Malware that can inject fake cancerous nodes into CT scans created by security researchers

Proof-of-concept malware created to highlight poor security of networked medical equipment

A team of security researchers at Ben-Gurion University's Cyber Security Research Centre in Israel claim to have created proof-of-concept malware that can alter computed tomography (CT) scans making it appear as if a sick patient is healthy or that a healthy patient has cancer.

The aim of the research was to draw attention to cybersecurity issues associated with networked medical equipment, and to show how attackers can use malicious programmes to dupe doctors into misdiagnosing patients.

According to the researchers, the malware can add realistic, cancerous lesions or nodules to MRI or CT scans before those scans are examined by radiologists and doctors.

The malware can also remove real malignant growths in scans without detection, leading to misdiagnoses.

In the study, the research team demonstrated the attack by getting the permission from a hospital to secretly hack a CT scanning machine and network.

They used a USB-to-Ethernet device and connected it to a hospital workstation to take control of the machine.

Researchers then altered 70 CT lung scans using the malware.

When those scans were shown to radiologists, they diagnosed cancer 99 per cent of the time in the scans in which fake cancerous nodules had been injected.

In the scans in which real malignant nodules were removed by the malware, radiologists described patients as healthy 94 per cent of the time.

It was then disclosed to the doctors' team that all scans shown to them were had been altered by a computer programme.

Again, they were given a set of 20 scans, in which half were modified scans. Even then, doctors diagnosed cancer 60 per cent of the time in scans with fake modules.

In case where real malignant nodules were removed by the malware, doctors could not detect the changes 87 per cent of the time.

"Our research shows how an attacker can realistically add or remove medical conditions from CT and MRI scans," said Dr Yisroel Mirsky, lead researcher in Ben-Gurion University's Department of Software and Information Systems Engineering (SISE).

He continued: "In particular, we show how easily an attacker can access a hospital's network, and then inject or remove [images of] lung cancer from a patient's CT scan."

Researchers say their malware was trained through machine learning to quickly evaluate scans passing through a PACS network and to add/remove malignant growths to conform to a patients' anatomy.

The findings of the study are published in Arxiv.

The AI and Machine Learning Awards are coming! In July this year, Computing will be recognising the best work in AI and machine learning across the UK. Do you have research or a project that you think deserves wider recognition? Enter the awards today - entry is free.