Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake Cancerous Nodes in CT Scans, Created By Malware, Trick Radiologists (washingtonpost.com)

Posted by msmash on from the security-woes dept.

Researchers in Israel created malware to draw attention to serious security weaknesses in medical imaging equipment and networks. An anonymous reader shares a report: Researchers in Israel say they have developed malware to draw attention to serious security weaknesses in critical medical imaging equipment used for diagnosing conditions and the networks that transmit those images -- vulnerabilities that could have potentially life-altering consequences if unaddressed. The malware they created would let attackers automatically add realistic, malignant-seeming growths to CT or MRI scans before radiologists and doctors examine them. Or it could remove real cancerous nodules and lesions without detection, leading to misdiagnosis and possibly a failure to treat patients who need critical and timely care.

Yisroel Mirsky, Yuval Elovici and two others at the Ben-Gurion University Cyber Security Research Center in Israel who created the malware say that attackers could target a presidential candidate or other politicians to trick them into believing they have a serious illness and cause them to withdraw from a race to seek treatment. The research isn't theoretical. In a blind study the researchers conducted involving real CT lung scans, 70 of which were altered by their malware, they were able to trick three skilled radiologists into misdiagnosing conditions nearly every time. In the case of scans with fabricated cancerous nodules, the radiologists diagnosed cancer 99 percent of the time. In cases where the malware removed real cancerous nodules from scans, the radiologists said those patients were healthy 94 percent of the time.

45 comments

  1. SO let me get this straight. by Mr+D+from+63 · · Score: 1

    If you give doctor faked imaging scans, he might diagnose wrong?

    1. Re:SO let me get this straight. by dlleigh · · Score: 2

      This team has also been fooling proctologists with rubber poop.

    2. Re:SO let me get this straight. by Anonymous Coward · · Score: 0

      It is not a fake image, but it is an altered image (partially altered). A radiologist may be looking for a certain pattern in an image. The malware did alter certain part of the image to make it looks like cancerous pattern.

    3. Re:SO let me get this straight. by Anonymous Coward · · Score: 0

      Correct.

      Just like changing lab results could lead a doctor to misdiagnose and mistreat patients. Go figure. Clickbait.

    4. Re:SO let me get this straight. by EndlessNameless · · Score: 3, Informative

      I'm pretty sure the studies are trying to demonstrate that their modifications are plausible and undetectable. The idea that you get bad conclusions from bad data... that's not really up for debate.

      Basically, you can fool anyone with good fakes, but not everyone can make good fakes. These guys proved they can. And they have an automated tool that can do it

      --

      ---
      According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
    5. Re:SO let me get this straight. by ShanghaiBill · · Score: 1

      If you give doctor faked imaging scans, he might diagnose wrong?

      No, that is not the issue. The problem is that the images are handled insecurely, and it is not difficult for a black hat to tamper with them.

      It is easy to imagine how this could be abused. For instance the Russians could modify Joe Biden's brain scan to make it look like a tumor was causing his weird behavior with women. Soon he could be elected president by people that believe he can be turned back into a normal person with just a bit of brain surgery.

  2. No internet by tsa · · Score: 1

    But who in their right mind would connect an MRI machine to the internet? At my work we didn't even have the scanning electron microscope connected to it because of this.

    --

    -- Cheers!

    1. Re:No internet by Real+Data+Collection · · Score: 2

      Hospitals with document management systems to store electronic patient records. If the IT department is any good, dedicated VLANs should restrict the flow of data over the network. Too often everything is on the General VLAN.

    2. Re:No internet by Anonymous Coward · · Score: 1

      a lot of times the people doing the analysis arent in the hospital... its farmed out to places like india in many circumstances. Which is hard to do if the machine isnt on the internet.

    3. Re:No internet by rockmuelle · · Score: 2

      Not MRIs, but for some reason the major genome sequencing instrument vendors generally require remote access to their instruments (Illumina and PacBio both do this - PacBio was just bought by Illumina, but they've been doing it since the beginning). Heck, there used to be a map that someone made that found Illumina instruments on the internet and plotted their physical locations based on the IP address (it doesn't seem to exist anymore). They also tend to run unpatched versions of Windows.

      Sequencing data is even easier than MRI data is to mess with. The raw data is large (10-100s of GBs per run) and always processed by computational pipelines that are mix of scripts and random tools downloaded from the internet. Unlike with artifacts that would be detectable in an altered image, changing sequencing data is simply a matter of flipping a few characters.

