Hospitals warned: Imaging devices open to cyberattacks

Research shows that "unpatched" medical devices whose owners and operators don't download ongoing security updates may be vulnerable to attacks.

By
January 30, 2018 00:46
2 minute read.
Cyber hacking

Cyber hacking (illustrative). (photo credit: INGIMAGE)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analyses from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later Don't show it again

Cybersecurity researchers at Ben-Gurion University of the Negev in Beersheba are warning medical imaging device (MID) manufacturers and healthcare providers to do more to protect medical imaging equipment in hospitals and community clinics from cyberthreats.

In their paper “Know Your Enemy: Characteristics of Cyber-Attacks on Medical Imaging Devices,” the researchers show the relative ease of exploiting “unpatched” medical devices whose owners and operators don’t download ongoing security updates. The devices include computed tomography (CT) and magnetic resonance imaging (MRI) machines. Hackers can also block access to MIDs or disable them altogether as part of “ransom attacks.”

Be the first to know - Join our Facebook page.


The research was released ahead of the Cybertech Conference that began on Monday and will run through Wednesday at the Tel Aviv Fairgrounds.

BGU is the conference’s academic partner.

Cybertech is one of the biggest and most important cyber events in the world, attracting thousands of individual participants and delegations from 80 countries.

MIDs are becoming more connected to hospital networks, which make them vulnerable to sophisticated cyberattacks.

BGU experts predict the number of attacks will grow and foresee more sophisticated skills directed at the mechanics and software that are often installed on outdated PCs.



The study, conducted in collaboration with Clalit Health Services, included a comprehensive risk analysis survey based on the “confidentiality, integrity and availability” risk model, which addresses information security within an organization.

Researchers targeted a range of vulnerabilities in MIDs, medical and imaging information systems, and medical protocols and standards. While they discovered weak spots in many of the systems, they found that CT devices face the greatest risk of cyberattack due to their pivotal role in acute-care imaging.

“In cases where even a small delay can be fatal, or where a dangerous tumor is removed or erroneously added to an image, a cyberattack can be fatal,” warned Mahler. “However, strict regulations make it difficult to conduct basic updates on medical PCs, and merely installing anti-virus protection is insufficient for preventing cyberattacks.”

BGU cyber researchers are working on new techniques to secure CT devices based on machine learning. Their approach assumes a host PC is already infected with malware.

The machine-learning algorithm analyzes the profile of the patient being scanned, the actual and the outgoing commands before they reach the CT itself. This completely prevents the CT malware attack and infection.

In future research, Mahler and his team plan to conduct nearly two dozen attacks to further uncover vulnerabilities and propose solutions to address them.

They are interested in collaborating with imaging manufacturers or hospital systems for in situ evaluation.

Related Content

body illustration
August 15, 2018
Cancer as a chronic illness

By BRIAN BLUM