Armis Protects Medical Images from Deepfake Attack

By Jack Marsal, Senior Director of Product Marketing

In early April, security researchers published a paper outlining how an attacker could tamper with medical images produced by MRI machines and CT scanners. The altered images would have cancerous nodules removed from or added to the images.

The “deepfake” scam was highly effective. According to the Washington Post, when the attackers altered images to add or remove the cancerous nodules, the radiologists were fooled over 95 percent of the time.

How The Attack Worked

• The initial attack. The researchers penetrated the hospital network by means of a network attack using a hidden Raspberry Pi device. It took them 30 seconds. They did it at night, disguised as cleaning people.
• The data grab. The researchers found that most hospital networks – including the one that they chose to conduct their research on – do not configure their imaging systems to utilize the optional encrypted transmission modalities (TLS or HTTPS) that are possible with some imaging systems. So, the researchers used the Raspberry Pi to grab unencrypted CT scan images while they were in transit on the network.
• The data tamper. The researchers used an artificial intelligence device called a generative adversarial network (GAN) to realistically inject or remove medical conditions (e.g. cancer) from CT scan images.
• Results. The researchers report that their technique was over 95% effective at fooling doctors when they (the researchers) removed or added signs of cancer from CT scan images.

Medical Devices Are Exposed

The attack surface for this type of exploit is extremely large. According to several people that were contacted by the Washington Post and the researchers themselves, encryption of DICOM images in healthcare delivery environments is not standard practice. There are three reasons for this:

1. Many older PACS (Picture Archiving and Communication System) software systems don’t include any form of encryption. It’s just not an option.
2. Hospitals sometimes choose to not configure their PACS servers to encrypt transmissions for compatibility reasons. The PACS server has to communicate with older systems that might not have the ability to decrypt or re-encrypt images.
3. Many hospitals still operate under the assumption that all the data that is transmitted on their internal network is safe. Regulations require that healthcare data be encrypted if it is transmitted off-premises, but there is no requirement to encrypt data that stays on-premises.

So without encryption, the DICOM images can be attacked while in transit or while at rest. This opens up a large number of attack vectors:

1. Attack the network using a man-in-the-middle device such as a Raspberry Pi
2. Attack the network using a compromised Wi-Fi access point that has been exploited via KRACK or BLEEDINGBIT attacks
3. Attack a workstation in the hospital using a phishing attack, then move laterally to the PACS server
4. Attack a remote site (e.g. a partnered hospital or clinic), then move laterally to the PACS server
5. Exploit known vulnerabilities on the PACS server, some of which have hard-coded credentials that can be used to create admin accounts. A quick search on exploit-db.com reveals seven implemented exploits for PACS servers in 2018 alone.
6. Exploit vulnerabilities on MRI or CT scanners. The US Department of Homeland Security advised in 2018 that the Philips Brilliance CT scanner could be compromised via several different “low skill” vulnerabilities.

In addition, many PACS systems contain built-in web access solutions, such as Centricity PACS (GE Healthcare), IntelliSpace (Philips), Synapse Mobility (FujiFilm), and PowerServer (RamSoft). Many other PACS systems are directly exposed to the Internet. The researchers noted that “a quick search on Shodan.io reveals 1,849 medical image (DICOM) servers and 842 PACS servers exposed to the Internet.”

Armis has seen this to be the case. Within our customer environments, we have seen many CT scanners that transmit DICOM images without any encryption.

How Armis Helps

Armis can help prevent an attack against medical images in hospital environments. The Armis platform passively monitors all traffic in the hospital. Deep packet inspection tells us what the traffic is and whether it is encrypted. Once the Armis platform detects that a device is sending medical images in an unencrypted format, the Armis platform will alert hospital security staff, such as the one shown below.

Our alerts are clear and easy to understand. Each alert states what we saw, explains the risk and includes recommendations on how you can mitigate the risk. By ensuring that all medical images are encrypted while at rest and in motion, healthcare delivery organizations can prevent a data tampering attack such as the one demonstrated by the researchers.

If the attack against the DICOM image is being performed while data is at rest, by malware that is resident on the system storing the DICOM image, the Armis platform can often detect the presence of the malware even though we don’t install any agents on any host systems. We do this by monitoring the communication behavior of every host. Malware typically alters the communication patterns of the host it resides on, even if just to receive command-and-control instructions from the remote attacker.
Helping healthcare delivery organizations detect these types of threats is just one of many ways that Armis is helping healthcare delivery organizations protect their patients’ safety, secure medical devices, and generally keep their businesses running smoothly and out of the headlines.