Evolving Cyberthreats in Radiation Oncology: Know What's New In It
Updated on: 20/05/2022
273 Views | 0 Comments
The contemporary image guided radiation therapy is completely dependent on the information technology and the applications that store data just like any other digital technology and it is at risk from the cyberattacks. The cyberthreats in radiation oncology is a major threat that the medical institutes are currently facing. On this occasion of World Cancer Day, we are presenting you the various cyberthreats and mitigation methods associated with radiation oncology.
Table of Contents
- What Happened In The Radiation Oncology By Far?
- Pandemic Related Crime Phishing Themes
- Cybersecurity Risks In 2022 & Beyond
- Cyberattacks Affecting The Radiation Oncology Providers
- Hackers Can Now Dupe The Radiologists & AI Software For Manipulating The Lung Cancer Scans
- The Recommendations Of The Critical Controls
What Happened In The Radiation Oncology By Far?
In the fourth quarter of last year, the healthcare institutions of the United States of America had been subjected to a series of coordinated attempts for breaching their cyber defenses with criminal intent. Regrettably, in some of the cases, these cyber attacks have been successful. This resulted in the detriment to the patient care.
As per the Cybercrime Magazine, the global cybercrime damage in 2021 had amounted to $16.4 billion a day, $684.9 million an hour, $11 million per minute, and $190,000 per second. The World Economic Forum has also estimated that the likelihood of detecting as well as prosecuting the perpetrators of the cyberattacks in the US is at a dismal 0.05%.
During the fall of 2020, the federal government of the US had issued a joint advisory warning that the Federal Bureau of Investigation, Cybersecurity and Infrastructure Safety Agency, and Department of Health and Human Services possess credible information of an increased and imminent cyberthreat to the U.S. hospitals and the healthcare providers.
More recent to this is when the Director of the Federal Bureau of Investigations compared the increase in the ransomware attacks on the U.S. infrastructure to the threat of the September 11 attacks of the terrorists. In New Zealand, ransomware incidents have been lately labeled as being worse than the coronavirus disease of 2019 or the COVID-19 in terms of the impact on the patients with cancer.
At least in some of the regions of the world as the worst disruptions of the Covid-19 pandemic have passed, the upcoming pervasive disruptive threat to the medical profession seems to be cybersecurity risks. Owing to this development, the American Society for Radiation Oncology's Advances in Radiation Oncology has inaugurated a special manu category devoted to the cybersecurity issues.
In 2014, a study revealed that 94% of the healthcare institutions have fallen prey to the cyberattacks. Based on a Medical Information Technology Advisors Threat Information Platform analysis of incidents related to the Asian-Pacific, United States, and European Union, and several other threat intelligence agencies had reported that the huge number of business email compromise and the ransomware incidents from the phishing attacks or through the open sale of the stolen credentials on the dark web platforms are growing fast and quickly becoming the #1 risk for the healthcare organizations.
In recent years there has been an increase in the phishing occurrences and cyberthreats in radiation oncology from the “trusted” organizations or the abused services. The phishing emails will always hang in itself a financial reward or something that looks too good to be true bearing an urgency or even a strict deadline to perform a specific action. Some of the other attempts include a promise to show something that is forbidden or exciting or even threatening with the negative consequences or punishment. Often a phishing email will have an unexpected attachment, link to update your password or spoofed website. If this happens, you are required to call the sender to verify the legitimacy of the email. It is probably the best step before taking any action.
The United States has seen a steep rise in ransomware, especially comes from the ransomware as a service group and uses the double extortion or the triple extortion tactics. All the data are encrypted, exfiltrated from the attacked healthcare organization and the groups then threaten to publish the data. They sometimes extort the patients directly and finally threaten the distributed denial of service attack.
It is a fact that the U.S. Department of Health and Human Services, Health Sector Cybersecurity Coordination Center has discovered that 60% of the global cyber incidents during the first half of 2021 had targeted the healthcare providers and has affected the U.S. health sector. The ransomware incidents are quickly becoming linked to the data breaches as in at least 72% of the ransomware incidents, the victims’ data have been leaked.
In an analysis, it was revealed that 5275 cybersecurity breaches had been reported last year. The number one method that had been used had been social engineering. 85% of those breaches involved a human element in a targeted organization. The threat to the healthcare organizations in the recent years have moved from the malicious internal actors to the external organizations. Medical data including the personal data is the most commonly stolen piece of information in a security breach with financial motivation behind the 91% of the attacks.
Pandemic Related Crime Phishing Themes
It has been revealed that the usual scam tactics inclusive of the fear based themes prove to be successful with just a couple of changes in frequency. There have also been some techniques abusing the legit services for bypassing the protections. Various themes on the COVID-19 situation such as the Work From Home initiative, secure document exchanges, registration renewals, and even local festivals have been used extensively to trick the victims into permitting these attacks.
Below are some of the most prominent COVID-19 themes or the types of cyber attacks that are successfully used in e-crime phishing schemes during the pandemic.
- Exploitation of the individuals searching for details on disease tracking, testing as well as treatment.
