Studies highlight the potential for cyberattacks in radiology

Two studies presented at a recent annual radiology conference say imaging modalities are at risk of cyberattacks, matching risks identified elsewhere within the healthcare industry.

The research, released at the Radiological Society of North America, shows the need to mitigate the risk of cyberattacks in medical imaging before such risks become dangerous.

Medical imaging devices, such as X-ray, mammography, MRI and CT machines, typically are connected to hospital networks. As a result, they can be potentially susceptible to sophisticated cyberattacks, including ransomware attacks that can disable the machines. Because of their critical role in the emergency room, CT devices may face the greatest risk of cyberattack, researchers say.

Also See: Data breach at Atrium Health potentially impacts more than 2.6 million records

In one study, researchers from Ben-Gurion University of the Negev in Beer-Sheva, Israel, identified areas of vulnerability and ways to increase security in CT equipment. They demonstrated how a hacker might bypass security mechanisms of a CT machine to manipulate its behavior. Because CT uses ionizing radiation, changes to dose could negatively affect image quality, or—in extreme cases—pose harm to the patient.

"In the current phase of our research, we focus on developing solutions to prevent such attacks in order to protect medical devices," says Tom Mahler, candidate and teaching assistant at Ben-Gurion University of the Negev. "Our solution monitors the outgoing commands from the device before they are executed, and will alert—and possibly halt—if it detects anomalies."

For anomaly detection, the researchers developed a system using various advanced machine learning and deep learning methods, with training data consisting of actual commands recorded from real devices. The model learns to recognize normal commands and to predict if a new, unseen command is legitimate or not. If an attacker sends a malicious command to the device, the system will detect it and alert the operator before the command is executed.

HDM-092618-Security-breach.png

A second study looked at the potential to tamper with mammogram results. Researchers trained a cycle-consistent generative adversarial network (CycleGAN), a type of artificial intelligence application, on 680 mammographic images from 334 patients, to convert images showing cancer to healthy ones and to do the same, in reverse, for the normal control images. They wanted to determine if a CycleGAN could insert or remove cancer-specific features into mammograms in a realistic fashion.

"As doctors, it is our moral duty to first protect our patients from harm," said Anton S. Becker, MD, radiology resident at University Hospital Zurich and ETH Zurich, in Switzerland. "For example, as radiologists we are used to protecting patients from unnecessary radiation. When neural networks or other algorithms inevitably find their way into our clinical routine, we will need to learn how to protect our patients from any unwanted side effects of those as well."

"Neural networks, such as CycleGAN, are not only able to learn what breast cancer looks like," Becker adds. "We have now shown that they can insert these learned characteristics into mammograms of healthy patients or remove cancerous lesions from the image and replace them with normal looking tissue."

He anticipates that this type of attack won't be feasible for at least five years and said patients shouldn't be concerned right now. Still, he hopes to draw the attention of the medical community, and hardware and software vendors, so that they may make the necessary adjustments to address this issue while it is still theoretical.

For reprint and licensing requests for this article, click here.