AI is used to prevent cyber attacks on medical devices that could kill by causing X-Ray overdoses.
By Yakir Benzion, United With Israel
Researchers at Ben-Gurion University of the Negev (BGU) have developed a new artificial intelligence (AI) solution to prevent terrorists or criminals from hacking into hospitals and sabotaging equipment such as X-Ray machines and blood-storage refrigerators.
PhD candidate Tom Mahler from BGU’s Department of Software and Information Systems Engineering is perfecting AI techniques that will help block or reduce the threat of not just malicious hacking into medical systems, but also human errors, Design News reported this week.
Mahler uses artificial intelligence programs to check the instructions that are sent to hospital devices and computers to make sure that they are within the normal range of use. For example, if an X-Ray machine gets an instruction to use 100 times the normal dose of power, the process will be stopped and an alarm raised.
His system can detect two types of anomalous instructions, context free (CF) with an obvious example being an overdose of energy, and context sensitive (CS) attacks that at first glance might seem to be normal but are totally out of context, like giving an adult dose to an infant.
The research team evaluated the new architecture for the CT type of X-ray scans, using over 8,000 different recorded instructions for the CF layer with 14 different types of unsupervised anomaly detection algorithms. They also evaluated different CS layer scenarios.
The AI algorithms boosted the overall anomaly detection performance and showed that the new architecture could easily be incorporated into machines currently used in healthcare settings.
“One of the key problems medical device manufacturers have is that any update they make to the existing device must follow strict safety guidelines,” Mahler told Design News. “This is an expensive and time-consuming process that makes updating existing devices not practical. With our dual-layer architecture, it is possible to plug it into an existing device to make it secure.”
Mahler said his analysis can run even after a process has already been initiated.
“Even if the scan is already started, if an error is detected, the technician can quickly halt the device operation even a few seconds into the scan,” he explained.
The threat of medical cyber attacks is serious.
In 2017, Britain’s health system was crippled for several days by the global WannaCry ransomware attack that locked the computer systems at hospitals in England and Scotland and was estimated to have impacted some 70,000 devices, including computers, MRI scanners, blood-storage refrigerators and operating room equipment.
A year earlier, the Hollywood Presbyterian Medical Center in Los Angeles paid $17,000 in bitcoin to a hacker to unlock data that had been encrypted in a similar attack, which blocked access to email and vital patient data. That attack was so serious some patients were transported to other hospitals because computers had been locked out of essential tasks like running CT scans, accessing documentation, lab work and pharmacy needs.
For all medical equipment dependent on computers, Mahler’s AI programs could detect abnormal or anomalous instructions that are due not just to cyberattacks, but also to a mistake by a technician.