There’s an ongoing conversation about protecting important medical devices from “malware”, malicious software that can infect a computer system and harm its ability to function. Now, Israeli researchers have found that CT scans are vulnerable to malware that can change their results, and impact the way patients are diagnosed with cancer.
“It’s so discouraging for those of us who are physicians to see people who want to access patient information to do such harm and ill. Just seeing people going in to not only change the data but change the images, to put disease where there isn’t disease, boggles the mind,” Dr. Connie Lehman, Chief of the Breast Imaging Division at Massachusetts General Hospital and Professor of Radiology at Harvard Medical School, tells SurvivorNet. “But it is possible and it’s why hospitals and medical centers need to be so rigorous in protecting patient information.”
“In some ways in this world of artificial intelligence and our fourth industrial revolution, there are so many ways that we are really excited about what it can do for health,” Dr. Lehman continues. “So while pushing the envelope on technology that improves human health, we also have to be really cautious about how those technologies can be used for ill.”
If you’re getting a CT scan, you shouldn’t be unnecessarily alarmed. In this study, researchers show the possible vulnerabilities of CT scan technology by deliberately developing and safely testing malware that can impact CT scan results, but they don’t point to any body of evidence that CT scans are frequently being hacked.
CT scans are one of the primary methods of detecting lung cancer, a disease that’s most common in people over 65, and often goes undetected. Doctors recommend that people between 50 and 80 years old who have smoked, or are otherwise at risk, get screened. When evaluating a CT scan, doctors look for a shadow, that denotes a mass, or a tumor in the lungs.
But the study shows that using malware, it’s possible to alter the images that a CT scan produces. If an attacker wanted to alter a diagnosis, they could, in theory, alter a CT scan to look as if the patient has a tumor that isn’t there, or to look like the patient doesn’t have a tumor where there really is one.
In order to illuminate this problem, researchers created a program that was able to alter the images, used it to change 70 different CT scans, and then showed the scans to skilled radiologists to see how they would interpret them. They were able to trick three radiologists into believing that these were unaltered CT scans, and the radiologists misdiagnosed the disease due to the altered photographs. In cases with fabricated tumors, radiologists misdiagnosed cancer 99 percent of the time. In cases where tumors had been falsely removed from the scans, radiologists incorrectly diagnosed that those patients did not have cancer 94 percent of the time.
Researchers then told the radiologists that the scans were altered, and gave them a second set of twenty scans, half of which were altered, half of which were not. At this point, the radiologists still were tricked into believing that invented tumors were present 60 percent of the time, which led them to make the wrong diagnosis.
According to Dr. Lehman, CT scanning isn’t the only type of imaging that can be altered. “Pathology slides are also at risk. They are being digitized, you can go in and place cancer cells where there aren’t cancer cells. Hospitals need to put every effort into protecting this data in this world we live in, it cannot be stressed enough.”
Learn more about SurvivorNet's rigorous medical review process.
There’s an ongoing conversation about protecting important medical devices from “malware”, malicious software that can infect a computer system and harm its ability to function. Now, Israeli researchers have found that CT scans are vulnerable to malware that can change their results, and impact the way patients are diagnosed with cancer.
“It’s so discouraging for those of us who are physicians to see people who want to access patient information to do such harm and ill. Just seeing people going in to not only change the data but change the images, to put disease where there isn’t disease, boggles the mind,” Dr. Connie Lehman, Chief of the Breast Imaging Division at Massachusetts General Hospital and Professor of Radiology at Harvard Medical School, tells SurvivorNet. “But it is possible and it’s why hospitals and medical centers need to be so rigorous in protecting patient information.”
Read More “In some ways in this world of artificial intelligence and our fourth industrial revolution, there are so many ways that we are really excited about what it can do for health,” Dr. Lehman continues. “So while pushing the envelope on technology that improves human health, we also have to be really cautious about how those technologies can be used for ill.”
If you’re getting a CT scan, you shouldn’t be unnecessarily alarmed. In this study, researchers show the possible vulnerabilities of CT scan technology by deliberately developing and safely testing malware that can impact CT scan results, but they don’t point to any body of evidence that CT scans are frequently being hacked.
CT scans are one of the primary methods of detecting lung cancer, a disease that’s most common in people over 65, and often goes undetected. Doctors recommend that people between 50 and 80 years old who have smoked, or are otherwise at risk, get screened. When evaluating a CT scan, doctors look for a shadow, that denotes a mass, or a tumor in the lungs.
But the study shows that using malware, it’s possible to alter the images that a CT scan produces. If an attacker wanted to alter a diagnosis, they could, in theory, alter a CT scan to look as if the patient has a tumor that isn’t there, or to look like the patient doesn’t have a tumor where there really is one.
In order to illuminate this problem, researchers created a program that was able to alter the images, used it to change 70 different CT scans, and then showed the scans to skilled radiologists to see how they would interpret them. They were able to trick three radiologists into believing that these were unaltered CT scans, and the radiologists misdiagnosed the disease due to the altered photographs. In cases with fabricated tumors, radiologists misdiagnosed cancer 99 percent of the time. In cases where tumors had been falsely removed from the scans, radiologists incorrectly diagnosed that those patients did not have cancer 94 percent of the time.
Researchers then told the radiologists that the scans were altered, and gave them a second set of twenty scans, half of which were altered, half of which were not. At this point, the radiologists still were tricked into believing that invented tumors were present 60 percent of the time, which led them to make the wrong diagnosis.
According to Dr. Lehman, CT scanning isn’t the only type of imaging that can be altered. “Pathology slides are also at risk. They are being digitized, you can go in and place cancer cells where there aren’t cancer cells. Hospitals need to put every effort into protecting this data in this world we live in, it cannot be stressed enough.”
Learn more about SurvivorNet's rigorous medical review process.
