National Science Foundation gives Virta Labs $750,000 to improve device cybersecurity

PowerGuard--Courtesy of Virta Laboratories

Ann Arbor, MI's Virta Laboratories has received a $750,000 grant from the National Science Foundation's Small Business Innovation Research program to improve the cybersecurity of medical devices using its development-stage PowerGuard gadget and associated software.

The funding marks its second SBIR grant (the first one was worth $150,000), as the feds race to safeguard patient health by ensuring continuous access to medical devices and health IT at hospitals in the face of rising incidents of ransomware attacks.

Co-founder Kevin Fu, who's on leave from the University of Michigan, where he runs the Archimedes Research Center for Medical Device Security, said the PowerGuard is an anomaly detector. When plugged into an outlet, it measures the manner in which a device draws power.

Using machine learning and cloud analytics, Fu hopes to be able to determine the type of problem facing a device based on abnormalities in the power usage data, ranging from malware to a broken motor. He said the grant will accelerate the development of the PowerGuard's software, and help 8-person Virta Labs move from protecting individual devices to protecting entire systems.

For Fu said cybersecurity at hospitals boils down to three elements. Enumerating risks, implementing mitigating controls, and measuring the effectiveness of those controls.

Based on conversations with potential customers, Fu said he was surprised to learn that many hospitals are having a hard time with the basic task keeping of keeping track of all the assets that may pose cybersecurity risks.

Data from the PowerGuard will help hospitals identify unprotected devices thanks to its risk management software, which is designed to be integrated into hospitals' control rooms so that engineers can monitor several pieces of equipment simultaneously, such as X-rays, patient monitors and infusion pumps. The information will also help hospitals determine if their mitigation techniques have proven effective.

The PowerGuard does not need FDA-approval prior to commercialization.

"Healthcare security is now front-page news. Healthcare organizations are thinking seriously about security, but the best security tools were not designed for the unique challenges of healthcare," said Virta Labs co-founder Dr. Ben Ransford, in a statement. "Our mission is to provide clear, continuous visibility into cybersecurity risk without interrupting clinical workflow. The SBIR grant is both validation and a clear message to us: go solve these problems."

The BBC reported that the Kentucky Methodist Hospital, Chino Valley Medical Center and Desert Valley Hospital were just hit by ransomware attacks. And in February, Hollywood Presbyterian Medical Center in Los Angeles paid $17,000 to regain access to its files.

Ransomware attacks can lead to the postponement of elective surgeries, diversion of patients to new hospitals and reliance on slower paper-based processes, Fu said, adding "just will till you hear about the attacks that haven't been reported."