Fake Cancerous Nodes Trick Radiologists
April 3, 2019
The Washington Post – When Hillary Clinton stumbled and coughed through public appearances during her 2016 presidential run, she faced critics who said that she might not be well enough to perform the top job in the country. To quell rumors about her medical condition, her doctor revealed that a CT scan of her lungs showed that she just had pneumonia.
But what if the scan had shown faked cancerous nodules, placed there by malware exploiting vulnerabilities in widely used CT and MRI scanning equipment? Ben-Gurion University researchers say they have developed such malware to draw attention to serious security weaknesses in critical medical imaging equipment used for diagnosing conditions and the networks that transmit those images — vulnerabilities that could have potentially life-altering consequences if unaddressed.
Prof. Yuval Elovici, director of the Telekom Innovation Labs@BGU and Cyber@BGU; Dr. Yisroel Mirsky, project manager at Cyber@BGU; and two others at Cyber@BGU created malware that lets attackers automatically add realistic, malignant-seeming growths to CT or MRI scans before radiologists and doctors examine them. Or, it could remove real cancerous nodules and lesions without detection, leading to misdiagnosis and possibly a failure to treat patients who need critical and timely care.
The BGU researchers say that attackers could target a presidential candidate or other politicians to trick them into believing they have a serious illness and cause them to withdraw from a race to seek treatment.
The research isn’t theoretical. In a blind study the researchers conducted, involving real CT lung scans, 70 of which were altered by their malware, the researchehttps://arxiv.org/abs/1901.03597rs were able to trick three skilled radiologists into misdiagnosing conditions nearly every time. In the case of scans with fabricated cancerous nodules, the radiologists diagnosed cancer 99 percent of the time. In cases where the malware removed real cancerous nodules from scans, the radiologists said those patients were healthy 94 percent of the time.
Even after the radiologists were told that the scans had been altered by malware and were given a second set of 20 scans, half of which were modified, they still were tricked into believing the scans with fake nodules were real 60 percent of the time, leading them to misdiagnoses involving those patients. In the case of scans where the malware removed cancerous nodules, doctors did not detect this 87 percent of the time, concluding that very sick patients were healthy.
The researchers ran their test against a lung-cancer screening software tool that radiologists often use to confirm their diagnoses and were able to trick it into misdiagnosing the scans with false tumors every time.
“I was quite shocked,” said Dr. Nancy Boniel, a radiologist in Canada who participated in the study. “I felt like the carpet was pulled out from under me, and I was left without the tools necessary to move forward.”
The study focused on lung cancer scans only. But the attack would work for brain tumors, heart disease, blood clots, spinal injuries, bone fractures, ligament injuries, and arthritis, Dr. Mirsky said.
The vulnerabilities that would allow someone to alter scans reside in the equipment and networks hospitals use to transmit and store CT and MRI images. These images are sent to radiology workstations and back-end databases through what is known as a picture archiving and communication system (PACS). Dr. Mirsky said the attack works because hospitals don’t digitally sign the scans to prevent them from being altered without detection and don’t use encryption on their PACS networks, allowing an intruder on the network to see the scans and alter them.
“They’re very, very careful about privacy…if data is being shared with other hospitals or other doctors,” Dr. Mirsky said, “because there are very strict rules about privacy and medical records. But what happens within the [hospital] system itself, which no regular person should have access to in general, they tend to be pretty lenient [about]. It’s not … that they don’t care. It’s just that their priorities are set elsewhere.”