麻豆区

Skip to main content Skip to search

YU News

YU News

AI System Would Help Protect Connected Medical Devices from Cyberattacks

Evelyn Chipangura, a student in the Katz School鈥檚 M.S. in Cybersecurity, developed a cyber system that acts like a police officer for a hospital network. It continuously watches traffic flowing between connected medical devices and looks for suspicious behavior. When it detects a potential attack, it immediately alerts security teams and can automatically isolate affected devices before damage occurs.

By Dave DeFusco

Modern hospitals depend on connected medical devices to care for patients. Devices such as heart monitors, infusion pumps, pulse oximeters and ECG machines constantly collect and share information. Together, these connected systems are known as the Internet of Medical Things, or IoMT.

While these devices help doctors and nurses provide better care, they also create new cybersecurity risks. If attackers gain access to a medical device, they could disrupt treatments, steal sensitive information or even put patients in danger. That challenge inspired Evelyn Chipangura, a student in the Katz School鈥檚 M.S. in Cybersecurity, to develop her capstone project, 鈥淚oMT Anomaly Detection System, with GRC Integration.鈥

鈥淢y goal was to create a system that could detect cyberattacks against medical devices in real time, automatically respond to threats and help healthcare organizations maintain compliance with security regulations,鈥 said Chipangura.

The system acts like a police officer for a hospital network. It continuously watches traffic flowing between connected medical devices and looks for suspicious behavior. When it detects a potential attack, it immediately alerts security teams and can automatically isolate affected devices before damage occurs.

At the heart of the platform is an artificial intelligence model called LightGBM. Chipangura trained the model using more than 1.8 million examples of network activity from medical devices.

鈥淲e wanted the system to recognize multiple types of attacks, including denial-of-service attacks, spoofing attacks, reconnaissance activity and malicious command injections,鈥 said Chipangura. 鈥淭he model achieved 98% accuracy while classifying six different categories of network traffic.鈥

The research focused on a growing problem in healthcare cybersecurity. Many medical devices were designed primarily for patient care, not security. As a result, they often lack strong built-in protections and can become attractive targets for attackers.

鈥淐ompromised medical devices are not just an IT problem,鈥 said Chipangura. 鈥淭hey can directly affect patient safety and disrupt critical clinical operations.鈥

The platform begins by collecting network traffic from devices such as infusion pumps, heart monitors and pulse oximeters. It analyzes information such as packet size, communication patterns, timing and network protocols. The AI system then determines whether the activity is normal or potentially malicious. One of the project鈥檚 most important features is its automated response capability.

鈥淥nce an attack is detected, the system can block the attacker鈥檚 IP address, isolate the affected device, notify clinical staff and security analysts, and create a complete audit record,鈥 said Chipangura.

She described a scenario involving a network-connected infusion pump in an intensive care unit.

鈥淚f an attacker attempted to send malicious commands to change a patient鈥檚 medication dosage, our platform could detect the abnormal traffic, isolate the device and stop the attack before it reaches the patient,鈥 said Chipangura.

The project also integrates Governance, Risk and Compliance, commonly known as GRC. This feature helps hospitals demonstrate compliance with healthcare and cybersecurity standards, including HIPAA, NIST 800-53 and ISO 27001.

鈥淪ecurity teams often detect threats while compliance teams separately gather audit evidence,鈥 said Chipangura. 鈥淥ur platform automatically connects those activities, reducing audit preparation from weeks to hours.鈥

The system records every security event, response action and compliance requirement in a centralized dashboard. Security analysts can view alerts, track risks, monitor devices and review detailed audit trails in real time.

Her advisor and instructor, Leon Flaksin, believes the research addresses a critical need in modern healthcare.

鈥淗ealthcare organizations are connecting more medical devices than ever before, which dramatically expands their attack surface,鈥 he said. 鈥淓velyn鈥檚 work demonstrates how artificial intelligence, automated response and compliance monitoring can work together to strengthen cybersecurity while protecting patient safety.鈥

Share

FacebookTwitterLinkedInWhat's AppEmailPrint

Follow Us