In 2017, a notorious malware WannaCry attack wrecked havoc across the world including the UK's National Health System's (NHS) database sending all doctor appointments going haywire, test reports denied access across the country and you, I and lots others thought it was a big ransomware attack, guess again, there will much larger sinister design, if we don't fix the security loophole in advanced medical equipment.
Israel's top Cybersecurity experts have discovered that CT (Computed Tomography) scanner for X-Ray and Magnetic Resonance Imaging (MRI) scanners are vulnerable to computer malware/viruses and this can allow hackers to take over the machines to add fake cancer nodes or even erase a real tumour in the resultant scan copy.
In the blind test conducted by Yisroel Mirsky, Yuval Elovici and two others of the Cyber Security Labs at the Ben-Gurion University in Israel were able to create and also erase cancerous nodes in CT scan of a lung cancer patient. The most dangerous aspect was most of the experienced radiologists believed the scan copy was genuine and leading them to misdiagnose the patient's condition.
Security experts then went ahead by revealing the concerned medical experts that CT scanned copy was fabricated and gave them another copy of fake CT scan and again around 60-percent of them misdiagnosed the case study.
What's most dangerous part is that fake cancer nodes can be created or erased not just on lungs, but also on the brain, bones (arthritis), spinal injuries, bone fractures, ligament injuries, heart disease, blood clots and other serious medical conditions.
Yisroel Mirsky, Yuval Elovici and the team have shown concern that hackers with medical knowledge may misuse it to harm, if not kill important global personalities, as doctors will most likely fail to recognise the underlying condition.
How the hacker can change 3D body scans in real-time?
Researchers of the Cyber Security Labs were to build a man-in-the-middle (m-i-t-m) device, a physical hacking tool consisting of simple Raspberry Pi 3 series computer with network bridge setup, a Wi-Fi access point and a cancer injection/removal application software installed in it.
Place the m-i-t-m device near the unguarded scanner and the former will be able to intercept the data and manipulate the results in real-time.
Check out the official test video below:
It can be noted if the cybercriminals add cancer nodes in CT scan of a person, the doctor will assume there is a presence of tumour and need to be removed. This will lead to surgery being performed on a victim, who despite being healthy will suffer bodily harm and also if he/she happens to be a politician running for presidential or prime ministerial election will come off as a weak leader and swing the election to the opponent. Even if the opposite happens like the candidate is misdiagnosed has healthy, but the hackers had removed tumours from the CT scan, the person might die. The country, he/she leads, end up with political turmoil, affecting its economy and defence.
This is a serious issue, which top medical equipment-makers have to be concerned with and step up their efforts to fix all existing loopholes and scale up the security for protection against future threats.