How hospitals can use AI to fight medical device hacking

Ben-Gurion University researchers developed a device-focused cybersecurity solution to act as a last line of defense to protect patients.

As more hospitals connect medical imaging equipment to the internet, the risk of malicious cyberattacks increases exponentially. To combat these threats and keep patients safe, researchers from Ben-Gurion University of the Negev (BGU) developed a solution that taps artificial intelligence (AI) to prevent attacks.

Internet of things (IoT) devices have greatly benefited healthcare by improving access in remote areas, allowing for faster and more accurate diagnoses, and aiding the management and transfer of medical records and images, according to a Tuesday press release announcing the solution. But as devices such as X-ray, mammography, MRI, and CT machines are typically connected to hospital networks, they are potentially susceptible to sophisticated cyberattacks, including ransomware and others that could disable the machines.

In a Tuesday presentation at the Radiological Society of North America Annual Meeting in Chicago, BGU researcher Tom Mahler demonstrated how a hacker could bypass the security mechanisms in a CT machine and manipulate its behavior. CT machines use ionizing radiation, so changes to the dose could impact image quality, or even be harmful to the patient, the release noted.

SEE: Intrusion detection policy (Tech Pro Research)

"In the current phase of our research, we focus on developing an anomaly detection system using advanced AI methods to train the system with actual commands recorded from actual equipment," Mahler said in the release. "Our system will monitor scan protocols to detect whether outgoing commands are malicious before they are executed and will alert or possibly stop if it detects an issue."

Other solutions typically focus on securing entire hospital networks, the release noted. However, this device-focused approach is meant to act as a last line of defense for medical imaging devices, to prevent attacks.

BGU's model uses AI to learn to recognize typical imaging scan protocols, and to predict if a new, unseen command is legitimate or not, the release said. The system can detect malicious commands from hackers, and alert the operator, before the command is executed. While the system is not yet complete, early results show a "significant milestone" in work to secure medical imaging devices, according to Mahler. Next steps will be to collect more scans from different devices and sites to create a more accurate model.

SEE: Man-in-the-middle attacks: A cheat sheet (TechRepublic)

"The medical information device development process, from concept to market, takes three to seven years. Cyber threats can change significantly over that period, which leave medical imaging devices highly vulnerable," Mahler said in the release. "If health care manufacturers and hospitals take a proactive approach, we can prevent such attacks from happening in the first place."

The big takeaways for tech leaders:

  • A new tool created by researchers from Ben-Gurion University of the Negev uses AI to detect and stop attacks on medical imaging devices.
  • The rise of IoT has many benefits for the medical field, but hospitals and device makers must ensure that proper security protocols are in place.

Also see

istock-944355286.jpg
Image: iStockphoto/BigNazik

By Alison DeNisco Rayome

Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.