The hospital IT networks and medical devices that doctors rely on to treat patients are susceptible to their own maladies — computer viruses and other malware.
Whether a bug accidentally finds its way into a system, or an attacker intentionally injects one, researchers believe such breaches are happening more often with the growth of technology such as cloud computing.
Two engineering researchers from U-M are part of a national team that will work to improve the cybersecurity of the nation’s health systems.
Associate Professor Kevin Fu and Research Associate Professor Michael Bailey, both in the Department of Electrical Engineering and Computer Science, are involved in the five-year Trustworthy Health and Wellness project that has received $10 million from the National Science Foundation. The project is one of three major cybersecurity awards totaling nearly $20 million announced by NSF.
Fu and Bailey will establish methods to scientifically study the extent of malware in hospital networks. While anecdotal evidence suggests the breadth of the problem, there’s a need for high quality, reproducible measurements, the researchers say.
“Malicious software, or malware, can interrupt the function of medical devices, affecting the quality of patient care. By increasing the quality of the science, we seek to create more meaningful discussions about risks and benefits of adapting hospital networks to the threat of malware,” said Fu, who directs the Archimedes Research Center for Medical Device Security.
Malware can slow down medical devices and interfere with the integrity of their sensors, but current solutions have drawbacks.
“A challenge is to find approaches that improve the safety and effectiveness of medical devices,” Bailey said.
The team will work to establish better authentication and privacy tools, trustworthy control of medical devices and effective methods to detect malware, compute trust metrics and audit medical information systems and networks.
