By Dave DeFusco
Modern hospitals depend on connected medical devices to care for patients. Devices such as heart monitors, infusion pumps, pulse oximeters and ECG machines constantly collect and share information. Together, these connected systems are known as the Internet of Medical Things, or IoMT.
While these devices help doctors and nurses provide better care, they also create new cybersecurity risks. If attackers gain access to a medical device, they could disrupt treatments, steal sensitive information or even put patients in danger. That challenge inspired Evelyn Chipangura, a student in the Katz School’s M.S. in Cybersecurity, to develop her capstone project, “IoMT Anomaly Detection System, with GRC Integration.”
“My goal was to create a system that could detect cyberattacks against medical devices in real time, automatically respond to threats and help healthcare organizations maintain compliance with security regulations,” said Chipangura.
The system acts like a police officer for a hospital network. It continuously watches traffic flowing between connected medical devices and looks for suspicious behavior. When it detects a potential attack, it immediately alerts security teams and can automatically isolate affected devices before damage occurs.
At the heart of the platform is an artificial intelligence model called LightGBM. Chipangura trained the model using more than 1.8 million examples of network activity from medical devices.
“We wanted the system to recognize multiple types of attacks, including denial-of-service attacks, spoofing attacks, reconnaissance activity and malicious command injections,” said Chipangura. “The model achieved 98% accuracy while classifying six different categories of network traffic.”
The research focused on a growing problem in healthcare cybersecurity. Many medical devices were designed primarily for patient care, not security. As a result, they often lack strong built-in protections and can become attractive targets for attackers.
“Compromised medical devices are not just an IT problem,” said Chipangura. “They can directly affect patient safety and disrupt critical clinical operations.”
The platform begins by collecting network traffic from devices such as infusion pumps, heart monitors and pulse oximeters. It analyzes information such as packet size, communication patterns, timing and network protocols. The AI system then determines whether the activity is normal or potentially malicious. One of the project’s most important features is its automated response capability.
“Once an attack is detected, the system can block the attacker’s IP address, isolate the affected device, notify clinical staff and security analysts, and create a complete audit record,” said Chipangura.
She described a scenario involving a network-connected infusion pump in an intensive care unit.
“If an attacker attempted to send malicious commands to change a patient’s medication dosage, our platform could detect the abnormal traffic, isolate the device and stop the attack before it reaches the patient,” said Chipangura.
The project also integrates Governance, Risk and Compliance, commonly known as GRC. This feature helps hospitals demonstrate compliance with healthcare and cybersecurity standards, including HIPAA, NIST 800-53 and ISO 27001.
“Security teams often detect threats while compliance teams separately gather audit evidence,” said Chipangura. “Our platform automatically connects those activities, reducing audit preparation from weeks to hours.”
The system records every security event, response action and compliance requirement in a centralized dashboard. Security analysts can view alerts, track risks, monitor devices and review detailed audit trails in real time.
Her advisor and instructor, Leon Flaksin, believes the research addresses a critical need in modern healthcare.
“Healthcare organizations are connecting more medical devices than ever before, which dramatically expands their attack surface,” he said. “Evelyn’s work demonstrates how artificial intelligence, automated response and compliance monitoring can work together to strengthen cybersecurity while protecting patient safety.”