Researchers created the attack to highlight security issues in medical imaging equipment. |
Security researchers in Israel have developed malware
that can add realistic-looking but entirely fake growths to CT and MRI
scans or hide real cancerous nodules that would be detected by the
medical imagining equipment. The software, designed by experts at the
Ben Gurion University Cyber Security Research Center, was created to
highlight the lax security protecting diagnostic tools and hospital
networks that handle sensitive information.
To test out how effective the attack could be, the researchers
conducted a blind study that asked radiologists to diagnose conditions
based on CT lung scans—some of which were altered using the malware.
When presented with scans that featured fake cancers nodules, the
radiologists came back with a cancer diagnosis 99 percent of the time.
When the malware was used to hide real cancer nodules, radiologists
issued a clean bill of health 94 percent of the time.
Even when the radiologists were made aware that the scans were being altered, they still struggled to make a correct diagnosis. When they were given a second set of images with a warning that some had been changed, the medical professionals were still tricked into thinking computer-generated nodules were real 60 percent of the time. When the malware was used to remove nodules, 87 percent of the readings incorrectly determined the patient was healthy. The humans put through the test shouldn't feel too bad, though—screening software used to confirm diagnoses fell for the malware's tricks every single time.
The good news is the malware was created by security researchers and not malicious actors, so this particular tool isn't likely to appear in the wild. But it should raise some red flags for medical professionals. Hospitals have been a target of cyber attacks before, but the stakes are usually more immediate: Ransomware locks up systems until a fee is paid. An attack like the one laid out by the researchers would be more insidious and could create distrust in essential systems.
Even when the radiologists were made aware that the scans were being altered, they still struggled to make a correct diagnosis. When they were given a second set of images with a warning that some had been changed, the medical professionals were still tricked into thinking computer-generated nodules were real 60 percent of the time. When the malware was used to remove nodules, 87 percent of the readings incorrectly determined the patient was healthy. The humans put through the test shouldn't feel too bad, though—screening software used to confirm diagnoses fell for the malware's tricks every single time.
The good news is the malware was created by security researchers and not malicious actors, so this particular tool isn't likely to appear in the wild. But it should raise some red flags for medical professionals. Hospitals have been a target of cyber attacks before, but the stakes are usually more immediate: Ransomware locks up systems until a fee is paid. An attack like the one laid out by the researchers would be more insidious and could create distrust in essential systems.
No comments:
Post a Comment