In 2018, clinics and hospitals were hit with numerous attacks
leading to significant data breaches and interruptions in
medical services. An attacker with access to medical records
can do much more than hold the data for ransom or sell it on
the black market.
In this paper, we show how an attacker can use deeplearning to add or remove evidence of medical conditions
from volumetric (3D) medical scans. An attacker may perform
this act in order to stop a political candidate, sabotage research,
commit insurance fraud, perform an act of terrorism, or
even commit murder. We implement the attack using a 3D
conditional GAN and show how the framework (CT-GAN)
can be automated. Although the body is complex and 3D
medical scans are very large, CT-GAN achieves realistic
results which can be executed in milliseconds.
To evaluate the attack, we focused on injecting and
removing lung cancer from CT scans. We show how three
expert radiologists and a state-of-the-art deep learning AI are
highly susceptible to the attack. We also explore the attack
surface of a modern radiology network and demonstrate one
attack vector: we intercepted and manipulated CT scans in an
active hospital network with a covert penetration test.