Medical Imaging Devices Need Better Cyber Security
Medical Imaging Devices Need Better Cyber Security
January 29, 2018
BGU’s Malware Lab researchers are warning medical imaging device (MID) manufacturers and healthcare providers to become more diligent in protecting medical imaging equipment from cyber threats.
In their new paper, “Know Your Enemy: Characteristics of Cyber-Attacks on Medical Imaging Devices,” BGU researchers demonstrate the relative ease of exploiting unpatched medical devices, such as computed tomography (CT) and magnetic resonance imaging (MRI) machines, many of which do not receive ongoing security updates.
Consequently, an attacker can easily compromise the computer that controls the CT device causing the CT to emit high rates of radiation, which can harm the patient and cause severe damage. Attackers can also block access to MIDs or disable them altogether as part of a ransom attack, which has already occurred worldwide.
This study is a new frontier in cyber security research. It is part of a large-scale research project called Cyber-Med, initiated by Dr. Nir Nissim, head of the Malware Lab at BGU’s Cyber Security Research Center (CSRC). Cyber-Med aims to develop security mechanisms for the entirety of medical devices’ ecosystems, including implanted pace-makers, robotic surgeon systems (e.g. da Vinci), medical information systems and protocols, ICU medical devices, and MIDs.
In recent years, MIDs are becoming more connected to hospital networks, which make them vulnerable to sophisticated cyberattacks that can target a device’s infrastructure and components, as well as fatally jeopardize a patient’s health and the hospital systems operations.
The research was released ahead of the Cybertech Conference which runs through Wednesday, January 31 at the Tel Aviv Fairgrounds. BGU is the conference’s academic partner. Cybertech is one of the largest and most important cyber events worldwide. It annually draws thousands of guests and groups from abroad, including delegations from 80 countries.
Malware Lab experts predict attacks on MIDs will increase. They foresee attackers developing more sophisticated skills directed at these types of devices, the mechanics and software of which are often installed on outdated Microsoft PCs.
“CTs and MRI systems are not well-designed to thwart attacks,” says lead author Dr. Nir Nissim, who simulates MID cyberattacks together with his MSc student Tom Mahler. Tom is part of the Malware Lab’s team which includes 17 outstanding research students, and conducted the research under the supervision of Dr. Nir Nissim, Prof. Yuval Elovici, director of [email protected] and Prof. Yuval Shahar, director of BGU’s Medical Informatics Research Center.
“The MID development process, from concept to market, takes three to seven years. Cyber threats can change significantly over that period, which leaves medical imaging devices highly vulnerable,” says Mahler.
The study, conducted in collaboration with Clalit Health Services, Israel’s largest health maintenance organization, included a comprehensive risk analysis survey based on the “Confidentiality, Integrity and Availability” risk model, which addresses information security within an organization.
Researchers targeted a range of vulnerabilities and potential attacks aimed at MIDs, medical and imaging information systems and medical protocols and standards. While they discovered vulnerabilities in many of the systems, they found that CT devices face the greatest risk of cyberattack due to their pivotal role in acute care imaging. Simulated cyberattacks revealed four dangerous outcomes:
- Disruption of scan configuration files − By manipulating these files, an attacker can install malware that controls the entire CT operation and puts a patient at great risk.
- Mechanical MID motor disruption – Medical imaging devices have several components with mechanical motors, including the bed, scanner and rotation motors, which receive instructions from a control unit, such as the host computer (PC). If malware infects the host computer, an attack on the motors can damage the device and injure a patient.
- Image results disruption − Because a CT sends scanned results connected to a patient’s medical record via a host computer, an attack on that computer could disrupt the results, requiring a second exam. A more sophisticated attack may alter results or mix up a transmission and connect images to the wrong patient.
- Ransomware − This malware encrypts a victim’s files and demands a ransom to decrypt them. The WannaCry attack, which affected more than 200,000 devices in more than 150 nations in May 2017, directly infected tens of thousands of U.K. and U.S. hospital devices, including MRIs.
“In cases where even a small delay can be fatal, or where a dangerous tumor is removed or erroneously added to an image, a cyberattack can be fatal,” says Mahler. “However, strict regulations make it difficult to conduct basic updates on medical PCs, and merely installing anti-virus protection is insufficient for preventing cyberattacks.”
BGU Malware Lab researchers are working on new techniques to secure CT devices based on machine learning methods. The machine-learning algorithm analyzes the profile of the patient being scanned, as well as many additional operational parameters of the CT itself, and produces an anomaly detection model based on a clean CT machine. Once the machine is infected, the detection model can identify the change in its behavior and its operational parameters and alert the administrator accordingly.
In future research, Dr. Nissim and his team will conduct nearly two dozen attacks to further uncover vulnerabilities and propose solutions to address them. They are interested in collaborating with imaging manufacturers or hospital systems for in situ evaluation.
In addition to Dr. Nir Nissim, the head of the Malware Lab and a researcher in the Telekom Innovation [email protected], the research team includes Dr. Erez Shalom, research manager at BGU’s Center for Digital Innovation Digital Health Lab; Prof. Yuval Elovici, director of the Telekom Innovation [email protected], director of [email protected] and a member of the BGU Department of Software and Information Systems Engineering; Prof. Yuval Shahar, head of BGU’s Medical Informatics Research Center; and Tom Mahler. They collaborated with Dr. Arnon Makori, Itzik Kochav and Israel Goldenberg from Clalit Health Services.
“As the Israeli academic leader in cyber security research, we partnered with Israel Defense to help create the Cybertech conferences four years ago,” says BGU President Prof. Rivka Carmi. “Cybertech is the preeminent forum in Israel to showcase our success in cyber research, innovation and commercialization and we will continue to play a leadership role in that arena.”
BGU will be represented both at the Cybertech conference and at the exhibition, as part of the CyberSpark Beer-Sheva pavilion. At the conference, Prof. Carmi will welcome the attendees on Tuesday morning and BGU researchers will take part in the panel sessions.
ABOUT AMERICANS FOR BEN-GURION UNIVERSITY
By supporting a world-class academic institution that not only nurtures the Negev, but also shares its expertise locally and globally, Americans for Ben-Gurion University engages a community of Americans who are committed to improving the world. David Ben-Gurion envisioned that Israel’s future would be forged in the Negev. The cutting-edge research carried out at Ben-Gurion University drives that vision by sustaining a desert Silicon Valley, with the “Stanford of the Negev” at its center. The Americans for Ben-Gurion University movement supports a 21st century unifying vision for Israel by rallying around BGU’s remarkable work and role as an apolitical beacon of light in the Negev desert.
About Ben-Gurion University of the Negev
Ben-Gurion University of the Negev embraces the endless potential we have as individuals and as a commonality to adapt and to thrive in changing environments. Inspired by our location in the desert, we aim to discover, to create, and to develop solutions to dynamic challenges, to pose questions that have yet to be asked, and to push beyond the boundaries of the commonly accepted and possible.
We are proud to be a central force for inclusion, diversity and innovation in Israel, and we strive to extend the Negev’s potential and our entrepreneurial spirit throughout the world. For example, the multi-disciplinary School for Sustainability and Climate Change at BGU leverages over 50 years of expertise on living and thriving in the desert into scalable solutions for people everywhere.
BGU at a glance:
20,000 students | 800 senior faculty | 3 campuses | 6 faculties: humanities & social sciences, health sciences, engineering sciences, natural sciences, business & management, and desert research.
Stern Strategy Group