Category Archives: Related news

THaW’s Eric Johnson on recent health system cyberattacks

Posted on by
Reply
Eric Johnson
Eric Johnson, PhD and dean of Vanderbilt University’s Owen Graduate School of Management

Cyberattacks targeting healthcare systems have been growing in prevalence and are wreaking more havoc with the healthcare industry’s increased dependence on electronic systems. Cyberattacks such as denial-of-service attacks, can have immediate impact on patient care by leaving medical staff without important patient records. The impacts don’t end there. With healthcare systems increasing their cybersecurity protocols in the aftermath of a cyberattack, patient information can be harder to access for those who should be accessing that information. Johnson’s research with co-author S.J. Choi, PhD, shows that at hospitals where security protocols slowed computer access by just a minute or so, people who came in with a heart attack were more likely to die. “When I talk to doctors about security, a lot of times they’re very negative,” Johnson said. “So they’re pretty far behind, and at this point, incredibly vulnerable.” It’s certainly not a stretch, Johnson says, to say that delays from a ransomware attack are likely to have more serious effects.

To read more about the recent cyberattacks on healthcare systems and coverage of THaW research on those topics, check out the THaW press page.

Professor Kevin Fu appointed Acting Director of Medical Device Cybersecurity at the U.S. FDA Center for Devices and Radiological Health (CDRH)

Posted on by
Reply

Kevin Fu, THaW PI from the University of Michigan, is heading to Washington D.C. for a one-year term as Acting Director of Medical Device Cybersecurity at the U.S. FDA Center for Devices and Radiological Health (CDRH). This role includes an appointment with the Digital Health Center of Excellence (DHCoE).The DHCoE fosters responsible and high-quality digital health innovation.

To learn more about the role, Professor Fu’s numerous achievements in the cross-section of health technologies and cybersecurity, as well as his other notable contributions, check out the University of Michigan’s official press release here.

Congratulations, Professor Fu!

Cybersecurity and Privacy Implications of Contact Tracing

Posted on by
Reply

Two THaW researchers participated as panelists in a recent online panel discussion about contact tracing, with an emphasis on the security and privacy aspects. The video is now available.

“The coronavirus pandemic has highlighted the need for contact tracing, an effort to retroactively discover and inform all the persons who had recent contact with an infected person. Traditional methods are labor-intensive and inherently limited by human memory. Smartphone apps have been proposed to proactively record contacts, for retrospective notifications to those who may have been proximate to someone later discovered to be infected. There are, however, inherent privacy and cybersecurity risks posed by such technologies, and the same technologies could be abused for purposes other than public health. It is thus essential for contact tracing technologies to be designed and deployed with the utmost care and transparency.”

THaW work on contact tracing

Posted on by
Reply

Early THaW research on contact tracing is finding new relevance as groups across the US and around the world scramble to develop privacy-preserving contact-tracing apps.  Notable app efforts include DP-3TPEPP-PT, and SafePaths.  All of those efforts focus on privacy-preserving apps for retrospective notification of persons who may have had “contact” with a person later determined to be ill with an infectious disease, where “contact” occurs when spending time in close proximity to the infected person.  THaW student Aarathi Prasad went further, devising a system that could also detect “close encounters”, e.g., for those who may have visited a place soon after the infected person left.  Some diseases, including perhaps the coronavirus, can linger in the air or on surfaces for hours.

The lead author on THaW’s work, Aarathi Prasad, is now a professor at Skidmore College, which just posted an extended story about her work. Her work was originally published in the paper below.

Aarathi Prasad and David Kotz. ENACT: Encounter-based Architecture for Contact Tracing. Proceedings of the ACM Workshop on Physical Analytics (WPA), pages 37–42. ACM Press, June 2017. doi:10.1145/3092305.3092310. ©Copyright ACM.

