Skip to Content

Electric Therapy for Medical-Device Malware

Researchers show how to spot viruses on equipment like drug mixers and pregnancy monitors: by examining their power usage.
August 9, 2013

Hospital rooms beep and flash with many devices that are increasingly getting infected with malware (see “Computer Viruses Are ‘Rampant’ on Medical Devices in Hospitals”). But for several reasons, these gadgets are often incompatible with commercial security software.

an implantable pacemaker
Malware practice: Kevin Fu specializes in finding vulnerabilities in electronic medical equipment. Here he holds an implantable pacemaker used in earlier security research.

Now, new technology developed by academic researchers could catch most malware on the devices just by noting subtle changes in their power consumption. This could give hospitals a quick way to spot equipment with dangerous vulnerabilities and take the machines offline. The technology could also apply to computer workstations used in industrial control settings such as power plants.

The system, dubbed WattsUpDoc, is based on work involving Kevin Fu, who heads a research group on medical-device security at the University of Michigan and has uncovered several vulnerabilities in medical equipment. The research group tested WattsUpDoc on an industrial-control workstation and on a compounder, a machine commonly used in hospitals to mix drugs. In both cases the devices ran on modified versions of the Windows operating system.

The malware detector first learned the devices’ normal power-consumption patterns. Then it was tested on machines deliberately infected with malware. It was able to detect abnormal activity more than 94 percent of the time when it had been trained to recognize that malware, and between 84 and 91 percent of the time with previously unseen malware.

The technology, which is scheduled to be presented at a conference next week, “highlights a novel way of monitoring,” says John Halamka, CIO of Beth Israel Deaconess Medical Center in Boston.

The next step, says Fu, is to do far more field testing. It is likely to be a year or more before the device could be commercialized, he adds.

The eventual goal is for the technology to alert hospital IT administrators that something is amiss, even if the exact virus is never identified. That’s important, because there are hundreds of thousands of medical devices in the field that probably won’t get changed to address their underlying vulnerabilities, says Shane Clark, a grad student at the University of Massachusetts, who works with Fu and developed the prototype. “This is about ‘We’ve got a problem right now, and it’s hard to get any weight behind policy and design changes for everything out there. So what can we do right now to improve the situation?’” Clark says.

Hospital devices such as pregnancy monitors, compounders, and picture-storage systems for MRI machines are vulnerable to infection because they are typically connected to an internal network that is, in turn, connected to the Internet. In June the U.S. Food and Drug Administration warned that malware was a growing problem and encouraged device makers to update software.

The FDA said that no known injuries had resulted from medical malware and that the computer infections were not known to be deliberately targeting medical equipment. But Clark says viruses can still inhibit medical care: “You need to mix a solution, but the compounder is running slow and keeps rebooting, or is unresponsive.”

Unfortunately, he adds, “you can’t just slap a copy of McAfee antivirus on your medical device.” That’s because even though many medical devices run Windows, they often use custom versions of the operating system that are incompatible with conventional antivirus software. And some machines can’t be loaded with these protections because their manufacturers prohibit third-party applications.

Other computer security researchers have been working on detecting malware by using power consumption as a proxy for unusual behavior (see “Tiny Changes in Energy Use Could Mean Your Computer Is Under Attack”). The key with hospital equipment is getting a very detailed profile of normal usage and being able to both detect changes and avoid false alarms.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

The problem with plug-in hybrids? Their drivers.

Plug-in hybrids are often sold as a transition to EVs, but new data from Europe shows we’re still underestimating the emissions they produce.

Google DeepMind’s new generative model makes Super Mario–like games from scratch

Genie learns how to control games by watching hours and hours of video. It could help train next-gen robots too.

How scientists traced a mysterious covid case back to six toilets

When wastewater surveillance turns into a hunt for a single infected individual, the ethics get tricky.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.