When your scan shows a tumor but you don’t have one

Press Release

In this age of science and technology, where you rejoice over a plethora of convenience-based options, you must also take time out to consider and evaluate your blind trust and dependence on these ways and, more importantly, your consequent vulnerability.

In medicine, today’s advanced diagnostic equipment has made early detection of disease a possibility. Cancers are being caught early on, not only making the treatment easier but also offering the time to choose from a range of effective treatment options. This is just one of the many examples of the modern facilities that we rely on. We have grown to trust and depend on these services and the institutes that offer them.

To question this strong bond and its weak foundation, researchers in Israel created malware to tamper with medical imaging equipment and networks. The malware they created would let attackers automatically add realistic, malignant-seeming growths to CT or MRI scans before radiologists and doctors examine them. Or it could remove real cancerous nodules and lesions without detection, leading to misdiagnosis and possibly a failure to treat patients who need critical and timely care. This could create chaos and mistrust in hospital equipment.

The attacker could target specific patients, searching for scans tagged with a specific patient’s name or ID number. In doing this, they could prevent patients who have a disease from receiving critical care or cause others who aren’t ill to receive unwarranted biopsies, tests and treatment. The attackers could even alter follow-up scans after treatment begins to falsely show tumors spreading or shrinking. Or they could alter scans for patients in drug and medical research trials to sabotage the results.

Yisroel Mirsky, Yuval Elovici and two others at the Ben-Gurion University Cyber Security Research Center in Israel who created the malware say that attackers could target a presidential candidate or other politicians to trick them into believing they have a serious illness and cause them to withdraw from a race to seek treatment.

The research isn’t theoretical. In a blind study the researchers conducted involving real CT lung scans, 70 of which were altered by their malware, they were able to trick three skilled radiologists into misdiagnosing conditions nearly every time. In the case of scans with fabricated cancerous nodules, the radiologists diagnosed cancer 99 percent of the time. In cases where the malware removed real cancerous nodules from scans, the radiologists said those patients were healthy 94 percent of the time.


Even after the radiologists were told that the scans had been altered by malware and were given a second set of 20 scans, half of which were modified, they still were tricked into believing the scans with fake nodules were real 60 percent of the time, leading them to misdiagnoses involving those patients. In the case of scans where the malware removed cancerous nodules, doctors did not detect this 87 percent of the time, concluding that very sick patients were healthy.

Earlier this year, hackers demonstrated how the monitoring station would receive data showing a normal heartbeat even if the patient flatlined and vice versa, which could distract the nurses temporarily in order to accomplish another nefarious task.