Researchers at Ben-Gurion University of the Negev (BGU) have developed a new artificial intelligence technique that they say will protect medical devices from malicious operating instructions in a cyberattack as well as other human and system errors.
Medical devices are increasingly connected to the internet, hospital networks, and other medical devices to provide features that improve health care and increase the ability of health care providers to treat patients. These same features also increase the risk of potential cybersecurity threats. Medical devices, like other computer systems, can be vulnerable to security breaches, potentially impacting the safety and effectiveness of the device.
Complex medical devices such as CT (computed tomography), MRI (magnetic resonance imaging) and ultrasound machines are controlled by instructions sent from a host PC. Abnormal or anomalous instructions introduce many potentially harmful threats to patients, such as radiation overexposure, manipulation of device components or functional manipulation of medical images. Threats can occur due to cyberattacks as well as human errors such as a technician’s configuration mistake or host PC software bugs.
As part of his Ph.D. research, BGU researcher Tom Mahler has developed a technique using artificial intelligence that analyzes the instructions sent from the PC to the physical components using a new architecture for the detection of anomalous instructions.
“We developed a dual-layer architecture for the protection of medical devices from anomalous instructions,” Mahler says. “The architecture focuses on detecting two types of anomalous instructions: (1) context-free (CF) anomalous instructions which are unlikely values or instructions such as giving 100x more radiation than typical, and (2) context-sensitive (CS) anomalous instructions, which are normal values or combinations of values, of instruction parameters, but are considered anomalous relative to a particular context, such as mismatching the intended scan type, or mismatching the patient’s age, weight, or potential diagnosis.
“For example, a normal instruction intended for an adult might be dangerous [anomalous] if applied to an infant. Such instructions may be misclassified when using only the first, CF, layer; however, by adding the second, CS, layer, they can now be detected.”
The research team evaluated the new architecture in the computed tomography (CT) domain, using 8,277 recorded CT instructions and evaluated the CF layer using 14 different unsupervised anomaly detection algorithms. Then they evaluated the CS layer for four different types of clinical objective contexts, using five supervised classification algorithms for each context.
As well as medical uses, CT technology is also commonly used in airport security equipment and other security scanning applications.
Adding the second CS layer to the architecture improved the overall anomaly detection performance from an F1 score of 71.6%, using only the CF layer, to between 82% and 99%, depending on the clinical objective or the body part. Furthermore, the CS layer enables the detection of CS anomalies, using the semantics of the device’s procedure, an anomaly type that cannot be detected using only the CF layer.
A recent white paper by Ordr reported that “10% to 19% of medical devices run Windows operating systems that are Windows 7 or older and likely haven’t received necessary security updates”. Ordr found several instances where Facebook and YouTube applications were running on MRI and CT machines, probably using outdated operating systems like Windows XP, making the devices prime targets for cybercriminals when connected to the public internet. Ordr’s July 29 report also revealed that 86% of healthcare deployments had more than 10 U.S. Food and Drug Administration recalls against their medical IoT devices.
Mahler previously warned of the risks of cyberattacks on complex medical devices in 2017 in a paper that predicted major challenges for both device manufacturers and healthcare providers. In that paper, he pointed to the WannaCry attack in May 2017 as an example of vulnerability, and explained how common techniques for securing a computer, such as installing anti-virus protection, are insufficient.
And in 2019, another BGU team revealed how hackers can access a patient’s 3-D medical scans to add or remove malignant lung cancer, and deceive both radiologists and artificial intelligence algorithms.
Mahler will present his latest research, “A Dual-Layer Architecture for the Protection of Medical Devices from Anomalous Instructions” on August 26 at the 2020 International Conference on Artificial Intelligence in Medicine (AIME 2020), which will be held virtually. Mahler is a Ph.D. candidate under the supervision of BGU Profs. Yuval Elovici and Prof. Yuval Shahar in the BGU Department of Software and Information Systems Engineering (SISE). Both also participated in the study along with Dr. Erez Shalom, a senior researcher in the Medical Informatics Research Center.
