The virus replaces the results of CT, by drawing or removing tumors.
Israeli scientists have decided to prove that the danger of interfering with the results of medical examinations is large enough and at the moment the information security of many hospitals is organized at a very weak level. And they did it in a very clear way: their AI-changing photos adds tumors there. But he also knows how to erase their marks – so that the patient may not know about the diagnosis and will not receive medical care until it is too late.
But even without extreme measures, the potential impact of the program is very large. For example, being a presidential candidate in 2016, Hillary Clinton performed a CT scan of the lungs. She confirmed the presence of pneumonia, rather than a more serious illness. This partly reassured the public, which allowed it to continue the political race.
The team created malicious software that allowed malignant neoplasms to be automatically added to CT scans and MRI scans even before the results reach the decoding for radiologists. In the experiment, scientists used real scan results easy and changed 70 of them to deceive doctors. And they succeeded. In 99% of cases, doctors were wrong if the picture had “fake” tumors. When the program removed them from the scan results, the doctors changed the verdict in 94% of cases. Even when the doctors were informed about the experiment and provided new real and modified scan results, they were still wrong in most cases.
The experiment was conducted on the example of lung cancer, but the malware can also harm other diagnoses – brain cancer, heart and blood vessel diseases, spinal injuries and many others. Scientists emphasize: the main problem of security in medical equipment and internal networks and databases of hospitals that do not use encryption and digital coding.
One of the hospitals tried to use encryption, but set it up incorrectly, as a result of which access to the images was still maintained, the authors clarify. To implement software, developers do not even need physical access to hospital networks. Everything can be done via the Internet.
As an example, the authors of the study in 30 seconds introduced a virus into the network of an Israeli hospital. And none of the medical staff found this. The obvious problem may remain unresolved for a long time, some skeptics say. Many medical institutions do not have the means for more secure equipment, and some infrastructure in principle will not be able to support new encryption technologies.
The practice of screening tests and tests that are carried out for each disputed case and in preparation for an operation somewhat limits the danger. This will help to eliminate the obviously false data, however, it is obvious that at the first stages of diagnosis the potential stress for the patient is provided.
Picture Credit: Bokskapet