According to the recent claims made by the researchers of Israel, they are able to change the CT scan results. This is possible with the help of malware programs. The vulnerabilities in the cyber security of the hospital’s digital records could lead to compromising the report-database. This is a potential threat if left unaddressed.
The researchers, Yisroel Mirsky , Yuval Elovici and two others from Cyber Security Research Center at the Ben-Gurion University in Israel, claim that if this malware program would have been induced by hackers it could have caused damage on a whole new level. For example the opposition political party may employ unethical hackers to modify the test results of the competing candidate. This will force the candidate to withdraw and undergo treatment.
According to Yisroel, “…what happens within the system itself, which no regular person should have access to in general, they tend to be pretty lenient”. Mirsky further added “It’s not…that they don’t care. It’s just that their priorities are set elsewhere.”
As per the statements the researchers have found a way to develop fake cancerous nodes in the scan. These fake ones have no relation to the patient’s health. These fake results upon being examined further by doctors show them a fake medical condition. This fake condition makes the doctors to diagnose the patient’s problem incorrectly. The malware-created cancer nodes are shown in the image below: the first image is a real tumor whereas the image to your right is the one created by using malware program.
To get a better idea about the efficiency of the malware program, the researchers conducted a blind study. This Blind study comprised of different Lung’s CT scan results different patients. Some of these results are modified with the help of malware program. When examined, 96% of the doctors diagnosed the disease and recommended the patient to take the treatment. And, when the result was reversed like, removing the nodule from the CT scan, 94% of the doctors diagnosed the patient as healthy.
In the diagnosed results above CASE I shows the incorrect results when the radiologists were unaware of the fake malware created cancer nodes while the CASE II represents the diagnosed results after the doctors were told about the unreal node inserted into the scan.
The software used to diagnose the samples was so weak in monitoring the attacks that it was not able to detect the malware program a single time. This raised a question on the credibility of the electronic devices used in the research and development department in the hospital.
When the results were sent to examine for second time the doctors were pre-told about the malware created cancer nodes and that the reports may have been altered. The results were drastic again. More than half of the doctors diagnosed the fake malware created cancer nodes and determined the person to be sick. The next time around 80% of the doctors claimed that the patient is healthy when the cancer node was erased with help of Malware.
Hence, the hospitals were advised to sign the scanned reports digitally or encrypt the reports stored on the PACS system. This will allow them to monitor their files and the reports which are encrypted cannot be opened without the decryption code. The researchers also advised the medical institutions to develop and enhance their cyber security cells.