Radiology Site

UCSD Center for Healthcare Cybersecurity fights attacks on multiple fronts

UCSD Center for Healthcare Cybersecurity fights attacks on multiple fronts

With projects like the creation of โ€œa hospital IT system in a boxโ€ and studies on the impact of ransomware attacks on hospitals and the effectiveness of employee cybersecurity training, researchers at UC San Diego in La Jolla are trying to make hospitals more resilient in the face of cyberattacks.

The Center for Healthcare Cybersecurity was launched in 2023 by Dr. Jeff Tully, an assistant professor of anesthesiology at UCSD, and Dr. Christian Dameff, an associate professor in the departments of Emergency Medicine and Computer Science & Engineering and the Division of Biomedical Informatics.

Though they lack a building with the centerโ€™s name on it, their interdisciplinary work involves people from โ€œa bunch of different domains,โ€ including in the clinical field, technologists and cybersecurity experts.

โ€œBasically everybody who has a stake in safe and secure patient-care technology all come to the center as sort of a way to convene research, education, innovation and advocacy that has a very clinically oriented but very technically rigorous focus,โ€ Tully said.

โ€œWe really wanted an entire gambit of folks there, because our research is very practical and applied,โ€ Dameff said. โ€œWe donโ€™t just stop when we publish a paper. If the cybersecurity doesnโ€™t make the patient at the bedside safer, then thereโ€™s a gap. And thatโ€™s the gap we want to fill with this center.โ€

Dameff and Tully came up studying medicine in Arizona. Today, one of their main focuses at the UCSD center is collecting better data to aid in cybersecurity decisions.

โ€œWe grew up as doctors, and we, in medicine, require a pretty rigorous amount of data before we can recommend a treatment or a surgery,โ€ Dameff said.

โ€œWe subscribe to the belief that many cybersecurity problems and their solutions that are proposed are actually based on pretty poor data. When you make decisions based on bad data, you get bad outcomes.โ€

The centerโ€™s drive for better data was shown in a pair of studies โ€” one on the burden hospitals bear during cyberattacks and another showing that cybersecurity training may not be as effective as people think.

The former paper, released via JAMA Network Open, evaluated two hospitals adjacent to but separate from a health-care organization victimized by a months-long cyberattack. The results, according to the study, were increased patient load, wait times and length of stay.

In the latter study, simulations of 10 different โ€œphishingโ€ attacks were sent to nearly 20,000 UCSD Health employees over eight months as a training exercise. The study determined those efforts did not make employees likelier to identify phishing attempts (using deceptive messages such as emails, texts or phone calls to trick people into revealing sensitive information or downloading malware). In some cases, their ability to sniff them out decreased with training, according to the study.

Tully noted the centerโ€™s growth and breadth of study since its inception.

โ€œI would say we have built a community over the last two years,โ€ he said. โ€œOur faculty bench has gotten deeper, we have more projects and initiatives that have gotten underway, the papers have come out at an increasing pace. So weโ€™ve been very pleased with how weโ€™ve been able to scale and grow this.โ€

As the center grows, the researchers have made an effort to take a proactive approach to ransomware attacks, which use malicious software to encrypt or lock up a victimโ€™s files, making them inaccessible until a ransom is paid.

โ€œMost people think that when you get hit with ransomware, you canโ€™t do much,โ€ Dameff said. โ€œYou have to just put your head down and โ€ฆ take care of patients without technology, which is really, really disruptive.โ€

One of the centerโ€™s recent projects, Crashcart, challenges that assumption and raises the question: Could you place critical technology in a portable package, drive it to medical centers and immediately deploy it to help doctors, nurses and patients amid a cyberattack?

Early returns are largely positive, Dameff said.

The project, which Tully calls โ€œa hospital IT system in a box,โ€ can greatly reduce hospital downtime by pulling up electronic health records, radiology and laboratory systems off the grid, according to UC San Diego.

Crashcart was built over 1ยฝ years, followed by six months of practice. Each practice run has brought improved outcomes, Dameff said.

The centerโ€™s health-care cybersecurity work comes as attacks are increasing, Tully and Dameff said. A paper they published in September 2024 said ransomware attacks on health-care organizations nearly doubled between 2016 and 2021. A 2024 attack on technology conglomerate Change Healthcare took $22 million from the company, the study said, citing a report published by Wired magazine.

That attack, Dameff said, demonstrated the extent to which health care is dependent on technology across the nation, posing national security risks.

The Center for Healthcare Cybersecurity seeks to identify those risks and intervene where possible.

โ€œIโ€™m very interested in trying to find out where those are and try to protect them,โ€ Dameff said. โ€œWeโ€™re becoming more and more dependent, and the failures are just getting higher and higher in stakes.โ€

To learn more, visit cyberhealth.ucsd.edu. โ™ฆ

Original source: us

gx0h8

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by