1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Security researchers fake cancerous nodes in CT scans with machine learning

By Cal Jeffrey · 9 replies
Apr 5, 2019
Post New Reply
  1. Israeli researchers created malware that can alter CT and MRI scans well enough to fool radiologists into misdiagnosis. The deep-learning software can create realistic looking fake malignant tumors or can hide real growths from scans in close to real time.

    "We implement the attack using a 3D conditional GAN and show how the framework (CT-GAN) can be automated," said Yisroel Mirsky, Tom Mahler, Ilan Shelef, and Yuval Elovici in their study. "Although the body is complex and 3D medical scans are very large, CT-GAN achieves realistic results which can be executed in milliseconds. "

    In a blind study, using 70 altered lung scans and three experienced radiologists, the software tricked them almost every time. In instances where they were looking at faked growths, they delivered a cancer diagnosis 99 percent of the time. In scans where the malware had removed actual tumors, the radiologist gave the all clear 94 percent of the time.

    The radiologists were told that they had been tricked and were given a second chance with 20 more scans with half being altered. They were wrong 60 percent of the time with injected nodules and 87 percent of the time with removed growths.

    The researchers then ran tests against software designed to detect lung cancer in images, which radiologist use to confirm their own diagnosis. It misdiagnosed faked nodules 100 percent of the time.

    “I was quite shocked,” Nancy Boniel, a radiologist in Canada who participated in the study told the Washington Post. “I felt like the carpet was pulled out from under me, and I was left without the tools necessary to move forward.”

    Yisroel Mirsky and his team at the Ben-Gurion University Cyber Security Research Center in Israel created the malware to highlight the lack of security protecting diagnostic equipment and other hospital systems. The software was designed specifically for this study, so it is not something that is a present danger to the health care industry. However, they do see it as a clear illustration of risks hospitals, doctors, and radiologists are not prepared for.

    The researchers are concerned that such attacks could be carried out to interfere with political opponents or worse.

    “An attacker may perform this act in order to stop a political candidate, sabotage research, commit insurance fraud, perform an act of terrorism, or even commit murder,” Mirsky et al. wrote in their study published by Cornell University.

    They say malicious parties could pull off an attack using a man-in-the-middle device planted near the scanner. They demonstrate such an attack in their video (below) using a Raspberry Pi 3 that they picked up for about $40. Since the data transmitted from the CT or MRI scanner is not encrypted, the attackers can easily falsify scans, which are then sent back to the receiving server.

    Fixing the problem would seem as simple as just encrypting data across the network. However, the FDA’s Associate Director for Science and Strategic Partnerships Suzanne Schwartz MD says it is not that simple.

    “It’s going to require changes that go well beyond devices, but changes with regards to the network infrastructure,” said Schwartz. “Many hospitals don’t have the money to invest in more secure equipment, or they have 20-year-old infrastructure that doesn’t support newer technologies. This is where engaging and involving with other authorities and trying to bring the entire community together becomes really important.”

    As far as the consequences to a victim of such an attack, it would take more than fake scans to put them under the knife or in chemotherapy. However, there are plenty of side effects that could create trouble for patients.

    “There are a couple of steps before we just take someone to surgery [or administer chemo],” said UC San Diego emergency room physician Christian Dameff. “But there is still harm to the patient regardless. There is the emotional distress [from learning you may have cancer], and there are all sorts of insurance implications.”

    The security of diagnostic equipment is clearly something that the industry must address, but the solutions are not a simple fix.

    Permalink to story.

    Last edited by a moderator: Apr 6, 2019
  2. psycros

    psycros TS Evangelist Posts: 2,669   +2,428

    Don't worry, pretty soon all the MRI machines will be IoT so you won't even need to sneak a device into the physical network. All part of the industry strategy of:

    1. Connecting everything with zero security.
    2. Push security solutions to fend off the avalanche of malware.
    3. Spy on customers in their homes and businesses, selling their most private information to anyone and everyone.

    That's one hardware sale and two recurring revenue streams! Screw em' three ways from Sunday, and every other day too!
  3. Uncle Al

    Uncle Al TS Evangelist Posts: 5,292   +3,701

    It's fast becoming obvious that NO medical device should be connected to the internet at all. Diagnostic information that needs to be shared should be moved via "sneaker net" to a general machine that is on the internet for that purpose, but original source equipment must stay isolated in order to protect the patient and, of course, the liability of the doctor/hospital ......
  4. lazer

    lazer TS Addict Posts: 235   +56

    With all due respect to the people who worked on this software, I really find it difficult to see people trying to mess with CT's etc....

    What money is there in it for them?
  5. Theinsanegamer

    Theinsanegamer TS Evangelist Posts: 1,529   +1,739

    Not money, but imagine if you were trying to "eliminate" a political opponent. The ability to generate fake cancer reports in said people would allow for great harm to them, as we know those treatments are harsh on the human body.

    A far flung idea, but I'll bet SOME less-then-scrupulous politician already thought of this exact scenario.
  6. Markoni35

    Markoni35 TS Booster Posts: 149   +69

    Israelis made a malware. What a surprise. They've been making them for such a long time, I wouldn't be surprised that most of nowadays CT devices already have it built-in. With the purpose of misdiagnosing cancer and increasing the sales of chemotherapy. Guess who makes the biggest money out of chemotherapy? That's right.
    jtveg and PEnnn like this.
  7. PEnnn

    PEnnn TS Enthusiast Posts: 76   +78

    As if some hospitals and unscrupulous doctors need another reason or more help to fleece the patients or insurance companies....thanks for showing them how!!
    jtveg likes this.
  8. pcnthuziast

    pcnthuziast TS Evangelist Posts: 569   +174

    Once humanity has perished, it will be as if we never existed.
  9. jtveg

    jtveg TS Booster Posts: 57   +18

    Well of course the images would fool even the best radiologists. They don't expect or ever imagined that malware and hackers would deliberately manipulate the images.

    It is quite disconcerting that due to the necessity of the complexity of these machines and their reliance on complex software is what makes them vulnerable to such bizarre attacks.

    At least they know about it now and engineers can work on contingencies to prevent such attacks.
  10. jtveg

    jtveg TS Booster Posts: 57   +18

    I was going to say something similar but didn't want to be accused of being racist or anti semitic. I bet you Mossad's hackers make China's and Russia's look like school kids.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...