Researchers in cybersecurity in Israel recently deceived real doctors about diagnosing patients by penetrating a hospital x-ray scanner and changing the images they produced.

"The main purpose of the trial is to clarify how easily the attacker can reach the hospital network and then insert or remove lung cancers from the patient's CT scans," said Yessruel Mirsky, a researcher at the Ben Gurion University's National Center for Cybersecurity Research.

And Haki Mirsky and his colleagues attacked by obtaining permission from a local hospital to control the CT scan (CT).

The researchers devised an Ethernet-connected USB device that could be connected to a hospital workstation to secretly control the CT scanner. Three radiologists were then assigned to examine the edited images.

The researchers found that when changes were made to the radiation of healthy patients with cancer, radiologists failed to diagnose 99% of them as having the disease.

When the cancer algorithm was removed from actual cancer patients, radiologists misdiagnosed 94% of patients as healthy.

X-ray editing requires more than just doing Photoshop. The researchers used artificial intelligence algorithms to automatically add or remove micro-tumor models to images taken through a CT scanner.

The modified images were very accurate, with radiologists and accurate equipment still having difficulty diagnosing patients after being told that the images had been treated.

Results of the experiment
"They are still unable to distinguish between absurd and real images, where they misdiagnosed 60 percent of those who changed their radiographs and 87 percent of those who removed the changes from their images," the researchers said.

"For example, an individual or a government opponent wants to influence the outcome of an election. To do so, the attacker adds cancer to the computed tomography (CT) that is being carried out on the computer," the researchers said in a paper. A political candidate, and after learning about cancer, the candidate steps down. "

In other cases, the attack itself can lead to the death of a person by deceiving doctors and diagnosing them as healthy, while they actually need immediate treatment, and the attack can be used to generate funds through fraudulent health insurance claims.

"Another scenario that needs to be taken into account is ransom," the researchers say. "The attacker seeks financial gain by changing a few scans and then demanding reimbursement for the tests that have been affected."

The researchers published their findings to draw attention to weaknesses in CT and MRI devices while hospitals and clinics remain key targets for hackers, since medical records can be of great value to cybercriminals, both for vandalism and extortion.