Deep Learning Model Designed to Prevent Medical Imaging Cyberattacks

Researchers presented two new studies at the recent annual meeting of the Radiological Society of North America (RSNA) that addressed the potential risk of cyberattacks in medical imaging.

Medical imaging devices, such as X-ray, mammography, MRI and CT machines, play a crucial role in diagnosis and treatment. As these devices are typically connected to hospital networks, they can be potentially susceptible to sophisticated cyberattacks, including ransomware attacks that can disable the machines. Due to their critical role in the emergency room, CT devices may face the greatest risk of cyberattack. Researchers and cybersecurity experts have begun to examine ways to mitigate the risk of cyberattacks in medical imaging before they become a real danger.


In the first study presented at RSNA 2018, researchers from Ben-Gurion University of the Negev identified areas of vulnerability and ways to increase security in CT equipment. They demonstrated how a hacker could bypass security mechanisms of a CT machine to manipulate its behavior. Since CT uses ionizing radiation, changes to dose could negatively affect image quality, or in extreme cases even harm the patient. The researchers have developed a system for anomaly detection using various advanced machine learning and deep learning methods, with the training data consisting of actual commands recorded from real devices. The model learns to recognize normal commands and to predict if a new, unseen command is legitimate or not. If an attacker sends a malicious command to the device, the system will detect it and alert the operator before the command is executed.

"In the current phase of our research, we focus on developing solutions to prevent such attacks in order to protect medical devices," said Tom Mahler, Ph.D. candidate and teaching assistant at Ben-Gurion University of the Negev. "Our solution monitors the outgoing commands from the device before they are executed, and will alert—and possibly halt—if it detects anomalies."

"In cybersecurity, it is best to take the 'onion' model of protection and build the protection in layers," added Mahler. "Previous efforts in this area have focused on securing the hospital network. Our solution is device-oriented, and our goal is to be the last line of defense for medical imaging devices."

In the second study presented at this year’s RSNA, a team of Swiss researchers looked at the potential to tamper with mammogram results. The researchers trained a cycle-consistent generative adversarial network (CycleGAN), a type of artificial intelligence application, on 680 mammographic images from 334 patients, to convert images showing cancer to healthy ones and to do the same, in reverse, for the normal control images. Their aim was to determine if a CycleGAN could insert or remove cancer-specific features into mammograms in a realistic fashion. The images were presented to three radiologists, who reviewed the images and indicated whether they thought the images were genuine or modified. None of the radiologists could reliably distinguish between the two.

"As doctors, it is our moral duty to first protect our patients from harm," said Anton S. Becker, M.D, radiology resident at University Hospital Zurich and ETH Zurich, in Switzerland. "For example, as radiologists we are used to protecting patients from unnecessary radiation. When neural networks or other algorithms inevitably find their way into our clinical routine, we will need to learn how to protect our patients from any unwanted side effects of those as well."