“Hospital viruses: Fake cancerous nodes in CT scans, created by malware, trick radiologists”

Computer security researchers have developed proof-of-concept malware that can add fake lung cancer tumours to or remove real cancer tumours from CT scans. In a blind study, scans of healthy ‘patients’ in which fake tumours had been added fooled skilled radiologists 99% of the time and scans of real patients in which real tumours had been removed fooled the same radiologists 94% of the time. Even after the radiologists had been told that a new set of scans had been falsified, they still misinterpreted the scans 87% of the time.

The researchers were also able to gain sufficient access to a number of hospitals’ network equipment to be able to insert the malware in points in the network such that CT scans could be falsified before any radiologist saw the scan (in many hospitals, the relevant networks are directly or indirectly accessible from the Internet such that physical access to network equipment is almost certainly not necessary).

A Washington Post article describing the attack can be found at https://www.washingtonpost.com/technology/2019/04/03/hospital-viruses-fake-cancerous-nodes-ct-scans-created-by-malware-trick-radiologists/

A pre-print of a formal paper describing the attack can be found at https://arxiv.org/abs/1901.03597

Leave a Reply