Researchers Create Fake Malware to Manipulate Scans with Malignant Growths

Israeli researchers used machine learning to develop a malware attack to be used to point out the vulnerabilities in medical equipment and infrastructure, writes The Washington Post. The malware is not in the wild, but that doesn’t mean hackers are not working on something similar.

The malware, designed to focus lung cancer scans, allows third parties to mislead radiologists by manipulating the scans. Because of vulnerabilities in the picture archiving and communication system (PACS), attackers can insert, or remove, cancerous tumors in CTs and MRI images.

This could have a deadly effect on patients. If cancerous nodes are inserted when the patient is healthy, cancer treatment could have life-threatening results. A similar scenario can occur if a cancer patient is misdiagnosed as healthy and doesn’t receive treatment.

Yisroel Mirsky, Yuval Elovici and two other researchers from the Ben-Gurion University Cyber Security Research Center in Israel wanted to emphasize that many hospitals still run on vulnerable equipment and assume their internal network is bulletproof.

According to Mirsky, the malware can also alter images of other medical imagery and conditions such as brain tumors, heart disease, blood clots, spinal injuries, bone fractures, ligament injuries and arthritis, Mirsky said. He says the main problem is hospitals “don’t digitally sign the scans to prevent them from being altered without detection and don’t use encryption on their PACS networks, allowing an intruder on the network to see the scans and alter them,” the newspaper writes.

A demonstration showed how 70 CT lung scans were infected with malignant growths, deceiving three radiologists who gave a cancer diagnosis in almost all situations. Not only did the malware trick the experts, but it also manipulated a lung-cancer screening software tool.

“They’re very, very careful about privacy … if data is being shared with other hospitals or other doctors,” Mirsky said, “because there are very strict rules about privacy and medical records. But what happens within the [hospital] system itself, which no regular person should have access to in general, they tend to be pretty lenient [about]. It’s not … that they don’t care. It’s just that their priorities are set elsewhere.”

The video below gives a clear example of how the attack works: