Hospital rooms beep and flash with many devices that are increasingly getting infected with malware (see “Computer Viruses Are ‘Rampant’ on Medical Devices in Hospitals”). But for several reasons, these gadgets are often incompatible with commercial security software.
Now, new technology developed by academic researchers could catch most malware on the devices just by noting subtle changes in their power consumption. This could give hospitals a quick way to spot equipment with dangerous vulnerabilities and take the machines offline. The technology could also apply to computer workstations used in industrial control settings such as power plants.
The system, dubbed WattsUpDoc, is based on work involving Kevin Fu, who heads a research group on medical-device security at the University of Michigan and has uncovered several vulnerabilities in medical equipment. The research group tested WattsUpDoc on an industrial-control workstation and on a compounder, a machine commonly used in hospitals to mix drugs. In both cases the devices ran on modified versions of the Windows operating system.
The malware detector first learned the devices’ normal power-consumption patterns. Then it was tested on machines deliberately infected with malware. It was able to detect abnormal activity more than 94 percent of the time when it had been trained to recognize that malware, and between 84 and 91 percent of the time with previously unseen malware.
The technology, which is scheduled to be presented at a conference next week, “highlights a novel way of monitoring,” says John Halamka, CIO of Beth Israel Deaconess Medical Center in Boston.
