New malware can create or erase cancer nodes in CT scans, fool radiologists

File this one in the VERY SCARY department. What if you went to the hospital for a CT scan and found that the scan revealed cancer nodules? Scary enough on its own, but what if the scan had been edited to show those cancer nodules by malware? That is exactly what has happened in a hospital in Israel. Researchers working with a local hospital created malware that was able to fool radiologists and the computer-assisted AI that is used to help confirm physician diagnosis.

A study was performed focusing on the CT scans of lung cancer scans. Researchers Yisroel Mirsky, Yuval Elovici at the Ben-Gurion University Cyber Security Research Center in Israel created malware that would let an attacker automatically add realistic cancer growths to a CT or MRI scan before they had been examined by physicians. It could also remove existing cancer nodules from images.

The study asked three radiologists from a local hospital to review the altered scans. The scans that had been altered to show cancer where none actually existed, the radiologists were fooled 99 percent of the time. The scans that had been edited to remove real cancer nodules, the physicians were said the patients were healthy an astounding 94 percent of the time.

The next step was to tell the radiologists that there were edited scan and ask them to detect which ones had been edited. Sixty percent failed to catch the scans with added nodules. Those scans where the cancer nodules had removed still fooled the radiologists eighty-seven percent of the time.

Computer AI also tricked by malware

The hospital uses a software screening tool that radiologists use to confirm their own diagnoses. The researchers ran their altered scans through this tool and it was fooled nearly every single time.

“I was quite shocked. I felt like the carpet was pulled out from under me, and I was left without the tools necessary to move forward.”

Dr. Nancy Boniel, a radiologist who participated in the study.

Many possibilities for alteration

Attackers could also show that cancer cells were enlarging or shrinking for patients engaged in therapies. This could alter treatment options by physicians based on these faulty readings. This could prevent patients who needed special care from receiving it or cause others to receive therapies and biopsies that they didn’t need.

This would cause a widespread loss of faith in medical services.

The malware could be used to randomly edit patient scans or target specific patients.

Why is this happening?

Hospital PACS systems don’t employ digital signatures on images of scans. A signature would show that a file had been edited. In addition, these systems do not employ encryption to protect the images. Once an attacker has access to the hospital network, there is little that would stop this type of malware from working.

While encryption is available for some PACS systems today, it is generally not employed because it isn’t compatible with other systems. That prevents the encryption from being deployed.

The researchers also found that many PACS networks are connected directly to the Internet or are connected to machines that are themselves, connected to the Internet. Because of this, an attacker could potentially perform all of these attacks remotely.

The research was done to highlight the vulnerabilities in the imaging and PACS systems. Manufacturers need to employ encryption and digital signatures of images to protect from this sort of attack. The more healthcare becomes digital, the more we are likely to see these sorts of attacks.

Malware impacting elections?

Imagine a scenario where a presidential candidate had their scans altered to show cancer that wasn’t actually present? Would that force the candidate to withdraw from the race? This creates a new scenario where an individual’s health records could be altered in a way to have far-reaching implications.