A group of researchers in Israel has developed a malware that can change medical scan images. The malware exploits vulnerabilities in MRI (Magnetic Resonance Imaging) and CT (Computed Tomography) machines, leading experts to error. The research was conducted by the Department of Information Systems Engineering of the Ben-Gurion University.
The malware changed 70 scan images that were then analyzed by three radiologists. The most frightening is that, in almost 100% of the cases, the malware misled experts by adding malignant cancer to healthy patients and removing the disease from sick patients. In addition, the malware was able to fool a software that works with automatic analysis.
The experiment aimed to demonstrate the vulnerability of hospitals and equipment, but not only that. In the words of the researchers, the test also shows how "an attacker may perform this act in order to stop a political candidate, sabotage research, commit insurance fraud, perform an act of terrorism, or even commit murder”.
To make the situation worse, the threat would have the ability to modify various types of medical exams. “Since 3D medical scans provide strong evidence of medical conditions, an attacker with access to a scan would have the power to change the outcome of the the patient’s diagnosis. For example, an attacker can add or remove evidence of aneurysms, heart disease, blood clots, infections, arthritis, cartilage problems, torn ligaments or tendons, tumors in the brain, heart, or spine, and other cancers”, said the researchers in the article.
The malware was designed based on algorithms and deep learning. And, as The Washington Post reported, it doesn’t need human intervention to keep attacking. Once installed it can continue the work alone.
For the attack to succeed, the malware needs to infect a widely used hospital system called PACS (Picture Archiving and Communication System). The infection could happen, for example, via the internet, with the use of malicious emails and weaponized files.
The solution to fight this kind of attack, according to the researchers, would include the use of encryption, better protection of workstations and the use of digital signatures.