Hospitals, like the rest of us, are extremely online. The equipment we use, the data it discovers and the critical medical information it deciphers can all be connected to the internet — and if it’s connected, it needs to be carefully secured.
A new report from Kim Zetter outlines the research done by Israeli academics to develop malware that infects CT and MRI scanning machines used to diagnose cancer. The malware can be used to manipulate test results and fool doctors, and in a study, it managed to successfully trick radiologists into misdiagnosing patients.
The researchers at Israel’s Ben Gurion University released a video of their work:
It’s important to note that this has never been seen in the wild. Too often discussions about cybersecurity whips laymen readers into a frenzy about an onslaught of threats without proper context.
The context here is that researchers are trying to draw attention to cybersecurity problems in medical devices before real-world incidents occur. Sure, the idea of being misdiagnosed with cancer, as an individual is terrifying, but there are much bigger implications to keep in mind. Zetter offers one chilling example:
When Hillary Clinton stumbled and coughed through public appearances during her 2016 presidential run, she faced critics who said that she might not be well enough to perform the top job in the country. To quell rumors about her medical condition, her doctor revealed that a CT scan of her lungs showed that she just had pneumonia.
But what if the scan had shown faked cancerous nodules, placed there by malware exploiting vulnerabilities in widely used CT and MRI scanning equipment?
Okay, the answer is that Trump would’ve become president, I guess, but you get the idea.
In this case, the researchers say there are practical steps that hospitals and medical equipment vendors can take to secure themselves and their patients’ data. Scans should be cryptographically signed to guarantee their accuracy, researcher Yisroel Mirsky told the Washington Post, and hospitals need to be encrypting data to stop intruders on their network from viewing and altering scans.
Hospitals, notorious for running old machines and outdated software, have for years been worried about cybersecurity threats. Experts have observed hackers infecting medical devices in hospitals, a threat that can immediately put a patient’s life at risk.
This is a type of attack we’ve never seen before and, if the good guys are thinking about it, hospitals need to pay attention before reality hits like a bag of bricks.