CT and MRI Machines Are at Risk for Cyberattack

A new report presented at the most recent RSNA conference suggests that the risk of cyberattacks on medical imaging devices (MIDs) should be a greater concern in the imaging community. The report, written by a team of researchers in the Department of Software and Information Systems Engineering at Ben-Gurion University of the Nagev in Israel, pointed to a number of reasons why MIDs are particularly vulnerable.

CT and MRI machines are routed to hospital networks, which makes them easy targets for cyberattackers. According to the authors, attacks could manipulate the devices’ elements, thus “disrupt[ing] digital patient records, and potentially jeopardize patients' health.”

Possible attacks could include adjusting parameter values to change radiation levels, aggravating scan signals, shutting down machines entirely, and holding hospitals hostage with “ransomware” that disrupts service and offers to resume it—for a fee. "In cases where even a small delay can be fatal, or where a dangerous tumor is removed or erroneously added to an image, a cyberattack can be fatal," said Tom Mahler, one of the study’s main authors.

Mahler and his team point out that CTs and MRIs are not designed to prevent cyberattacks. Every year, more than 120 million new malware are identified. Due to strict regulations, it can take three to seven years for a new medical device to go from an idea to the marketplace, which means by the time a new MID is released, it’s become vulnerable to cyber-threats that didn’t previously exist when it was designed.