Hi, I’m Dr. Peper and today I’m discussing fake radiology.
A person’s health information is considered so sensitive and private Congress enacted the Health Information Portability and Accountability Act or HIPAA, to ensure each personal’s medical information is safe. Hospitals are very careful with sharing medical data with outside doctors or other hospitals. But what about the privacy and security of a patient’s medical data within the hospital system? What if patient’s medical records, tests, even CT scans were vulnerable to manipulation from malicious software viruses in the hospitals digital system? A group of researchers from the Cyber Security Research Center in Israel wanted to show how the power of AI deep learning could be used to add or remove medical conditions from CT and MRI scans and cause a patient to falsely believe they have a serious illness.
CT Shows Fake Tumor
They showed how this could be accomplished in a real setting and published a paper about the results. Here’s what happened. After a hospital gave the researchers permission, they remotely inserted a malware virus into a hospital’s radiology network of CT scans and MRI scans. Real lung CT scans were altered by the malware to show fake lung tumors in normal scans and remove real tumors in scans that showed disease. This was serious stuff. As a result, the radiologists reading the scans were tricked into misdiagnosing lung cancer in most of them. Radiologists read the scans as showing cancer 99% of the time when a fake tumor was added to a normal scan. And when a real tumor was removed using the malware, the radiologist said the patient was healthy 94% of the time.
What is even more disturbing about this is most hospitals use AI powered lung scanning software tools to aid the radiologist in detecting tumors and confirm their diagnosis, but in this study, the malware was able to trick the CT software scanning tools into confirming the fake tumors every time.
Hospitals Need Encryption Within
The study sent shock waves through the hospital and medical community as authorities realized they need to encrypt their network system not only from the outside but from within. Hospital officials were quick to note that controls exist to prevent a patient from receiving unwarranted treatment. And there are several steps before a patient goes to surgery or receives radiation or chemotherapy so that a fake result would likely be detected. But there is emotional harm to the patient and the distress of learning they may have cancer even though it’s subsequently proven to not be true.
Fake Illness + Politics
And in truth, the cybersecurity researchers were thinking of another type of harm when they staged the attack. They wanted to draw attention to the weaknesses in the medical imaging networks to potentially avoid another type of ominous scenario, one that could affect our political system and government. They worry that attackers using this malware could target a presidential candidate or other politicians to trick them into believing they have a serious illness and cause them to withdraw from a race to seek treatment.
I hope this helps you to better understand the real threats of artificial intelligence.
The specific article and further readings, videos, and other podcasts are linked in the show notes.
From Short and Sweet AI, I’m Dr. Peper.
https://www.theverge.com/2019/4/4/18293817/cybersecurity-hospitals-health-care-scan-simulation