- Impersonation of the medical bodies including the U.S. Centers for Disease Control and Prevention as well as the World Health Organization.
- Financial assistance and the government stimulus packages.
- Tailored attacks against the employees who are working from home.
- Scams that offer personal protective equipment.
- Passing mention of the coronavirus disease of 2019 within the previously used phishing lure content such as the invoices, deliveries and purchase orders.
The existing disruptions in healthcare globally had presented new vulnerabilities for cybercrime. Some of the cybercrime organizations have also announced that they have no intention to impact the healthcare organizations during the Covid 19 pandemic. Although it is still unclear how well they had adhered to their pledges.
The other organizations such as the Wizard Spider had intentionally targeted the healthcare organizations by the end of October 2020. It was the time when there was a increased medical facility utilization as the clinics and the hospitals were under the rising pressure from the outbreak of the influenza season and the pandemic fall surge that mirrored a similar approach used against the other industries of deliberate targeting at times of the institutional stress like the educational institutions at the start of the 2019 school year.
The malevolent actors have made malware and phishing smarter by making use of the new techniques for bypassing the sandbox detonations like the artificial network environments that have been designed to trigger malware in a closed network. These are continuously rising making use of the trusted compromised accounts and services for launching their attacks. The third party supply chain risks and the Internet of Things (IoT) environment is making the threat management complex and thus maximizes the attack surface.
Cybersecurity Risks In 2022 & Beyond
The World Economic Forum had estimated that the attacks on Internet of Things devices had soared by 300% in 2019. The rise in the number of individuals currently working from home has also added more risks and additionally increased the complexity in combating the attacks. The healthcare organizations are typically striked by the well organized crime and state-sponsored actors. The predicted cost of ransomware damage back in 2021 ($20 billion) is 57 times more than the actual cost in 2015.
Last but not least is the lack of collaboration, correlation and communication between the service providers and the IT or Information Technology partners that increases the ease with the help of which the attackers can affect a vast range of the targets. Below are some of the cyberthreats or the types of cyber attacks that the organizations face:
- Phishing including the compromise of the business email.
- Ransomware attacks consisting of the DDoS or Distributed Denial of Service.
- Hacking of the unpatched software and the external services such as remote desktop protocol, virtual private network, file transfer protocol, databases.
- Software vulnerabilities and misconfigurations.
- Lack of monitoring and security logging.
- Third-party supplier's security such as cloud, Internet of Things, and apps.
- Inadequate processes such as patching, backup, and change management.
- Technical debt or legacy software and the surged attack surface.
- User-based mistakes and cyber awareness such as technical, operational, and user literacy.
- Threat identification and incident response.
Cyberattacks Affecting The Radiation Oncology Providers
The technological advancements in the treatment of cancer persist to improve the patient outcomes. However, owing to the reliance on technology, the radiation oncology practices are more prone to various cyberattack exposure. In the recent past, the radiation therapy treatments could be delivered from the information that is recorded completely on the paper printouts and the handwritten charts.
The localizations had been achieved depending on the gross anatomy or the skin markings bearing wide margins to account for the setup error. Thus, the treatment delivery could be isolated completely from the treatment plan creation. It was indeed the default paradigm prior to the invention of the record as well as the verification systems.
Contemporary radiation therapy requires the loading and creation of 3-Dimensional (3D) datasets for the localizations and the delivery of a complex treatment plan consisting of hundreds of control points that each contain hundreds of nodes of data giving the linear accelerator instructions on the positioning of each of its subsystems. However, the delivery of the single systems might require the loading, creation, and management of gigabytes of data. This has resulted in an exponential growth in radiation therapy data. On the contrary, it has also a critical dependence on these vulnerable network systems to deliver treatment.
The cyber attacks in India in all medical spheres including the radiation oncology has evolved much more. The cyber criminals are adopting new techniques to exploit the medical data through the medical imaging scans and the instruments that are used to store the data. Thus, the cyber security in India also calls for serious lookout to educate and create awareness amongst the people, especially the medical staff. Additionally, taking help from the best cybersecurity companies in India consisting of the experts offering their expertise is one of the best measures that you can adopt.
Hackers Can Now Dupe The Radiologists & AI Software For Manipulating The Lung Cancer Scans
By saying this, the hackers can access the 3D medical scans of a patient for adding and removing the malignant lung cancer. Additionally, they can deceive both radiologists and artificial intelligence algorithms used to aid diagnosis overwhelmingly as per the study published by the Ben-Gurion University of the Negev (BGU) cybersecurity researchers on April 3 2021.
A 3D CT scan consists of a series of X-Ray images that are being taken from the various angles around the body. It also uses computer processing for creating the cross sectional images or slices of the blood vessels, bones and soft tissues. The CT scan images offer more in-depth information than the regular X-Rays and are readily used for the diagnosis of infectious diseases, cancer, heart diseases and more. Similar to this is an MRI scan. However, it makes use of powerful magnetic fields for the diagnosis of joint, bones, cartilage and ligament conditions.
The notorious attackers causing cyberthreats in radiation oncology can tamper with the scans to cause a misdiagnosis for ransomware, insurance fraud, cyber-terrorism and even murder. The attackers can also automate the entire process in a malware that can affect the network of the hospital.
