Intelligent firewall protects hospital patients against cyberattacks

The system, developed by Ben-Gurion University of the Negev, filters out wrong instructions from computers to medical devices.

A woman with breast cancer is receives a CT scan on June 18, 2012.  (photo credit: CHEN LEOPOLD/FLASH90)
A woman with breast cancer is receives a CT scan on June 18, 2012.
(photo credit: CHEN LEOPOLD/FLASH90)
Medical devices that are vulnerable to cyberattacks and computer viruses now have a new line of protection - along with the patients who rely on them - as researchers at Ben-Gurion University of the Negev have developed an intelligent firewall to detect anomalous instructions and sift them out.
Modern hospitals use a range of computerized devices when treating patients, from CT (computed tomography) and MRI (magnetic resonance imaging), to ultrasound machines. The devices are controlled by instructions sent from a host PC, which leaves them vulnerable to manipulation by abnormal or anomalous instructions due to cyberattacks, human error, or a virus in the software of the host PC.
These anomalous instructions are potentially disastrous for patients, leaving them vulnerable to radiation overexposure, manipulation of device components or a false picture within medical images.
However, PhD candidate Tom Mahler, under the supervision of BGU Profs. Yuval Elovici and Prof. Yuval Shahar in the BGU Department of Software and Information Systems Engineering (SISE), has developed an artificial intelligence program that analyses the instructions sent by the host PC to the device, effectively allowing technicians to weed out bad instructions before they are implemented.
The program uses two types of filter, described as a "duel-layer architecture," as Mahler explained: “The architecture focuses on detecting two types of anomalous instructions: (1) context-free (CF) anomalous instructions which are unlikely values or instructions such as giving 100x more radiation than typical, and (2) context-sensitive (CS) anomalous instructions, which are normal values or combinations of values, of instruction parameters, but are considered anomalous relative to a particular context, such as mismatching the intended scan type, or mismatching the patient’s age, weight, or potential diagnosis.
“For example, a normal instruction intended for an adult might be dangerous [anomalous] if applied to an infant. Such instructions may be misclassified when using only the first, CF, layer; however, by adding the second, CS, layer, they can now be detected.”
The research team used 8,277 recorded instructions sent to a CT scanner to test the two layers separately, both under a range of circumstances, using algorithms to re-create real world conditions.
The context free layer alone delivered a 71.6% anomaly detection rate, but the secondary context-sensitive layer boosted this score to between 82% and 99%, depending on the clinical objective or body part.
Dr. Erez Shalom, a senior research scientist at the BGU Medical Informatics Research Center, played a key role in acquiring the CT Scanning data that enabled the new computational architecture.


Mahler will present his research, “A Dual-Layer Architecture for the Protection of Medical Devices from Anomalous Instructions” on August 26 at the 2020 International Conference on Artificial Intelligence in Medicine (AIME 2020).