Abstract
The discovery of adversarial examples has raised concerns about the practicaldeployment of deep learning systems. In this paper, we argue that the field ofmedicine may be uniquely susceptible to adversarial attacks, both in terms ofmonetary incentives and technical vulnerability. To this end, we outline thehealthcare economy and the incentives it creates for fraud, we extendadversarial attacks to three popular medical imaging tasks, and we provideconcrete examples of how and why such attacks could be realistically carriedout. For each of our representative medical deep learning classifiers, bothwhite and black box attacks were both effective and human-imperceptible. Weurge caution in employing deep learning systems in clinical settings, andencourage research into domain-specific defense strategies.