Telemedicine: PREDICTING MALWARE IN HEALTH IT SYSTEMS
Lead Institution: University of Massachusetts Amherst
Project Leader: Kevin Fu
Malware infection on medical devices in clinical settings happens and can cause devices to halt. In this work, we investigate the prevalence of malware at the University of Michigan’s health system and model possible infection patterns based on the topology of the clinical network.
Focus of the research/Market need for this project
Conventional computer viruses cause downtime of clinical computing systems. Lack of causal understanding leads to uncertainty and underutilization of health IT systems and electronic medical records.
This research is critical to understand how to plan effective incident responses for medical malware epidemics. The study will find cost effective ways to control the spread of malware that otherwise inhibits the meaningful use of health IT systems.
Quantify the spread of malware in a clinical environment, find the most influential factors affecting containment of infections. Model infection paths.
Key Conclusions/Significant Findings/Milestones reached/Deliverables
In the case study of the University of Michigan’s health system, the network was surprisingly clean, although vulnerable machines are still present on the network. The sample point we have indicates that the training and awareness of the IT group seems to play a significant role in abating malware infection on the network. However, the situation might not be representative and not sustainable given the prevalence of machines open to exploits. We are thus building a simulation to model the spread of malware, should an infection happen.
The results could be applicable to other settings with similar monocultures, such as process control networks.
Additions to this work is being done on the TH&W program: http://thaw.org/
Materials Available for Other Investigators/interested parties
- Report disseminated to healthcare professionals and system designers. Outreach via talks and digital media.
- Detailed discussion of the analysis was presented to the University of Michigan Health System IT group, the Medical Center Information Technology (MCIT).
Market entry strategies
Dissemination to relevant regulatory and standards bodies, contributed to text of best practices recommendations in the Association for the Advancement of Medical Instrumentation (AAMI) TIR-57.
AAMI TIR57/Ed. 1, Principles for Medical Device Information Security Risk Management
Under Review’ 2014