Yisroel Mirsky, Tom Mahler, Ilan Shelef, Yuval Elovici
Department of Information Systems Engineering, Ben-Gurion University, Israel Soroka University Medical Center. 3 Apr 2019
In 2018, clinics and hospitals were hit with numerous attacksleading to significant data breaches and interruptions inmedical services. An attacker with access to medical recordscan do much more than hold the data for ransom or sell it onthe black market.In this paper, we show how an attacker can use deeplearning to add or remove evidence of medical conditionsfrom volumetric (3D) medical scans. An attacker may performthis act in order to stop a political candidate, sabotage research,commit insurance fraud, perform an act of terrorism, oreven commit murder. We implement the attack using a 3Dconditional GAN and show how the framework (CT-GAN)can be automated. Although the body is complex and 3Dmedical scans are very large, CT-GAN achieves realisticresults which can be executed in milliseconds.To evaluate the attack, we focused on injecting andremoving lung cancer from CT scans. We show how threeexpert radiologists and a state-of-the-art deep learning AI arehighly susceptible to the attack. We also explore the attacksurface of a modern radiology network and demonstrate oneattack vector: we intercepted and manipulated CT scans in anactive hospital network with a covert penetration test.
