To test the effectiveness of the attack, the researchers conducted a blind study in which a radiologist was asked to diagnose conditions based on a CT scan by computed tomography, of which some had been modified with the help of the malware. When they presented themselves with scans with false cancer nodules, radiologists came back with a diagnosis of cancer 99% of the time. When the malware was used to hide real cancer nodules, radiologists issued an excellent health check in 94% of the cases.
Even when radiologists have learned that the scanners have been modified, they still struggle to make a correct diagnosis. When they received a second set of images with a warning that some had been altered, health professionals were still led to believe that computer-generated nodules were real 60% of the time. When the malware was used to remove nodules, 87% of the readings incorrectly determined that the patient was in good health. Humans undergoing the test should not feel uncomfortable, however: the testing software used to confirm the diagnostics responded to malware every turn.
The good news is that the malware was created by security researchers and not by malicious actors. It is therefore unlikely that this tool will appear in nature. But he should raise red flags for health professionals. Hospitals have already been the target of cyber attacks, but the stakes are usually more immediate: Ransomware locks systems up until fees are paid. An attack like the one described by the researchers would be more insidious and could create a distrust of the essential systems.