Tom Mahler specialises in artificial intelligence (AI), anomaly detection, and cyberspace security. He has spent years analysing the vulnerabilities to external manipulation and sabotage of radiation-emitting medical imaging device systems as part of his doctoral research at BGU. He believes that imaging modalities are quite vulnerable in clinical settings to the risk of cyberattack, and that CT scanners in particular face the greatest risk. In a recent publication in the Journal of Digital Imaging, he and his colleagues present a model for incorporating active participation by radiologists. To increase awareness, Mahler also speaks about digital threat at radiology events such as the RSNA congress.

HiE: How did radiologists and radiology department managers react to your concerns?

Tom Mahler, PhD

Image source: Ben-Gurion University of the Negev

Mahler: ‘RSNA attendees were quite interested in learning about the vulnerability of their hospital “workhorses”, CT scanners in particular. Radiologists whose work focuses primarily on healthcare find it hard to imagine anyone wanting to maliciously attack medical devices. Individuals with an IT technical background tell me that attacks are even easier than anticipated due to security concerns in the hospitals. I think that today there is a greater awareness of potential risk by cyberattack since 2017.’ 

How vulnerable are these systems today? Have improvements in security been made?

‘Many hospitals have increased security in the digital network environment of the hospital network. Some PACS vendors have also made their products more secure. However, I am not aware of any significant improvements in the imaging modalities domain. These devices are still outdated and exposed to many vulnerabilities. I don’t know of any large security company offering products to secure these devices at the point of care; most companies offer products that increase the security of the network, but not the device itself. 

‘Devices are not monitored enough. I think that monitoring the devices’ operations at the point of care may be an important layer of security that can significantly reduce the risk of attacks. I have developed a detection and prevention framework that monitors the instructions sent with these devices. It uses advanced AI algorithms to detect anomalies within these instructions, and can alert the technician operating, for example if a CT scanner receives the instruction to deliver an excessive radiation dose. This kind of security layer is highly effective as it can block the attacks just in time before they affect the patient, no matter from where the attack originated.’

Do you have recommendations to make medical devices more secure?

‘In my research, I determined that the modality workstation that a technologist uses to configure and control the imaging device is extremely vulnerable to attacks. The detection and prevention framework that I developed monitors the actual instructions sent from the workstation to the scanner. As far as I know, this was the first time anyone tried to look inside a CT device and analyse the instructions sent from the host control PC. 

‘The anomaly detection and prevention framework can be installed outside the host control PC and still block potentially malicious instructions from reaching the CT scanner, or for that matter, any type of digital imaging or radiotherapy device. Automated anomaly detection AI software can do this with an accuracy to date of up to 99.5%. After receiving an alert, a CT technologist can cancel the exam or override it if there is a clinical reason for the anomaly, such as imaging an extremely obese person. The system can even suggest automatically how to correct the instruction and fix the anomaly.’ 

What other types of protection do you recommend?

‘My colleagues and I have shown how images from medical devices can be manipulated by adding or removing cancerous tumours in a way that radiologists cannot detect. Adding a digital signature is a secure way to make sure that the data received originated from a secure participant. If that data has been manipulated, the recipient would be alerted to this. Digital signature is very easy to implement, and this feature could be offered by modality and PACS vendors. However, offering such a feature is not enough. It should also be implemented and used by the hospital in which the PACS is deployed. I’ve often found security features provided by vendors that simply were not enabled. 

‘I also strongly recommend encryption of data in motion between a modality workstation and a PACS. The transmission of non-encrypted data is a huge vulnerability and is one that is very easy to fix.’

What should the role of radiologists and radiology administrators be in assessing security risk?

‘The risk assessment process should be done by IT security personnel or a company specialising in these services, under the organisation of the hospital’s chief information security officer. Radiology professionals can play an important role by assessing the impact of attacks, such as malicious sabotage. They also need to advocate for increased security of medical devices to their organisation’s IT staff, computer security team, and to senior hospital administration.’ 

Profile:

Tom Mahler, PhD, is a researcher at the Ben-Gurion University of the Negev (BGU) in Israel. He completed the combined PhD track for outstanding graduate students as the youngest in his class. Mahler’s research focuses on the cyber-security of medical devices and how to protect them using state-of-the-art machine learning and deep learning techniques. He is also the co-founder of FlowHow (p.k.a. CyberMed), a startup company that, based on his research, develops a secure workflow monitoring and optimization solutions for medical imaging devices and radiology departments.

02.06.2022

• CT (560)
• data management (565)
• imaging (1487)
• IT (873)
• MRI (746)
• radiology (649)
• security (446)