      We once wrote a script that scanned for a specific sequence related to a certain cancer. By flipping a few characters, it was possible to give the patient the variants that lead to a higher probability of developing cancer. We could have also done the opposite and made patients appear to have no pre-disposition when they in fact did. (our script looked at all the short reads right of the instrument and tweaked them, it didn't catch all cases, but more than enough that the variant caller gave our intended call)

      An hypothetical extension of this would let scan for specific individuals based on previously sequenced samples. From there, one could write a script that only "gave" cancer to that person.

    4. Re:No internet by AHuxley · · Score: 1

      The "digital" file is sent to any outside expert. By some network.
      The expert can sit at their desk and see the file on a computer. ie totally not part of the same network that did the scan.

      --
      Domestic spying is now "Benign Information Gathering"
    5. Re:No internet by The+Grim+Reefer · · Score: 2

      But who in their right mind would connect an MRI machine to the internet?

      No one. But I've seen it done. In fact 12+ years ago I was at a hospital that had to reimage the console on a magnet because the techs were using it to surf the internet and got all kinds of malware and/or viruses on it. I think the the scanner was down for close to a week because of it.

    6. Re:No internet by xenobyte · · Score: 1

      But who in their right mind would connect an MRI machine to the internet?

      In my experience almost all CT and MRI scanners are connected to the internet, although usually on separate vlans that isn't directly connected to the open internet, but some are only protected by a firewall and perhaps some port mapping.

      Many hospitals also rely on radiologists-for-hire outside the hospitals to read and diagnose the images so there's access from the outside to the DICOM-databases holding the images, although usually through a VPN tunnel.

      Now, if a malware infects the external radiologists computers and uses the VPN to enter the closed network where the DICOM-databases live... The databases are not encrypted so the malware would be free to read and modify any image, completely without being detected. Access logging is usually only done through the imaging software so if you go below that and access the database directly, you can do what you want and at some point it will cost lives. Also, the ransomware attack on the DHSC in the UK shows that most 'administrative' computers on a hospital usually is connected to the internet in order to send/receive emails and so on. If they get infected, it only takes an unprotected connection between them and the DICOM-network to open the can of worms.

      --
      "For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
  3. Buried the lead by pr0t0 · · Score: 4, Insightful

    The real story here is that the researchers developed an AI capable of detecting cancer nodules in CT and MRI scans with 94% accuracy. I mean, if it can find them to remove them...it can find them. That seems like pretty high accuracy for computer aided diagnostics.

    --
    I'm sorry, but your opinion seems to be wrong.
    1. Re:Buried the lead by Anonymous Coward · · Score: 0

      94% sounds good, but "I'm 94% sure you don't have cancer" sounds like "you really should get a 2nd opinion."

    2. Re:Buried the lead by scamper_22 · · Score: 1, Interesting

      Not really. Computer aided detection of anomalies in medical imaging has been pretty solid for a while.

      I worked in the field over 15 years ago. Already for breast cancer anomaly detection, it was easily over 80% depending on the system when compared to even the best radiologists.

      I obviously wouldn't book a surgery strictly on an automated analysis, but as a good first screening, we've had that covered for a while now comparable to real radiologists.

      It is used, but generally people don't trust the automated results, so a radiologist is still there reading each one. That doesn't mean the computer isn't doing most of the work :P

    3. Re: Buried the lead by Anonymous Coward · · Score: 0

      Or the opposite, now big medical / big pharma has created a way to induce expensive medical treatments for no true reason.

      Hey look, now we have a medicine you take for rest of life to cure that pre cancer or early cancer symptoms as per our testing and radiologist analysis!

  4. Sad commentary on humanity by presidenteloco · · Score: 3, Informative

    That we have to protect all technology against psychopathic super-assholes.

    --

    Where are we going and why are we in a handbasket?
    1. Re:Sad commentary on humanity by Krishnoid · · Score: 1

      Well, sure, but it's a double-edged sword; in this case you can see how technology can protect us against psychopathic super-assholes. All the hackers need to do is fake scans on a bunch of sitting politicians and get more discussion on socialized medicine into the news cycle.

    2. Re:Sad commentary on humanity by Baki · · Score: 1

      Yes I know it is incredible, but people that regard life as a game, and need to "win" without any regards for the common good, really exist. Some are even rulers or presidents.

  5. That's a nice scan you have there by Anonymous Coward · · Score: 0

    Shame if it got corrupted somehow and you got sued.

    Need consulting services to protect yourself? Virus protection subscription?

    1. Re: That's a nice scan you have there by Anonymous Coward · · Score: 0

      These are extremely dangerous waters for anyone to tread in; basically they are saying "we won't murder your patients if you pay us". The response and penalties are raised to a much higher level than if they were encrypting a company's important financial documents.

