Researchers at Northeastern University, working with several healthcare organizations and health tech companies, are developing vulnerability management platforms they hope to rapidly deploy and support.
The Advanced Research Projects Agency for Health awarded $19 million this month to Northeastern University. The goal for ARPA-H’s Universal Patching and Remediation for Autonomous Defense (UPGRADE) program, which gave the funding to NU’s Archimedes Center for Healthcare and Medical Device Cybersecurity, is to develop high-fidelity digital twins that can help hospitals better defend against security threats to networks and medical devices.
WHY IT MATTERS
Just like a patient’s biological system, digital twins could help IT managers better understand patching impacts and help security teams, administrators and clinical staff prevent hospital disruptions, according to ARPA-H.
The goal of the UPGRADE program for ARPA-H, an agency within the Department of Health and Human Services, is to foster autonomous cyber defenses that help health systems’ information technology teams better detect and remediate cybersecurity threats.
Hospital-scale digital twins are models of an organization’s network ecosystem that mirror how systems, users and assets connect.
They have been found to “accelerate the discovery and remediation of cybersecurity vulnerabilities, encompassing thousands of medical devices from infusion pumps to imaging systems while ensuring uninterrupted patient care,” said Kevin Fu, the Archimedes Center’s director and PATCH Project lead, in a recent social media post announcing the grant award.
Health IT security teams use digital twins to map exposures, trace likely attack paths and focus on network systems with the greatest risks.
Northeastern’s PATCH Project will use ARPA-H funding to advance the use of digital twins to improve cybersecurity detection and defense. Researchers are working with providers, including Michigan Medicine, Massachusetts General Hospital, Beth Israel Deaconess Medical Center, University of Colorado School of Medicine, University of California San Diego and the Michigan Center for Rural Health.
They are also working with Medcrypt, ForAllSecure and Virta Laboratories to commercialize these open-source vulnerability mitigation platforms, according to Fu.
The goal is to rapidly deploy the digital twin platforms across healthcare systems, he said, and provide them with technical support.
“PATCH will also work closely with the Association for the Advancement of Medical Instrumentation, a community of 10,000+ professionals focused on advancing safety in medical technology, to provide channels for outreach to healthcare professionals to learn the necessary skills to maintain and secure these healthcare systems,” he said.
Through the UPGRADE program, ARPA-H has also awarded funds to several other teams working on medical device cybersecurity. Teams must meet aggressive milestones specific to their project, according to the agency.
THE LARGER TREND
Digital twins have been tested in clinical trials as a vehicle for improving precision medicine, used in preventive healthcare, and leveraged to forecast provider staffing and resource needs.
Digital twin technology has the potential to support health systems in a number of ways, according to Ryan Sousa, vice president of the data, analytics and AI practice at Pivot Point Consulting, a health IT consulting firm.
They “enable healthcare organizations to simulate and optimize hospital operations, predict patient flow and test new care delivery models in a virtual environment,” he told Healthcare IT News in a conversation about developing artificial intelligence and analytics techniques.
In AI-driven cybersecurity, digital twins are capturing researchers’ attention because they offer predictive maintenance and threat detection opportunities. Digital replicas of hospital networks may improve cybersecurity testing, but they must also be protective of the system data they replicate and cost-effective for health IT teams to maintain.
ON THE RECORD
“The project will create hospital-scale digital twins to accelerate the discovery and remediation of cybersecurity vulnerabilities, encompassing thousands of medical devices from infusion pumps to imaging systems, while ensuring uninterrupted patient care,” Fu said in a social media post.
Andrea Fox is senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.
