A team of researchers has demonstrated that hackers can modify 3D medical scans to add or remove
evidence of a serious illness, such as cancer.
Experts from the Ben-Gurion University and the Soroka University Medical Center, Beer-Sheva, in Israel
have developed proof-of-concept (PoC) malware that uses a machine learning technique known as
generative adversarial network (GAN) to quickly alter 3D images generated during a Computer
Tomography (CT) scan.
CT scanners are typically managed through a picture archiving and communication system (PACS) that
receives scans from the scanner, stores them and then supplies them to radiologists. Data is transmitted
and stored using a standard format named DICOM. PACS products are provided by companies such as
GE Healthcare, Fujifilm, Philips and RamSoft.
One problem, according to researchers, is that PACS and DICOM servers are often left exposed to the
internet. A scan conducted using the Shodan search engine identified nearly 2,700 servers that were
connected to the internet. Another issue is that the medical imagery data is in many cases transmitted
over the network without being encrypted, which exposes it to man-in-the-middle (MitM) attacks and
Malicious actors could directly target PACS that are accessible from the Internet, or they could first gain
access to the targeted organization’s network and launch the attack from there. Another attack vector,
which the researchers tested during a penetration test conducted in a hospital’s radiology department,
involves physically connecting a small MitM device between the CT scanner’s workstation and the PACS
network. In these local attacks, the attacker can rely on insiders or they can pose as a technician, the
Once the attacker can intercept traffic from the CT scanner, they can use an attack framework, which
the researchers have dubbed CT-GAN, to manipulate the images via the GAN technique before they
reach the radiologist who interprets the results.
The experts have tested the efficiency of the attack by asking three radiologists to diagnose a mix of 30
authentic CT scans and 70 scans altered using CT-GAN. The malware was used to inject evidence of
malign cancer into the scans of healthy patients and remove cancer from the scans of patients who
actually had it.
When the radiologists were unaware that the results had been manipulated, they diagnosed 99% of the
injected scans as cancer and 94% of the scans from which the cancer was removed as belonging to
healthy patients. After they were informed of the attack, the radiologists still misdiagnosed the patients
in 60% and 87% of cases, respectively. The researchers said the attack even fooled a state-of-the-art
lung cancer screening model in each and every one of the tests.
So why would someone want to launch such an attack? The researchers have listed several possible
motivations and goals. They believe that modifying someone’s scan and causing a misdiagnosis can be
useful for stealing someone’s job, altering elections, sabotaging or falsifying research, earning money by
holding data hostage, insurance fraud, and even murder or terrorism.
They pointed out that the method can be used to add or remove evidence of various illnesses, including
aneurysms, heart disease, blood clots, infections, arthritis, cartilage problems, torn ligaments, and
tumors in the brain, heart or spine.
For example, if an attacker adds evidence of cancer to a political candidate’s CT scan, they can get the
targeted individual to withdraw from the race. The same technique could work for getting someone to
give up a job or a leadership role. In the worst case scenario, hackers could remove evidence of a serious
illness, which could lead to that person dying due to not receiving the proper treatment.