BGU researchers show how cyber attack could lead to cancer misdiagnosis

A new study shows that hackers can access a patient’s 3-D medical scans to add or remove malignant lung cancer.

By JERUSALEM POST STAFF
April 4, 2019 10:45
1 minute read.
Lung cancer maliciously inserted into image in Ben-Gurion University of the Negev study

Lung cancer maliciously inserted into image in Ben-Gurion University of the Negev study. (photo credit: BGU)

Patients are at risk of being misdiagnosed as a result of a cyber attack, according to new research by a team at Ben-Gurion University of the Negev.

A new study shows that hackers can access a patient’s 3-D medical scans to add or remove malignant lung cancer and overwhelmingly deceive both radiologists and artificial intelligence algorithms used to aid diagnosis. These 3-D medical scans are generally used to diagnose cancer because they provide more definitive evidence than preliminary 2-D X-Rays.
Malicious attackers can tamper with the scans to deliberately cause a misdiagnosis for insurance fraud, ransomware, cyberterrorism or even murder, according to a release disseminated by BGU. Attackers can even automate the entire process in a malware that can infect the hospital’s network.


 “Our research shows how an attacker can realistically add or remove medical conditions from CT and MRI scans,” says Dr. Yisroel Mirsky, lead researcher in the BGU Department of Software and Information Systems Engineering. “In particular, we show how easily an attacker can access a hospital’s network, and then inject or remove lung cancers from a patient’s CT scan.”


To demonstrate the feasibility of the attack, the researchers broke into the network of an actual hospital and intercepted every scan taken by a CT scanner. The team had permission to do so.


When the scans of healthy patients were injected with cancer, the radiologists misdiagnosed 99% percent of them as being malign. When the algorithm removed cancers from actual cancer patients, the radiologists misdiagnosed 94% of the patients as being healthy. 


After informing the radiologists of the attack, they still could not differentiate between the tampered and authentic images, misdiagnosing 60 percent of those with injections, and 87 percent of those with removals.


Mirsky said there are some immediate countermeasures that can mitigate most of the threat, such as enabling encryption between the hosts in the hospital’s radiology network, enabling digital signatures so that scanners sign each scan with a secure mark of authenticity, or implementing digital watermarking. 



Related Content

WATCH OUT for the summer sun
August 15, 2019
On summer challenges of severe asthma patients

By JERUSALEM POST STAFF

Cookie Settings