In early May 2018, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released an advisory regarding the safety issues in the Philips Brilliance CT scanner which can compromise the system functionality. How severe could be an impact caused by revealed breaches, and which other safety gaps exist in the medical imaging systems?
On May 3, the ICS-CERT advisory pointed out the security flaws in some of the Philips Brilliance CT scanner models. The reported vulnerable models are the Brilliance 64 version 2.6.2 and below, Brilliance iCT versions 4.1.6 and below, Brilliance CT SP versions 3.2.4 and below, and Brilliance CT Big Bore 2.3.5 and below.
Regarding the ICS statement, the problem is rooted in the way the devices operate user functions. All the listed scanners run their software within a contained kiosk (or a single-use) mode in a Microsoft Windows operating system which by default boots with increased Windows privileges. Potentially, a user or hacker can get an unauthorized access to internal data including the passwords and cryptographic keys.
However, up until the advisory release, Philips received no notifications regarding accidents caused by the specified issue. Also, the manufacturer emphasizes that the vulnerability can only be exploited via the physical access to a device and recommends “restricting physical access of the scanner to only authorized personnel, thus reducing the risk of physical access being compromised by an unauthorized use”. According to Philips' statement, the hardcoded security credential issues were eliminated in all Brilliance devices version iCT 4.x and above.
The safety problem seems hence not as complex as it might sound. The need for a direct physical access to the equipment system closes up possibilities for external attackers to take advantage of this issue in most hospitals who care about their cybersecurity.
However, at present, Philips continues to assess security issues on its imaging machines, and other medtech giants like Siemens, Lantech, and Medtronic look into the potential risks of remote threats to their products. But, although the manufacturers react fast and release the proper updates in the shortest possible time, there is a chance for adverse events to occur before the response is even available.
One of such events is still a matter for discussion in the field of cybersecurity. A little more than a year ago, the "WannaCry" ransomware virus attack caused a collapse in thousands of healthcare institutions around the world. According to a British National Audit Office report released in April 2018, during the attack, 81 NHS Trusts, 603 primary care organizations, and 595 general practices in England and Wales were affected and could not come about their usual processes.
The vulnerability which allowed the malware to infect and spread among these institutions was in the already mentioned Windows operating system, and it turned out to be outdated in the majority of hospitals. Usually, medical imaging devices are cut off the general networks and plugged into Virtual Local Area Networks (VLANs) which is intended to provide a protection from the unauthorized external remote access. However, this network also includes devices such as phones, PCs, printers, and gadgets, all of which can be targeted by attackers to reach the actual imaging devices.
Tom Mahler and co-authors from the Cyber-Security Research Center of the Ben-Gurion University of the Negev in Beer-Sheva, Israel, report that among the medical imaging devices, CT-scanners are the most vulnerable for cyber attacks because they are most commonly used in hospital settings. A disruption, according to the researchers, can affect the functionality of CT scanners in the following ways: change the physical parameters of a scanning session (e.g. the radiation level), disrupt the scanner mechanics (for example, change the pitch), interfere with image construction from obtained signals, and lead to a denial-of-service.
Because of this, it is crucial that medical institutions and their respective authorities, hospital security engineers, and medical imaging system users be aware of possible vulnerabilities. The problem of medical imaging devices' cybersecurity seems to be underestimated. Proper local safety protocols should be worked out in such a way that considers the possible sources and routes of cyber attacks. Timely software and hardware maintenance should also not be denied in order to deter the possible attacks.
Sources:
1. Mahler, T., Nissim, N., Shalom, E., Goldenberg, I., Hassman, G., Kochav, I., Elovici, Y. and Sahar, Y. (2018). Know Your Enemy: Characteristics of Cyber-Attacks on Medical Imaging Devices. In: RSNA Conference 2017. [online] Chicago: The Radiological Society of North America. Available at: https://arxiv.org/ftp/arxiv/papers/1801/1801.05583.pdf [Accessed 13 Jun. 2018].
2. Philips. (2018). Philips Healthcare | Product Security. [online] Available at: http://www.philips.com/productsecurity [Accessed 13 Jun. 2018].
3. The National Audit Office (2017). Investigation: WannaCry cyber attack and the NHS. [online] London: The National Audit Office. Available at: https://www.nao.org.uk/wp-content/uploads/2017/10/Investigation-WannaCry-cyber-attack-and-the-NHS.pdf [Accessed 13 Jun. 2018].
4. The National Cybersecurity and Communications Integration Center (2018). Advisory (ICSMA-18-123-01) Philips Brilliance Computed Tomography (CT) System. [online] ICS-CERT. Available at: https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01 [Accessed 13 Jun. 2018].
5. Theregister.co.uk. (2018). Imagine you're having a CT scan and malware alters the radiation levels – it's doable. [online] Available at: https://www.theregister.co.uk/2018/04/11/hacking_medical_devices/ [Accessed 13 Jun. 2018].