Hospitals warned: Imaging devices open to cyberattacks

Research shows that "unpatched" medical devices whose owners and operators don't download ongoing security updates may be vulnerable to attacks.

Cyber hacking (illustrative) (photo credit: INGIMAGE)
Cyber hacking (illustrative)
(photo credit: INGIMAGE)
Cybersecurity researchers at Ben-Gurion University of the Negev in Beersheba are warning medical imaging device (MID) manufacturers and healthcare providers to do more to protect medical imaging equipment in hospitals and community clinics from cyberthreats.
In their paper “Know Your Enemy: Characteristics of Cyber-Attacks on Medical Imaging Devices,” the researchers show the relative ease of exploiting “unpatched” medical devices whose owners and operators don’t download ongoing security updates. The devices include computed tomography (CT) and magnetic resonance imaging (MRI) machines. Hackers can also block access to MIDs or disable them altogether as part of “ransom attacks.”
The research was released ahead of the Cybertech Conference that began on Monday and will run through Wednesday at the Tel Aviv Fairgrounds.
BGU is the conference’s academic partner.
Cybertech is one of the biggest and most important cyber events in the world, attracting thousands of individual participants and delegations from 80 countries.
MIDs are becoming more connected to hospital networks, which make them vulnerable to sophisticated cyberattacks.
BGU experts predict the number of attacks will grow and foresee more sophisticated skills directed at the mechanics and software that are often installed on outdated PCs.
The study, conducted in collaboration with Clalit Health Services, included a comprehensive risk analysis survey based on the “confidentiality, integrity and availability” risk model, which addresses information security within an organization.
Researchers targeted a range of vulnerabilities in MIDs, medical and imaging information systems, and medical protocols and standards. While they discovered weak spots in many of the systems, they found that CT devices face the greatest risk of cyberattack due to their pivotal role in acute-care imaging.
“In cases where even a small delay can be fatal, or where a dangerous tumor is removed or erroneously added to an image, a cyberattack can be fatal,” warned Mahler. “However, strict regulations make it difficult to conduct basic updates on medical PCs, and merely installing anti-virus protection is insufficient for preventing cyberattacks.”
BGU cyber researchers are working on new techniques to secure CT devices based on machine learning. Their approach assumes a host PC is already infected with malware.
The machine-learning algorithm analyzes the profile of the patient being scanned, the actual and the outgoing commands before they reach the CT itself. This completely prevents the CT malware attack and infection.
In future research, Mahler and his team plan to conduct nearly two dozen attacks to further uncover vulnerabilities and propose solutions to address them.
They are interested in collaborating with imaging manufacturers or hospital systems for in situ evaluation.