A TEAM OF SECURITY BOFFINS have created proof of concept malware that can inject fake cancerous nodes into computed tomography (CT) scans.
The researchers, from Ben-Gurion University's Cyber Security Research Centre in Israel, say the aim of the research was to draw attention to cybersecurity issues associated with networked medical equipment and to demonstrate how attackers can use malicious programmes to dupe doctors into misdiagnosing patients.
According to the researchers, the malware can add realistic, cancerous lesions or nodules to MRI or CT scans before those scans are examined by radiologists and doctors. It can also remove real malignant growths in scans without detection, leading to misdiagnoses.
In the study, the research team demonstrated the attack after getting permission from a hospital to secretly hack a CT scanning machine and network.
They used a USB-to-Ethernet device and connected it to a hospital workstation to take control of the machine, and then altered 70 CT lung scans using the malware.
When those scans were shown to radiologists, they diagnosed cancer 99 per cent of the time in the scans in which fake cancerous nodules had been injected. In the scans in which real malignant nodules were removed by the malware, radiologists described patients as healthy 94 per cent of the time.
It was then disclosed to the doctors' team that all scans shown to them were had been altered by a computer programme.
"Our research shows how an attacker can realistically add or remove medical conditions from CT and MRI scans," said Dr Yisroel Mirsky, lead researcher in Ben-Gurion University's Department of Software and Information Systems Engineering (SISE).
He continued: "In particular, we show how easily an attacker can access a hospital's network, and then inject or remove [images of] lung cancer from a patient's CT scan."
Researchers say their malware was trained through machine learning to quickly evaluate scans passing through a PACS network and to add/remove malignant growths to conform to a patients' anatomy.
The findings of the study have been published in Arxiv. µ
Much a (dil)do about nothing
Neither the time nor the face
The tiny tweaks are coming thick and fast now
Gitting more secure