As internet connectivity of medical imaging equipment in hospitals increases the potential for malicious cyberattacks, Ben-Gurion University of the Negev (BGU) researcher Tom Mahler presents his team’s approach to solutions using artificial intelligence (AI) at the Radiological Society of North America (RSNA) Annual Meeting on November 27 in Chicago.
The internet has been beneficial for health care – radiology included – improving access in remote areas, allowing for faster and better diagnoses, and vastly improving the management and transfer of medical records and images.
Medical imaging devices such as X-ray, mammography, MRI, and CT machines play a crucial role in diagnosis and treatment. But as these devices are typically connected to hospital networks, they can be potentially susceptible to sophisticated cyberattacks, including ransomware attacks that can disable the machines.
During his presentation, “CTrl-Alt-Radiate?” Tom Mahler, BGU Ph.D. candidate and researcher in Cyber@BGU, demonstrated how a hacker might bypass security mechanisms of a CT machine in order to manipulate its behavior. Because CT uses ionizing radiation, changes to dose could negatively affect image quality, or–in extreme cases–pose harm to the patient. Hacking a system is the first step in determining vulnerabilities and creating solutions.
“In the current phase of our research, we focus on developing an anomaly detection system using advanced AI methods to train the system with actual commands recorded from actual equipment,” says Mahler. “Our system will monitor scan protocols to detect whether outgoing commands are malicious before they are executed and will alert or possibly stop if it detects an issue.”
While other solutions have focused on securing the entire hospital network, the goal of this device-focused approach is to be the last line of defense for medical imaging devices to prevent as many attacks as possible.
The BGU model learns to recognize typical imaging scan protocols and to predict if a new, unseen command is legitimate or not. If an attacker sends a malicious command to the device, the system will detect it and alert the operator before the command is executed. Mahler notes that the system is not yet finished, but that the results are a significant milestone on the path to securing medical imaging devices.
“The medical information device development process, from concept to market, takes three to seven years. Cyber threats can change significantly over that period, which leave medical imaging devices highly vulnerable,” Mahler says. “If health care manufacturers and hospitals take a proactive approach, we can prevent such attacks from happening in the first place.” The next step in this process is to collect more scans from different devices and sites to create a more accurate model.
(Source: Ben Gurion University)