Researchers used a malware attack
to deceive both radiologists and
AI algorithms into misdiagnosing
CT scans

Researchers orchestrate malware attack to expose imaging vulnerabilities

April 08, 2019
by John R. Fischer, Senior Reporter
A radiologist can misdiagnose a scan for a number of reasons. Maybe they missed an abnormality, or judged the test as normal when there was actually an issue, or identified one problem but not another. And while the introduction of artificial intelligence and machine learning has instilled greater confidence in diagnoses, does the addition of these tools mean that radiologists can’t still get the wrong result? Or even be deceived into getting the wrong one?

Cybersecurity researchers at Ben-⁠Gurion University of the Negev in Israel are saying yes to this last question, after using a malware attack to trick both radiologists and artificial intelligence algorithms into making wrong diagnoses in a series of CT scans.

“Many researchers have warned that AI cannot be fully trusted because they can be easily fooled (especially in the case of image recognition),” Dr. Yisroel Mirsky, lead researchers in the BGU department of software and information systems engineering (SISE) and project manager and cybersecurity researcher at BGU’s National Cyber Security Research Center, told HCB News. “Researchers are currently working hard to make these algorithms robust to 'adversarial attacks'. But until then, we have the responsibility to double check the decisions of AI to ensure that there is no foul play, and use medical AI as a tool for assisting the detection process, but not replace it.”

Using two 3D-conditional, generative adversarial networks (GAN), the researchers – with permission – hacked into a hospital’s internal network, and proceeded to add or remove malignant lung cancer findings and replace them with medical imagery from the internet. They then hired three radiologists to make diagnoses for 70 tampered and 30 authentic CT scans.

The three misdiagnosed 99 percent of healthy scans inserted with cancer imagery as malignant, and 94 percent of patients with cancer as healthy, even after applying algorithms to remove malignancies from the scans of those with cancer.

Once informed of the attack, the radiologists were still unable to tell the difference between the tampered and authentic images, misdiagnosing 60 percent of those with images inserted, and 87 percent of those that had cancers removed.

While confident that mistakes such as these will encourage providers to seek out more ways to combat cyberattacks, Mirsky does not see them reaching the same level of protection as other industries anytime soon.

“I think providers will continue to increase their efforts, especially in the wake of the number of successful cyberattacks we have seen over the last year,” he said. “I don't, however, foresee healthcare matching the security of other industries in the near future. This is because of the logistical and economical difficulty of transitioning active systems to newer and more secure network topologies and technologies.”

The threat of malware is a rising concern within the healthcare community, posing the threat of misdiagnoses in deliberate attempts to commit insurance fraud, ransomware, cyberterrorism, and even murder. Specialist insurance and reinsurance market Lloyd recently released a report through its Cyber Risk Management (cyRiM) project, which found that the onset of an international malware attack in the form of ransomware risks deals an $89 billion blow to the U.S. economy.

To combat these attacks, the Israeli team recommends installing encryptions between hosts in a hospital’s radiology network, enabling digital signatures so that scanners produce a secure mark of authenticity on each scan for verification, and adopting digital watermarking to add hidden signals to indicate the loss of integrity when tampering occurs, among other tactics.

Mirsky, however, says the adoption of these and other useful cybersecurity measures is slow and expects it to remain so.

“For medical staff, it is likely that they are more focused on saving lives than being HIPAA compliant,” he said. “Moreover, although the HIPAA legislation was put in place to keep patients' medical information safe, it does not translate into enhancing the security of the network and its devices. As a result, determined attackers will ultimately be able access the data. I also think hospitals are more focused on attacks from outside, such as the Internet, than from within. As a result, the internal network security, which is assumed to be inaccessible to outsiders, is lagging far behind, allowing any successful breach that can lead to serious consequences.”

Echoing this sentiment is Xu Zou, the CEO and co-founder of IoT security and analytics provider Zingbox, who describes the study as a "wake up call" for providers to implement more than just partial solutions such as precautions and best practices.

"Healthcare providers must have security solutions in-place designed, to detect sophisticated attacks as well as overcome the security limitations of medical devices, many of which cannot support on-device security measures," he said. "With the malware in this study refined via machine learning, security solutions leveraging the same technology can be used to identify the interception of data as well as the presence of a malicious device or software. Understanding the normal intended behavior of a medical device, including which devices it communicates with, is a critical component of securing connected medical devices. Doing this manually simply does not scale, requiring the need for artificial intelligence, machine learning, and automated 24/7 continuous monitoring."