Malware That Is Capable Of Altering CT Scans

Lately, there are many growing concerns about hackers being able to gain access to medical devices and carry out attacks that later end up causing harm to patients.  Right now, there is malware that is capable of exploiting vulnerabilities in CT and MRI scanners in order to either add or delete tumors from the imaging. In our research, Trinsic Technologies has identified a report where researchers at the Ben Gurion University Cybersecurity center in Israel created malware in order to demonstrate just how easy it can be to be able to exploit vulnerabilities in medical imaging equipment.

The malware is not only capable of adding tumors to medical images but it could also be used to remove real tumors. So, what would be a real world example of how this could impact a citizen?  For example, this could be conducted for political reasons whereby the addition of tumors to a medical image could prevent a candidate from running for office. The removal of real tumors from the medical images, on the other hand, could prevent individuals from receiving treatment from a life-threatening illness. This technique can also be used by hackers who are looking to commit insurance fraud, cyber terrorism, and even sabotaging of medical trials.  The costs are real from both a monetary and a personal health standpoint.

This malware uses deep learning and a “3D conditional GAN” in order to carry out the attack and data manipulation. The GAN is a machine learning system known as a Generative Adversarial Network which typically uses two neural networks to generate authentic-looking photographs. This is what enabled Ben Gurion researchers to manipulate CT scans in order to add or remove cancer cells before being presented to three expert radiologists for evaluation.

The researchers used real lung scans and went ahead to manipulate 70 of them remotely using the malware.  These radiologists misdiagnosed conditions almost every time. Cancer was diagnosed 99% of the time every time fake cancerous nodules were added. When the cancerous nodules were removed, the researchers diagnosed patients as being healthy 94% of the time. When the radiologists were made aware of the manipulation, they still diagnosed cancer 60% of the time and no cancer 87% of the time.

To replicate these scenarios, hackers would need to install a “man-in-the-middle” device, and also have physical access to the clinic or hospital where the scanner was located. This device could then be placed near the scanner, for example during the night when there are very minimal chances of detection. Once this device is in place, then it would make it possible for the CT scans to be intercepted and manipulated. Trinsic has estimated it would only costa about  $40 to replicate the device used in this study. The researchers created the device from a Raspberry Pi 3 that was connected to a USB adapter. Loaded with Raspbian OS, this device was configured as a network bridge and then set up as a Wi-Fi access point. This made it possible for the device to intercept any scan data while it was being transmitted to the PAC system. This meant that the attacker would gain full access and control over the scan data and also making them capable of altering it at will; hence, being in a position to create or remove tumors while maintaining the same anatomy as the original scans.

It is worth noting just how useful and lucrative malware like this could be for hackers or criminals who target specific people undergoing testing. Recently, Trinsic, and other IT admins, have witnessed a number of ransomware being capable of infecting hospital computers and impacting patient treatment. This malware is an extreme case but it also highlights how important it is that medical facilities treat network security with the seriousness it deserves.  It is not enough to simply install tools and software to prevent intrusion on the network. It is now just as important to play offense by using tools to scan the network for unusual activity and identifying breaches. It is also important to input training programs for users to protect against Phishing and other techniques hackers use to initially breach the system.

If you would like to know more about what can be done to protect your network then we encourage you to contact an IT security professional or reach out to us at Trinsic Technologies.

Whether you’re looking for a dynamic partner on your next tech project, managed IT service providers, or are interested in joining our team of seriously awesome technicians — submit a contact form and we’ll be in touch!

Other blogs