Following new independent research, the Department of Homeland Security has re-issued a warning about cybersecurity vulnerabilities in medical devices, as Digital Journal reported. Following on from this comes news that researchers in Israel have succeeded in creating malware that produces fake cancerous nodes in CT scans in order to trick radiologists. This exercise was undertaken to draw attention to serious security weaknesses in medical imaging equipment and networks.
READ MORE: DHS sends out cyber warning about medical devices
The malware was developed by Yisroel Mirsky and Yuval Elovici at the Ben-Gurion University Cyber Security Research Center. The virus can enable a hacker to add realistic, malignant-seeming growths to CT or MRI scans, or it could remove real cancerous nodules and lesions from images without detection, leading to misdiagnosis.
Cybersecurity expert Xu Zou, who is the CEO of Internet of Things (IoT) security and analytics platform Zingbox, tells Digital Journal about the wider implications of the academic exercise: “This study is a good example of how traditional security measures cannot cope with sophisticated malware especially when it comes to connected medical devices.”
Zou notes that more robust security systems are required within healthcare: “While there are precautions and best practices healthcare providers can implement, those will only be a partial solution. Healthcare providers must have security solutions in-place designed to detect sophisticated attacks as well as overcome the security limitations of medical devices, many of which cannot support on-device security measures.”
The solution, Zou adds, is in the very technology that will cause the potential cybersecurity problem. He explains: “Coincidentally, with the malware in this study refined via machine learning, security solutions leveraging the same technology can be used to identify the interception of data as well as the presence of a malicious device or software.”
This means that “understanding the normal intended behavior of medical devices including which devices it communicates with, is a critical component of securing connected medical devices. Doing this manually simply does not scale requiring the need for Artificial Intelligence, machine learning, and automated 24×7 continuous monitoring.”
These types of initiatives need to be phased in now, Zou concludes: “This study should be a wakeup call for many healthcare providers to reassess their security strategy.”