Abstract: Location-based sharing services allow people to connect with others who are near them, or with whom they shared a past encounter. Suppose it were also possible to connect with people who were at the same location but at a different time – we define this scenario as a close encounter, i.e., an incident of spatial and temporal proximity. By detecting close encounters, a person infected with a contagious disease could alert others to whom they may have spread the virus. We designed a smartphone-based system that allows people infected with a contagious virus to send alerts to other users who may have been exposed to the same virus due to a close encounter. We address three challenges: finding devices in close encounters with minimal changes to existing infrastructure, ensuring authenticity of alerts, and protecting privacy of all users. Finally, we also consider the challenges of a real-world deployment.

IEEE recognizes THaW researcher for establishing field of medical device security

Posted on by
Reply

Professor Kevin Fu’s 2008 paper called “Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses” has received the inaugural IEEE Security and Privacy “Test of Time” Award:  http://eecs.umich.edu/eecs/about/articles/2019/fu-test-of-time.html 

The paper was been recognized from a pool of submissions spanning 40 years with the inaugural IEEE Security and Privacy Test of Time Award, and its impact can be felt in every corner of the medical devices industry.

In the 11 years since the paper’s publication, Fu and others in his field have worked on solutions. Many of these have been technical, but most of the larger impact the paper has had has been in leadership.

“A lot of it is about community building and standards development,” Fu says, “which is sometimes a foreign concept in academia. But it’s really important to industry.”

Kevin Fu Named As IEEE Fellow

Posted on by
Reply

Wei LuTHaW leader Kevin Fu was recently named a fellow by the Institute of Electrical and Electronics Engineers (IEEE) for his contributions to embedded and medical device security. The honor comes as part of the 2018 class, and  is “a distinction reserved for select IEEE members whose extraordinary accomplishments in any of the IEEE fields of interest are deemed fitting of this prestigious grade elevation”. To read more about Kevin’s award and accomplishments, click through below.

Kevin Fu Elected IEEE Fellow for Contributions to Embedded and Medical Device Security

A ‘Crisis’ in Healthcare Security

Posted on by
Reply

Recently Professor Avi Rubin was invited to speak at Enigma — a new security conference geared towards those working in both industry and research, recently launched by the USENIX Association.

According to Professor Rubin, health care information security is in crisis. In this presentation, Professor Rubin emphasizes the numerous vulnerabilities of our health care system. These vulnerabilities range from overt circumventing of security protocols to blissful ignorance of network security concerns.

Professor Rubin goes on to identify what makes cybersecurity in health care different from other fields, such as financial services. Finally, Professor Rubin offers a ‘Top Ten’ list of actions the health care community can take right now to improve the cybersecurity of health care.

Watch Rubin’s talk on YouTube.

Virtual Fitness Coach from Under Armour

Posted on by
Reply

“It’s fascinating, what’s happening, and very exciting,” – Avi Rubin

At the 2016 Consumer Electronic Show (CES) last week, Under Armour announced a suite of products and services relevant to THaW research topics.  Journalists sought out THaW researcher (and PI at Johns Hopkins) Avi Rubin for comment.

First the athletic wear maker unveiled its first-ever collection of fitness devices, a suite of products dubbed UA HealthBox that included a wristband, a heart-rate monitor and a Wi-Fi-enabled scale — plus a separate “smart shoe” and Bluetooth headphones. It also upgraded the UA Record application that powers those devices. … “It’s fascinating, what’s happening, and very exciting,” said Avi Rubin, a Johns Hopkins computer science professor…. (Lorraine Marbella, Baltimore Sun, January 9, 2016 [http://www.baltimoresun.com/business/under-armour-blog/bs-bz-under-armour-ibm-watson-20160109-story.html])

This is the first of many such announcements we anticipate throughout 2016. The challenge facing the THaW community is how to ensure that privacy is protected and the collected data is secure.

Former THaW Postdoc Denis Foo Kune Has a New Company to Protect Medical Devices from Malware

Posted on by
Reply

“PhDs Benjamin Ransford and Denis Foo Kune developed the platform which uses the “traditionally undesirable” power consumption side channel to detect malware with the accuracy of desktop anti-virus at run-time without the need to modify the hardware or software of systems.”

 — Darren Pauli, 27 April 2015, The Register

To read more about Kune’s WattsUpDoc platform click here.