Latest in Gear

Image credit: BSIP via Getty Images

Researchers trick radiologists with malware-created cancer nodes

Researchers created the attack to highlight security issues in medical imaging equipment.
1022 Shares
Share
Tweet
Share
Save

Sponsored Links

BSIP via Getty Images

Security researchers in Israel have developed malware that can add realistic-looking but entirely fake growths to CT and MRI scans or hide real cancerous nodules that would be detected by the medical imagining equipment. The software, designed by experts at the Ben Gurion University Cyber Security Research Center, was created to highlight the lax security protecting diagnostic tools and hospital networks that handle sensitive information.

To test out how effective the attack could be, the researchers conducted a blind study that asked radiologists to diagnose conditions based on CT lung scans—some of which were altered using the malware. When presented with scans that featured fake cancers nodules, the radiologists came back with a cancer diagnosis 99 percent of the time. When the malware was used to hide real cancer nodules, radiologists issued a clean bill of health 94 percent of the time.

Even when the radiologists were made aware that the scans were being altered, they still struggled to make a correct diagnosis. When they were given a second set of images with a warning that some had been changed, the medical professionals were still tricked into thinking computer-generated nodules were real 60 percent of the time. When the malware was used to remove nodules, 87 percent of the readings incorrectly determined the patient was healthy. The humans put through the test shouldn't feel too bad, though—screening software used to confirm diagnoses fell for the malware's tricks every single time.

The good news is the malware was created by security researchers and not malicious actors, so this particular tool isn't likely to appear in the wild. But it should raise some red flags for medical professionals. Hospitals have been a target of cyber attacks before, but the stakes are usually more immediate: Ransomware locks up systems until a fee is paid. An attack like the one laid out by the researchers would be more insidious and could create distrust in essential systems.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1022 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget’s guide to Home Entertainment

Engadget’s guide to Home Entertainment

View
US says digital assets are covered by money laundering and disclosure laws

US says digital assets are covered by money laundering and disclosure laws

View
San Francisco's proposed office would prevent 'reckless' tech rollouts

San Francisco's proposed office would prevent 'reckless' tech rollouts

View
Porsche's Macan EV will fully replace its gas counterpart in a few years

Porsche's Macan EV will fully replace its gas counterpart in a few years

View
Crowdfunded case will give your Windows PC that Mac Pro look

Crowdfunded case will give your Windows PC that Mac Pro look

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr