With the help of a contract award for up to $12 million from the Advanced Research Projects Agency for Health (ARPA-H) UPGRADE program, a team of researchers led by the School of Cybersecurity and Privacy at Georgia Tech will begin developing an advanced cybersecurity platform to help hospitals proactively identify and fix vulnerabilities in their software, devices, and networks.

“This is a new area of security research,” said Associate Professor Brendan Saltaformaggio. “We not only have to worry about the cybersecurity aspect, but the physical security as well. Our research must be very accurate to make sure patients are safe from cyberthreats.”

Starting next month, the team of researchers on the Hospital-Integrated Vulnerability Identification and Proactive Remediation (H-VIPER) project will begin developing a system they are calling the Whole-Hospital Simulation (WHS).

The system maps out the online network for hospitals of all sizes and enables IT teams to test their cyber capabilities before going live. The system can also identify threats, such as missed software updates, and alert the IT department.

“Hospitals have thousands of devices connected to their networks, including medical devices,” said Saltaformaggio. “A hospital like Children’s has a huge attack surface. A smaller hospital might have different challenges, but possible entry points are still there.”