fbpx
 
Home / News, Videos & Publications / News / Homeland & Cyber Security /

CT and MRI Machines Are At Risk for Cyber Attacks

CT and MRI Machines Are At Risk for Cyber Attacks

February 5, 2018

Homeland & Cyber Security

ZDNet – Researchers at BGU’s Malware Lab warn that core medical equipment, including CT (computed tomography) and MRI (magnetic resonance imaging) machines, remain vulnerable to cyber attacks.

Dr. Nir Nissim

The BGU researchers recently issued a report, Know Your Enemy: Characteristics of Cyber-Attacks on Medical Imaging Devices, warning medical professionals that this issue is not being taken as seriously as it should — especially as vulnerable devices can place patient health, and potentially lives, at risk.

The report explores how medical imaging devices (MIDs), such as MRI or CT systems, many of which do not receive ongoing security updates, are becoming increasingly vulnerable to cyber attacks.

“CTs and MRI systems are not well-designed to thwart attacks,” says the report’s lead author Dr. Nir Nissim, who simulates MID cyber attacks together with his graduate student research Tom Mahler.

The research was conducted by a team of 17 talented BGU graduate students under the supervision of Dr. Nissim,  Prof. Yuval Elovici, director of Cyber@BGU and Prof. Yuval Shahar, director of BGU’s Medical Informatics Research Center.

Tom Mahler

They found that MIDs are commonly connected to hospital networks, and with this connectivity, an avenue is carved for cyber attackers to exploit vulnerabilities in outdated firmware.

“Vulnerable MIDs may result in attacks which target the devices’ infrastructure and components, which can disrupt digital patient records, and potentially jeopardize patients’ health,” says Dr. Nissim.

Ransomware attacks have proven to be successful against hospitals, and it may be that in the future, MIDs will become blocked or disabled as part of ransomware campaigns.

“In cases where even a small delay can be fatal, or where a dangerous tumor is removed or erroneously added to an image, a cyber attack can be fatal,” says Mahler

“However, strict regulations make it difficult to conduct basic updates on medical PCs, and merely installing antivirus protection is insufficient for preventing cyber attacks,” explains Mahler.

“The MID development process, from concept to market, takes three to seven years. Cyber threats can change significantly over that period, which leaves medical imaging devices highly vulnerable,” he adds.

Hospitals and regulators must come together to prevent what may be fatalities in the healthcare sector one day, should ransomware attacks continue.

BGU Malware Lab researchers are working on new techniques to secure CT devices based on machine learning methods. They are interested in collaborating with imaging manufacturers or hospital systems for in situ evaluation.

Read more on the ZDNet website >>