Researchers used a malware attack to deceive both radiologists and AI algorithms into misdiagnosing CT scans
A radiologist can misdiagnose a scan for a number of reasons. Maybe they missed an abnormality, or judged the test as normal when there was actually an issue, or identified one problem but not another. And while the introduction of artificial intelligence and machine learning has instilled greater confidence in diagnoses, does the addition of these tools mean that radiologists can’t still get the wrong result? Or even be deceived into getting the wrong one?
Cybersecurity researchers at Ben-Gurion University of the Negev in Israel are saying yes to this last question, after using a malware attack to trick both radiologists and artificial intelligence algorithms into making wrong diagnoses in a series of CT scans.
“Many researchers have warned that AI cannot be fully trusted because they can be easily fooled (especially in the case of image recognition),” Dr. Yisroel Mirsky, lead researchers in the BGU department of software and information systems engineering (SISE) and project manager and cybersecurity researcher at BGU’s National Cyber Security Research Center, told HCB News. “Researchers are currently working hard to make these algorithms robust to 'adversarial attacks'. But until then, we have the responsibility to double check the decisions of AI to ensure that there is no foul play, and use medical AI as a tool for assisting the detection process, but not replace it.”
For those who need to move fast and expand clinical capabilities -- and would love new equipment -- the uCT 550 Advance offers a new fully configured 80-slice CT in up to 2 weeks with routine maintenance and parts and Software Upgrades for Life™ included.
Using two 3D-conditional, generative adversarial networks (GAN), the researchers – with permission – hacked into a hospital’s internal network, and proceeded to add or remove malignant lung cancer findings and replace them with medical imagery from the internet. They then hired three radiologists to make diagnoses for 70 tampered and 30 authentic CT scans.
The three misdiagnosed 99 percent of healthy scans inserted with cancer imagery as malignant, and 94 percent of patients with cancer as healthy, even after applying algorithms to remove malignancies from the scans of those with cancer.
Once informed of the attack, the radiologists were still unable to tell the difference between the tampered and authentic images, misdiagnosing 60 percent of those with images inserted, and 87 percent of those that had cancers removed.
While confident that mistakes such as these will encourage providers to seek out more ways to combat cyberattacks, Mirsky does not see them reaching the same level of protection as other industries anytime soon.