        If any hacker ring tried some shit like this, they can expect the troopers with heavy weaponry, armored cars with the battering ram on it, and body armor to bust down their door. Imagine how they will feel when their heads are instantly slammed into the floor, and some big strong dude who is wearing more padding than an American football player and shoving a gun into their temples whilst digging their knee with the force of all the armor/body weight behind it into their backs, and telling them "don't you fucking blink, or I swear to God, you will die right where you lay!"

        I hope anyone stupid enough to attempt anything like this spends the rest of their lives in PMITA prison with no possibility of parole.

  6. Non-paywalled article by Vanyle · · Score: 1

    https://www.healthimaging.com/...

  7. In the wrong small hands by Tablizer · · Score: 1

    I have bone spurs, honest!

    --
    Table-ized A.I.
  8. But Think Of The Profit Potential by Anonymous Coward · · Score: 0

    I mean children. Children. Think of the children.

    1. Re:But Think Of The Profit Potential by jtara · · Score: 1

      I mean children. Children. Think of the children.

      No, thanks.

      I don't care about the children. OR your $3.

      And, I WAS having a great day! Until you got in my way.

      Now, can you please step aside so I can get into Whole Foods before they raise the avocado prices?

  9. Gimp plugin by Anonymous Coward · · Score: 0

    I can hardly wait for the cancer-fu filter so i can p'shop my own CT images.

  10. "security" weakness? by Anonymous Coward · · Score: 0

    The whole medical field is weak. We are now in the era of imaging instead of thinking. From what I've seen of doctors, they are the sloppiest, laziest thinkers out there.

    https://westjem.com/case-repor...

  11. Rick Scott would have paid big for this by Anonymous Coward · · Score: 0

    When Rick Scott was overseeing the largest Medicare patient fraud in US history in the 90s, their primary method was to fake test results and bill for unnecessary care. A medical provider today would pay big under the table to be hit with this particular malware. They could easily claim ignorance and get away with providing billions in unnecessary cancer care.

  12. What is the attack vector? by whh3 · · Score: 1

    I appreciate the stunning and scary significance of the advanced malware that is able to "realistically" modify medical imagery in a way that coerces doctor into misdiagnosis. However, I do not see any description of the attack vector? I only read the free version of the article, so I could be completely missing it. Sorry, if so!!

    Will

    --
    remove nospam. to email!
    1. Re:What is the attack vector? by AHuxley · · Score: 2

      Re "any description of the attack vector"
      Hours in the ER due to an "accident" then result in other medial issues? Hours waiting for further tests and digital results.
      The result is the way the person responds to the unexpected event..
      Dissidents who are trusted and well connected in a protest movement at an important time in history can have an induced medical issue stop all their protesting.
      Finding an expert. Making an appointment. Waiting. Calling friends and family.
      Do they go with private health care? Use their nations free gov health care?
      The time, stress, contacts made, questions, introspection can be just what a security service wants to slow a charismatic protest leader.
      The security services of a nation can sit back and see what such a digital event induces.
      Wealth family and friends offer support? Some other unexpected NGO, think tank, foundation, cult, faith group, union, charity, another gov offers totally unexpected and open ended support?
      Why is this person getting so much expensive health care from unexpected and not seen before supporters?
      The person falls back on 100% gov health care in their nation like any very average person?
      Both results are of interest to police and security services watching protesters, dissidents, investigative journalists.

      An induced medical emergency can uncover a lot about a persons supporters and once well hidden funding.
      Who is really so interested in seeing them recover and is willing to invest in that health care?

      --
      Domestic spying is now "Benign Information Gathering"
  13. Is there an anti-fakery AI as well? by az-saguaro · · Score: 3, Informative

    Look at the demo video at: https://www.youtube.com/watch?... .

    As someone who looks at such things for a living, I find this interesting but not so compelling. For the example of just a single injected nodule, I thought it looked unnatural. But, how it is perceived depends on how it is presented. Suppose they presented the images to real radiologists this way, "You will be looking at films that might be real or might be faked, guess which is which", then I think that most radiologists would know that the single nodule was not natural. But, if presented this way, "Look at these films and see if there is anything abnormal", then many would have fallen for it. But likewise many would have been thinking, "It is probably cancer, because it is a solid nodule, but it looks rather odd."

    In comparison, the 472 nodule example was obviously fake. The nodules were all far too similar, too round, too uniform, too dense. I doubt many radiologists would have fallen for that.

