Spoofing medical imaging: Highlighting security issues of malware

Spoofing medical imaging: Highlighting security issues of malware

Most of the known cybersecurity incidents in healthcare have to do with data breaches and malware campaigns. However, when hackers gain access to medical data, they could also corrupt it. Potential motivations to do this range from influencing politics, sabotaging research, committing insurance fraud, and much more (Dellinger, 2019; Mirsky, Mahler, Shelef, & Elovici, 2019; Zetter, 2019).

Researchers of the Ben Gurion University Cyber Security Research Center aimed to highlight security issues in medical imaging equipment, diagnostic tools, and networks. To this end, they created malware that can add or remove cancerous growths to volumetric (3D) medical scans of the lungs. By use of deep learning technology, it was possible to create realistic looking but fake growths to lung photos and to remove real growths from lung photos without leaving any indication of a growth ever being present (Mirsky et al., 2019).

The research was not just theoretical; the resulting images were presented to radiologists together with unaltered scans in a blind study (Mirsky et al., 2019; Zetter, 2019). The images that contained a fake growth led to a cancer diagnosis in 99% of the cases. For the images where an actual growth was removed, specialists determined in 94% of the cases that the patient was healthy. Even when specialists were notified that a particular image was altered, they still struggled with identifying a real or altered image (Dellinger, 2019; Mirsky et al., 2019).

In a second test, in which the specialists were aware that the images might have been altered, they diagnosed 60% of the fake additions to be cancer and 87% of the images where cancerous nodules were removed to be clear of cancer. Automated screening software was less effective than the (human) specialists, as it had a 100% fault rate during testing (Dellinger, 2019; Mirsky et al., 2019). The medical specialists that were involved in the study found the results highly worrying (Zetter, 2019).

This attack was possible due to low internal security measures. As of yet, hospitals generally do not use methods to digitally sign scans, making it difficult to recognise whether an image has been tampered with. Furthermore, the picture archiving and communication systems (PACS) networks, which is used to transfer medical imaging data, often do not use encryption, making them vulnerable to intruders who have already gained access to the hospital network (Mirsky et al., 2019; Zetter, 2019).

While the spoofing malware was highly successful, it is not expected that it will be used in an attack in the near future. Creating this type of malware is highly complex. However, it should raise concerns about the security of medical equipment and network protection both externally and internally. Most healthcare organisations do take care to share medical data in secure ways with external specialists or organisations. However, this research has highlighted that internally healthcare organisations still have much to improve. Security settings for medical equipment and network protection measures should constantly be reviewed and updated (Dellinger, 2019; Zetter, 2019).


Dellinger, A. (2019, March 4). Researchers trick radiologists with malware-created cancer nodes. Retrieved 30 September 2019, from Engadget website: https://www.engadget.com/2019/04/03/malware-cancerous-nodes-ct-mri-scans/

Mirsky, Y., Mahler, T., Shelef, I., & Elovici, Y. (2019). CT-GAN: Malicious Tampering of 3D Medical Imagery using Deep Learning. ArXiv:1901.03597 [Cs]. Retrieved from http://arxiv.org/abs/1901.03597

Zetter, K. (2019, April 3). Hospital viruses: Fake cancerous nodes in CT scans, created by malware, trick radiologists. Washington Post. Retrieved from https://www.washingtonpost.com/technology/2019/04/03/hospital-viruses-fake-cancerous-nodes-ct-scans-created-by-malware-trick-radiologists/