Clinical laboratories and pathology groups should be on the alert to this new digital threat; telehealth sessions and video conferencing calls particularly vulnerable to acoustic AI attacks
Banks may be the first to get hit by a new form of hacking because of all the money they hold in deposit accounts, but experts say healthcare providers—including medical laboratories—are comparably lucrative targets because of the value of patient data. The point of this hacking spear is artificial intelligence (AI) with increased capabilities to penetrate digital defenses.
AI is developing rapidly. Are healthcare organizations keeping up? The hackers sure are. An article from GoBankingRates titled, “How Hackers Are Using AI to Steal Your Bank Account Password,” reveals startling new AI capabilities that could enable bad actors to compromise information technology (IT) security and steal from customers’ accounts.
Though the article covers how the AI could conduct cyberattacks on bank information, similar techniques can be employed to gain access to patients’ protected health information (PHI) and clinical laboratory databases as well, putting all healthcare consumers at risk.
The new AI cyberattack employs an acoustic Side Channel Attack (SCA). An SCA is an attack enabled by leakage of information from a physical computer system. The “acoustic” SCA listens to keystrokes through a computer’s microphone to guess a password with 95% accuracy.
“With recent developments in deep learning, the ubiquity of microphones and the rise in online services via personal devices, acoustic side channel attacks present a greater threat to keyboards than ever,” wrote UK study authors Joshua Harrison, MEng, Durham University; Ehsan Toreini, University of Surrey; and Maryam Mehrnezhad, PhD, University of London.
Hackers could be recording keystrokes during video conferencing calls as well, where an accuracy of 93% is achievable, the authors added.
This nefarious technological advance could spell trouble for healthcare security. Using acoustic SCA attacks, busy healthcare facilities, clinical laboratories, and telehealth appointments could all be potentially compromised.
“The ubiquity of keyboard acoustic emanations makes them not only a readily available attack vector, but also prompts victims to underestimate (and therefore not try to hide) their output,” wrote Joshua Harrison, MEng (above), and his team in their IEEE Xplore paper. “For example, when typing a password, people will regularly hide their screen but will do little to obfuscate their keyboard’s sound.” Since computer keyboards and microphones in healthcare settings like hospitals and clinical laboratories are completely ubiquitous, the risk that this AI technology will be used to invade and steal patients’ protected health information is high. (Photo copyright: CNBC.)
Why Do Hackers Target Healthcare?
Ransomware attacks in healthcare are costly and dangerous. According to InstaMed, a healthcare payments and billing company owned by J.P. Morgan, healthcare data breaches increased to 29.5% in 2021 costing over $9 million. And beyond the financial implications, these attacks put sensitive patient data at risk.
Healthcare can be seen as one of the most desirable markets for hackers seeking sensitive information. As InstaMed points out, credit card hacks are usually quickly figured out and stopped. However, “medical records can contain multiple pieces of personally identifiable information. Additionally, breaches that expose this type of data typically take longer to uncover and are harder for an organization to determine in magnitude.”
With AI advancing at such a high rate, healthcare organizations may be unable to adapt older network systems quickly—leaving them vulnerable.
“Legacy devices have been an issue for a while now,” Alexandra Murdoch, medical data analyst at GlobalData PLC, told Medical Device Network, “Usually big medical devices, such as imaging equipment or MRI machines are really expensive and so hospitals do not replace them often. So as a result, we have in the network these old devices that can’t really be updated, and because they can’t be updated, they can’t be protected.”
But telehealth, according to the UK researchers, may also be one way hackers get past safeguards and into critical hospital systems.
“When trained on keystrokes recorded using the video-conferencing software Zoom, an accuracy of 93% was achieved, a new best for the medium. Our results prove the practicality of these side channel attacks via off-the-shelf equipment and algorithms,” the UK researchers wrote in IEEE Xplore.
“[AI] has worrying implications for the medical industry, as more and more appointments go virtual, the implications of deepfakes is a bit concerning if you only interact with a doctor over a Teams or a Zoom call,” David Higgins, Senior Director at information security company CyberArk, told Medical Device Network.
Higgins elaborated on why healthcare is a highly targeted industry for hackers.
“For a credit card record, you are looking at a cost of one to two dollars, but for a medical record, you are talking much more information because the gain for the purposes of social engineering becomes very lucrative. It’s so much easier to launch a ransomware attack, you don’t even need to be a coder, you can just buy ransomware off of the dark web and use it.”
Steps Healthcare Organizations Should Take to Prevent Cyberattacks
Hackers will do whatever they can to get their hands on medical records because stealing them is so lucrative. And this may only be the beginning, Higgins noted.
“I don’t think we are going to see a slowdown in attacks. What we are starting to see is that techniques to make that initial intrusion are becoming more sophisticated and more targeted,” he told Medical Device Network. “Now with things like AI coming into the mix, it’s going to become much harder for the day-to-day individual to spot a malicious email. Generative AI is going to fuel more of that ransomware and sadly it’s going to make it easier for more people to get past that first intrusion stage.”
To combat these attacks patient data needs to be encrypted, devices updated, and medical staff well-trained to spot cyberattacks before they get out of hand. These SCA attacks on bank accounts could be easily transferable to attacks on healthcare organizations’ patient records.
Clinical laboratories, anatomic pathology groups, and other healthcare facilities would be wise to invest in cybersecurity, training for workers, and updated technology. The hackers are going to stay on top of the technology, healthcare leaders need to be one step ahead of them.
This is yet another example that dogs can be highly accurate screeners for disease. But are they ready to be included in clinical laboratory diagnostic tests?
