The pace of digitization and interconnection of hospital systems has increased tremendously as recent healthcare legislation has encouraged the interoperation of medical record systems. In addition to ordinary business operations data, hospital enterprise networks now carry patient record data and life-critical data streams from therapy systems (e.g., nuclear medicine, dialysis clinical systems). Unfortunately, the security implications of interconnecting such life-critical systems has been largely unstudied. This project is performing a large-scale analysis of the University of Florida Health System to detect the presence of malware and security weaknesses and determine whether security best-practices and techniques are sufficient to protect life-critical and privacy-sensitive medical systems.
While multiple recent studies have shown that individual medical devices are vulnerable to attack, none have assessed the current state of security at scale across medical organizations. This project is conducting a large-scale analysis of the current security posture of the University of Florida Health System to inform a data-driven approach to vulnerability mitigation. The researchers are first characterizing the security posture of the system through network-based measurements of malware presence (via Domain Name System (DNS) resolutions) and use of proper encryption practices (via inspection of X.509 certificates). The project is next developing techniques to dynamically fingerprint and limit risky communications patterns and inject strong certificates into communication flows. Finally, the project is developing techniques to predict devices at risk using algorithms that detect abnormal communication patterns via contact graphs.