Know Your Enemy: Characteristics of Cyber-Attacks on Medical Imaging Devices

Abstract: Purpose: Used extensively in the diagnosis, treatment, and prevention of disease, Medical Imaging Devices (MIDs), such as Magnetic Resonance Imaging (MRI) or Computed Tomography (CT) machines, play an important role in medicine today. MIDs are increasingly connected to hospital networks, making them vulnerable to sophisticated cyber-attacks targeting the devices' infrastructure and components, which can disrupt digital patient records, and potentially jeopardize patients' health. Attacks on MIDs are likely to increase, as attackers' skills improve and the number of unpatched devices with known vulnerabilities that can be easily exploited grows. Attackers may also block access to MIDs or disable them, as part of ransomware attacks, which have been shown to be successful against hospitals. Method and Materials: We conducted a comprehensive risk analysis survey at the Malware-Lab, based on the Confidentiality, Integrity, and Availability (CIA) model, in collaboration with our country's largest health maintenance organization, to define the characteristics of cyber-attacks on MIDs. The survey includes a range of vulnerabilities and potential attacks aimed at MIDs, medical and imaging information systems, and medical protocols and standards such as DICOM and HL7. Results: Based on our survey, we found that CT devices face the greatest risk of cyber-attack, due to their pivotal role in acute care imaging. Thus, we identified several possible attack vectors that target the infrastructure and functionality of CT devices, which can cause: 1. Disruption of the parameters' values used in the scanning protocols within the CT devices (e.g., tampering with the radiation exposure levels); 2. Mechanical disruption of the CT device (e.g., changing the pitch); 3. Disruption of the tomography scan signals constructing the digital images; and 4. Denial-of-Service attacks against the CT device.