Thailand researchers have trained dogs to screen for COVID-19 infections in humans, despite the country’s “spicy and flavorful cuisine,” the AP reported. This is just the latest example of a country using dogs to identify individuals who are infected with the SARS-CoV-2 coronavirus. Clinical laboratory managers and pathologists have seen other examples of dogs being trained to identify different diseases or health conditions.
In fact, dogs have been shown to be highly accurate at spotting disease in humans and the practice is becoming common worldwide. But could dogs achieve the required clinical accuracy and reproducibility in detecting disease for the procedure to be translated into clinical practice?
Smelling Disease as a Clinical Laboratory Diagnostic
Clinical laboratory professionals are quite familiar with the concept of the human body producing volatile chemicals that can serve as biomarkers for disease or illness. Dark Daily has previously reported on multiple breath/aroma-based diagnostic clinical laboratory tests going as far back as 2013.
But it is in the use of dogs to spot COVID-19 infections in humans where this type of breath/aroma-based diagnostic test research is making a notable impact.
“Even if this approach were not warranted as a clinical diagnostic procedure, trained dogs could be deployed at airports, train stations, sporting events, concerts, and other public places to identify individuals who may be positive for SARS-CoV-2, the coronavirus that causes the COVID-19 illness,” we wrote. “Such an approach would make it feasible to ‘screen’ large numbers of people as they are on the move. Those individuals could then undergo a more precise medical laboratory test as confirmation of infections.”
According to the researchers, individuals with a COVID-19 infection emit a unique odor that is present in sweat samples. The six Labrador retrievers used in the research were able to detect the presence of COVID-19 with an impressive 95% accuracy rate in more than 1,000 samples presented to them, the AP reported.
A Labrador Retriever named Bobby (above) sniffs sample of human sweat through containers to detect COVID-19 coronavirus at Veterinary Faculty, Chulalongkorn University in Bangkok. Thailand has deployed a canine virus detection squad to help provide a fast and effective way of identifying people with COVID-19 as the country faces a surge in cases, with clusters found in several crowded slum communities and large markets. Clinical laboratory professionals and pathologists will find it interesting that the dogs are given a sample of sweat, each presented in a unique container. Thus, the dogs never are in the presence of the humans who provided the specimens. (Photo and caption copyright: AP/Sakchai Lalit)
To perform the study, the scientists placed sweat samples in metal containers and allowed the dogs to sniff each sample. If no trace of the infection was present, the dogs simply walked past the container. If the disease was detected in a particular sample, the dogs would sit down in front of the container.
Would Spicy Food Interfere with Dogs’ Ability to Detect COVID-19?
The head of the research team, Professor Kaywalee Chatdarong, PhD, noted that other countries also have been using canines to detect the presence of COVID-19. She did have some concerns that the utilization of dogs for this purpose may not work in Thailand due to their often-spicy cuisine. However, since the samples used were from students and faculty at the university, as well as people from the surrounding area, the cuisine did not seem to affect the study results, the AP reported.
Thailand is facing a surge in COVID-19 cases with recent clusters reported at construction sites, crowded neighborhoods, and large markets. The research team plans to use the canines in mobile units in communities suspected of being hotspots for the disease.
A major plus of using dogs to sniff out the disease from sweat samples is the ability to test people who may not be able to get out of their homes to be tested.
“People can simply put cotton balls underneath their armpits to collect sweat samples and send them to the lab,” Suwanna Thanaboonsombat, a volunteer who collects samples and brings them to the clinical laboratory for testing, told the AP. “And the result is quite accurate.”
According to the US Centers for Disease Control and Prevention (CDC), dogs can become infected with the SARS-CoV-2 coronavirus. However, their chances of transmitting the disease to humans is extremely low. Nevertheless, to ensure the dogs do not become infected with COVID-19 themselves, the researchers designed the sample containers to avoid contact between the samples and the dogs’ noses.
Living Animals Come with Limitations
While dogs can provide a quick and inexpensive method of testing for COVID-19, they do have limitations.
“5 p.m. is their dinner time. When it’s around 4:50, they will start to be distracted. So, you can’t really have them work anymore,” Chatdarong told the AP. “And we can’t have them working after dinner either because they need a nap. They are living animals and we do have to take their needs and emotions into consideration. But for me, they are heroes and heroines.”
Using Dogs to Detect COVID-19 in Other Countries
Last fall, the Helsinki Airport in Finland announced it would use a team of trained dogs to detect the presence of COVID-19 among visitors to the airport to ensure the health and safety of its customers and their families, and to help prevent the spread of SARS-CoV-2 in Finland.
Being tested for the coronavirus at the Helsinki airport in Finland does not require direct contact with a dog. Individuals simply need to swipe their skin with a test wipe and drop the wipe into a cup. The cup is then given to a dog that is working in a separate booth (shown above), which protects both the dog and the dog’s handler from contamination. All tests are processed anonymously and anyone testing positive for COVID-19 is directed to a health information point located at the airport. (Photo copyright: Finavia.)
“We are among the pioneers. As far as we know no other airport has attempted to use canine scent detection on such a large scale against COVID-19,” said Airport Director Ulla Lettijeff in a Finavia press release. “This might be an additional step forward on the way to beating COVID-19.”
In addition to being “man’s best friend,” dogs serve valuable purposes in the medical community. Their strong sense of smell may render them useful in the detection of and fight against illnesses, including COVID-19.
Whether the performance and accuracy of individual dogs can be validated with acceptable quality control (QC) procedures remains to be seen. Medical laboratory managers and pathologists understand the challenges presented with demonstrating accuracy and reproducibility with this method of diagnostic testing. That obstacle has prevented research outcomes from being translated into clinical practice.