“Our research shows how an attacker can realistically add or remove medical conditions from CT and MRI scans,” says Dr. Yisroel Mirsky, lead researcher in the BGU Department of Software and Information Systems Engineering, project manager and cybersecurity researcher at BGU’s National Cyber Security Research Center. “In particular, we show how easily an attacker can access a hospital’s network, and then inject or remove lung cancers from a patient’s CT scan.”
The attacker holds complete control over the size, number and location of the cancers while they preserve the same anatomy from the original, the complete resolution 3D image. This is a significant threat as the 3D medical scans are considered to offer more definitive evidence than the preliminary 2D X-Rays. To demonstrate the feasibility of the attack with permission, the researchers had broken into the network of an actual hospital and had intercepted all the scans taken by a CT scanner.
“The scans were not encrypted because the internal network is usually not connected to the internet. However, determined intruders can still gain access via the hospital’s Wi-Fi or physical access to the infrastructure,” Dr. Mirsky says. “However, these networks are now being connected to the internet as well, which enables attackers to perform remote attacks.”
In order to inject and remove the medical conditions, the researchers had used a deep learning neural network known as the generative adversarial network (GAN). The GANs have been used in the past for generating realistic imagery like the portraits of non-existent people. The researchers revealed how a 3D conditional GAN can be utilized efficiently to manipulate the high resolution 3D medical imagery. The architecture CT-GAN utilizes two of these GANs - one trained to inject the cancer and the other trained to remove cancer.
The BGU researchers verified the effectiveness of the attack by training the CT GAN to inject and/or remove the lung cancer utilizing the free medical imagery off the internet. They had hired three radiologists for diagnosing a mix of 70 tampered as well as 30 authentic CT scans.
It has been found that when the CT scans of the healthy individuals were injected with cancer, the radiologists had misdiagnosed 99% of them as being malign. When the algorithm removed the cancers from the original cancer patients, the radiologists had misdiagnosed 94% of the patients as being healthy. After the radiologists were informed of the attack, they could not at that point differentiate between the authentic and the tampered images. They have already misdiagnosed 60% of those with the injections and the 87% of those with the removals.
“In addition to the radiologists, we also showed how CT-GAN is an effective adversarial machine learning attack,” Dr. Mirsky says. “Consequently, the state-of-the-art artificial intelligence lung cancer screening tools, used by some radiologists, are also vulnerable to this attack.”
The researchers had proposed some immediate countermeasures that can mitigate most of the threats. One most important solution is to enable encryption between the hosts in the radiology network of the hospitals. In addition to this, some of the hospitals can enable the digital signatures so that their scanners can sign each of the scans bearing secure marks of authenticity. If this approach is properly followed, the administrators must then ensure that the proper signatures are being utilized and that the end devices are correctly verifying these signatures.
“Another method for testing the integrity of the images is to perform digital watermarking (DW), the process of adding a hidden signal into the image such that tampering corrupts the signal and thus indicates a loss of integrity,” Dr. Mirsky says. “Unfortunately, the vast majority of medical devices and products currently do not implement DW techniques.”
The Recommendations Of The Critical Controls
The following are some of the top recommendations and the types of cyber security measures requiring adoption for the critical controls.
- Requirement of multi-factor authentication for all the identities and alert on unusual behavior.
- Regular updation of software including the operating systems, firmwares and applications on the IT network assets in a timely fashion.
- Implementation of the endpoint detection and the response tools as well as systems that can block and alert on the malicious activity.
- Enabling rigid email protection filters for preventing phishing emails from reaching the end users. Additionally, filtration of emails are necessary that might contain the executable files and the macros that otherwise might reach the end users.
- Maintaining the offline, encrypted backups of data and the regular testing of the backups.
- Implementing user awareness training programs and stimulating the attacks for ransomware, phishing and the other attack types.
- Reviewing the network segmentation and limiting the administrative access depending on the least privilege principles.
- Setting antivirus or antimalware programs for conducting regular scans of the Information Technology network assets making use of the up-to-date signatures.
- Filtration of the network traffic to prohibit the incoming and outgoing communications with the known malicious IP addresses.
- Conducting frequent cyber risk assessments on both the external and the internal assets.
- Timely reviewing of the advisories that are sent by the local and the national cyber security and information sharing and analysis centers.
- Reviewing the third-party service risks, especially those that are related to remote access and IT management.
- Practicing business continuity and the incident response plans.
- Increasing the vigilance in monitoring, detecting and quickly responding to suspicious activities.
- Implementing centralized logging and the managed security operation services.
- Conducting staff education based on the cyber security threats that are adapted to the nature of the most latest threats.
The socially engineered ransomware attacks are the preliminary cyberthreats in radiation oncology and also to the other medical organizations at this point. Particularly, these cyber attacks target the unsuspecting individuals within the healthcare entities and not directly attacking the technical defenses of a system. Routine education of the company staff on the healthy security practices while working in a digital or electronic environment can diminish the risk of a successful ransomware attack.