented his team’s approach to solutions using artificial intelligence (AI) to prevent future attacks.

The RSNA is an association of over 54,000 radiologists, radiation oncologists, medical physicists and related scientists that promotes excellence in patient care and health care delivery through education, research and technological innovation.

Mahler told the participants that the Internet has been beneficial for health care – radiology included – improving access in remote areas, allowing for faster and better diagnoses and greatly improving the management and transfer of medical records and images. Medical imaging devices such as x-ray, mammography, magnetic resonance (MRI) and computerized tomography (CT) machines play a vital role in diagnosis and treatment.

But as these devices are typically connected to hospital networks, they can be potentially susceptible to sophisticated cyberattacks, including ransomware attacks that can disable the machines, said Mahler.

The BGU expert is a researcher at [email protected], an umbrella organization at the university in Beersheba that deals with various aspects of cybersecurity, big data analytics and AI applied research activities. With Beersheba increasingly being called Israel’s Cyber Capital, the umbrella organization is located in the R&D center on the campus’s new hi-tech park.

[email protected] serves as a platform for the most innovative and technologically challenging projects with various industrial and governmental partners. Mahler showed the Chicago audience could bypass security mechanisms of a CT machine to manipulate its behavior. Because CT scanners use ionizing radiation, changes to dose could negatively affect image quality, or – in extreme cases – endanger the health of the patient.

Hacking a system is the first step in determining vulnerabilities and creating solutions. “In the current phase of our research, we focus on developing an anomaly detection system using advanced AI methods to train the system with actual commands recorded from actual equipment. The system will monitor scan protocols to detect whether outgoing commands are malicious before they are executed and will alert or possibly stop if it detects an issue,” said Mahler.

Mahler and his fellow cyber researchers are working on new techniques to secure CT devices based on machine learning. Their approach assumes a host PC is already infected with malware. The machine-learning algorithm analyzes the profile of the patient being scanned, the actual and the outgoing commands before they reach the CT itself. This completely prevents the CT malware attack and infection. They are interested in collaborating with imaging manufacturers or hospital systems for on-site evaluation.

While other solutions have focused on securing the entire hospital network, the solution that his team offers is oriented towards hospital devices, he said. “Our goal is to be the last line of defense for medical imaging devices to prevent as many attacks as possible.”

The BGU approach to detect defects included developing a system using AI to train data consisting of real commands recorded from actual devices. The model learns to recognize typical imaging scan protocols and to predict if a new, unseen command is legitimate or not. If an attacker sends a malicious command to the device, the system will detect it and alert the operator before the command is executed.

He noted that the system is not yet complete, but the results are a significant milestone on the path to securing medical imaging devices.

 The development of medical information devices, from concept to market, takes three to seven years, Mahler noted. Cyber threats can change significantly over that period; this leaves medical imaging devices highly vulnerable. “If health-care manufacturers and hospitals take a pro-active approach, we can prevent such attacks from happening in the first place.” The next step in this process is to collect more scans from different devices and sites to create a more accurate model.

Earlier this year, Mahler said at a Tel Aviv Cybertech Conference that manufacturers of medical imaging devices and healthcare providers must do more to protect equipment in hospitals and in and community health clinics from cyber threats. He showed the relative ease of exploiting “unpatched” medical devices whose owners and operators don’t download ongoing security updates. Mahler predicted that the number of attacks will grow and that there would be more sophisticated skills directed at the mechanics and software that are often installed on outdated PCs.

The Tel Aviv conference was one of the biggest and most important cyber events in the world, attracting thousands of individual participants and delegations from 80 countries.

The study, conducted in collaboration with Clalit Health Services (Israel’s largest health maintenance organization), included a comprehensive risk analysis survey based on the “confidentiality, integrity and availability” risk model, which addresses information security within an organization.

Researchers targeted a range of vulnerabilities in medical and imaging information systems and medical protocols and standards. While they discovered weak spots in many of the systems, they found that CT devices face the greatest risk of cyber attack due to their pivotal role in acute-care imaging.

“In cases where even a small delay can be fatal or where a dangerous tumor is removed or erroneously added to an image, a cyber attack can be fatal,” warned Mahler. “However, strict regulations make it difficult to conduct basic updates on medical PCs, and merely installing anti-virus protection is insufficient for preventing cyber attacks.”

Subscribe to our mailing list