Researchers at BGU’s Malware Lab warn that core medical equipment, including CT and MRI machines, remain vulnerable to cyber attacks.

The BGU researchers recently issued a report, Know Your Enemy: Characteristics of Cyber-Attacks on Medical Imaging Devices, warning medical professionals that this issue is not being taken as seriously as it should—especially as vulnerable devices can place patient health, and potentially lives, at risk.

The report explores how medical imaging devices (MIDs), such as MRI or CT systems, many of which do not receive ongoing security updates, are becoming increasingly vulnerable to cyber attacks.

“CT and MRI systems are not well-designed to thwart attacks,” says the report’s lead author Dr. Nir Nissim, who simulates MID cyber attacks together with his graduate student researcher, Tom Mahler.

The research was conducted by a team of 17 talented BGU graduate students under the supervision of Dr. Nissim, Professor Yuval Elovici, director of Cyber@BGU, and Professor Yuval Shahar, director of BGU’s Medical Informatics Research Center.

They found that MIDs are commonly connected to hospital networks, and with this connectivity, an avenue is carved for cyber attackers to exploit vulnerabilities in outdated firmware.

“Vulnerable MIDs may result in attacks which target the devices’ infrastructure and components, which can disrupt digital patient records, and potentially jeopardize patients’ health,” says Dr. Nissim.

Ransomware attacks have proven to be successful against hospitals, and it may be that in the future, MIDs will become blocked or disabled as part of ransomware campaigns.

“In cases where even a small delay can be fatal, or where a dangerous tumor is removed or erroneously added to an image, a cyber attack can be fatal,” says Mahler

“However, strict regulations make it difficult to conduct basic updates on medical PCs, and merely installing antivirus protection is insufficient for preventing cyber attacks,” explains Mahler.

“The MID development process, from concept to market, takes 3 to 7 years. Cyber threats can change significantly over that period, which leaves medical imaging devices highly vulnerable,” he adds.

Hospitals and regulators must come together to prevent what may be fatalities in the health-care sector one day, should ransomware attacks continue.

BGU Malware Lab researchers are working on new techniques to secure CT devices based on machine learning methods. They are interested in collaborating with imaging manufacturers or hospital systems for in situ evaluation.