Researchers Exploit Security Gaps in Medical Imaging Devices

In an attempt to draw attention to the security gaps found in many medical imaging devices, like CT or MRI machines, Israeli researchers have developed a malware specifically designed to exploit the vulnerability.

The Malware Variant 

The malware they created would allow cyber criminals to add realistic, malignant-seeming growths to imaging scans before radiologists and doctors examine them.  As if this wasn’t bad enough, the malware would also grant hackers the ability to remove real cancerous nodules and lesions without detection.  Therefore, if these security gaps go unpatched, this malware could lead to misdiagnosis and possibly a failure to treat patients who need critical and timely care.

Testing Their Theory

To prove this as a legitimate possibility, researchers conducted a blind study involving real CT lung scans, 70 of which were altered by the malware.  Alarmingly, three skilled radiologists misdiagnosed conditions nearly every time. In the case of scans with fabricated cancerous nodules, the radiologists diagnosed cancer 99% of the time. In cases where the malware removed real cancerous nodules from scans, the radiologists said those patients were healthy 94% of the time.

Not only were the radiologists tricked, but the altered scan images were ran against a lung-cancer screening software tool that radiologists often use to confirm their diagnoses.  Surprisingly, it too was unable to identify alterations were made to the images, leading to misdiagnosing the scans with false tumors every time.

The Exploit

The vulnerabilities permitting someone to alter scans reside in the equipment and networks hospitals use to transmit and store CT and MRI images. These images are sent to radiology workstations and back-end databases through what’s known as a picture archiving and communication system (PACS).  It was confirmed, these forms of attacks are able to be executed because hospitals don’t digitally sign the scans, nor do they use encryption within the PACS networks.  Therefore, once an intruder gains access, they are not only able to view the scans, but alter them as well. 

In order to gain access to the PACS network, the attacker would either need physical access to connect a malicious device directly to the network cables, or they could plant malware remotely from the Internet. Based on the information discovered by the researchers, this would not be difficult, as many PACS networks are either directly connected to the Internet or accessible through hospital machines that are connected to the Internet.

To prevent hackers from altering CT and MRI scans, hospitals would need to enable end-to-end encryption across their PACS network and digitally sign all images while also making sure that radiology and doctor workstations are set up to verify those signatures and flag any images that aren’t properly signed.