    If the authors intent was to show that fake imagery can be made that could be used for nefarious deception, then I think we already knew of that concern. I would say that I have seen far more credible and persuasive false CGI than what was seen here. If Pixar for example decided to make fake x-rays, I suspect they could do a much better job of it.

    This brings up a question that seems far more interesting to me. If an AI agent can make a fake image that can fool some experts under certain conditions, but the fakery can also be recognized, then can there be a second AI agent that can spot the fakery created by the first AI?

    What do you think?

    1. Re:Is there an anti-fakery AI as well? by bacetech · · Score: 1

      I am not an expert,what you say seems feasible, but the defensive AI would need ground-truthed datasets for training. How would these be obtained? i.e. where would you get known fakes? This process would have to be repeated if newer versions of the adversarial AI produced sufficiently different fakes.

    2. Re:Is there an anti-fakery AI as well? by az-saguaro · · Score: 1

      Thanks for the thoughtful remark, makes sense. I too am no expert, but your remarks make me wonder if there is a different way to make the defensive AI. Rather than training the defensive AI to recognize each style of forgery, can the defensive AI be better trained than the adversarial one, even on the original dataset or an expanded superset of it, such that it knows that the forgery simply isn't very realistic, that the first AI was simply too amateurish?

    3. Re:Is there an anti-fakery AI as well? by Anonymous Coward · · Score: 0

      This sounds very similar to a Generative Adversarial Network where there are two different algorithms working against each other - one to create something that could be perceived as "real", the other to detect whether an image is "real". They have been used to make some pretty amazing pictures. Also I think something similarish was used for the Alpha Zero agent. Intro to GAN

  14. Re:SEM by jtara · · Score: 1

    At my work we didn't even have the scanning electron microscope connected to it because of this.

    Because.... ???

    Oh! That's right! Because most SEMs are run by Windows XP or older...

    - It's Windows
    - It's OLD Windows
    - It's maintained by some retired IT guy
    - It's got an inch of dust inside
    - There's a serial port with a badly-hand-soldered connection involved somewhere, I'm sure
    - The retired IT guy still blames everything on the "one stop bit or two" conundrum.

  15. Attempted murder by Anonymous Coward · · Score: 0

    This isn't encrypting somebody's pictures and music files and demanding a $500 gift card to 'unlock' them, this is straight up attempted murder.

      Can any 'hacker' who tries this shit take being raped in the ass by Bubba for years on end?

  16. Warning to anybody thinking of getting into this r by Anonymous Coward · · Score: 0

    These are extremely dangerous waters for anyone to tread in; basically they are saying "we won't murder your patients if you pay us". The response and penalties are raised to a much higher level than if they were encrypting a company's important financial documents.

      If any hacker ring tried some shit like this, they can expect the troopers with heavy weaponry, armored cars with the battering ram on it, and body armor to bust down their door. Imagine how they will feel when their heads are instantly slammed into the floor, and some big strong dude who is wearing more padding than an American football player and shoving a gun into their temples whilst digging their knee with the force of all the armor/body weight behind it into their backs, is telling them "don't you fucking blink, or I swear to God, you will die right where you lay!"

      I hope anyone stupid enough to attempt anything like this spends the rest of their lives in PMITA prison with no possibility of parole. If anybody dies as a result of their actions, they get the death penalty.

  17. Send only links by Anonymous Coward · · Score: 0

    I'm wondering if any kind of modern critical device has been manufactured with a "send only" network link, where it is physically impossible for the device to recieve any data. An operator would push a button on a console, and a blob gets sent to a recieving computer where data integrity is checked and verified. Remote monitoring would be a good application for this where the device sends 'blobs' out automatically at regular intervals.

      It won't stop all malicious attacks, but it will greatly help with security

  18. Coincidence? by Anonymous Coward · · Score: 0

    attackers could target a presidential candidate or other politicians to trick them into believing they have a serious illness and cause them to withdraw from a race to seek treatment

    Sen. Michael Bennet says he has prostate cancer; Dem's planned 2020 run depends on health

  19. The long term implications of this are by Anonymous Coward · · Score: 0

    Frightening.

    We can make it look like you have cancer, pump you full of chemo and kill you.
    We can make it look like you dont have cancer, and let you die a painful, miserable death without any form of treatment.

    This is also going to breathe wind in to the sails of so-called Targeted Individuals (TI). TI's will begin to insist that their delusions are real and that their diagnostic scans have been faked to convince them Big Brother didnt put a chip in their brain.

    I understand wanting to make the technology more secure, but does that always involve the manufacturing of what is basically a weapon?