Skip to main content
Center for Healthcare Cybersecurity Center for Healthcare Cybersecurity
  1. HOME
  2. Research

Research Approach

The UC San Diego Center for Healthcare Cybersecurity is building a multidisciplinary, data-driven research program focused on multiple key areas in the healthcare cybersecurity domain. By combining the deep clinical knowledge of practicing physicians with the technical expertise of computer science faculty, the Center can conceptualize, design, and execute impactful projects that address relevant questions and produce data that can be used to guide operational decision-making and resource allocation.

We seek to enhance the cybersecurity resiliency and preparedness of critical health infrastructure to ensure patient safety. Our work aims to support the technologies, interventions and policies that will protect the “target rich, cyber poor” rural and critical access hospitals which, when disrupted by ransomware and other cybersecurity threats, may fail to provide the care needed by vulnerable populations already at risk for geographic and resource induced healthcare disparities.

Current research initiatives include:

  • Developing best practices for the secure deployment and maintenance of cloud infrastructure in healthcare operational workflows
  • Identifying critical patient safety impacts in the setting of ransomware attacks and developing clinically oriented incident response plans
  • Discovering methodologies for rapid identification of hospitals affected by ransomware relying on passive, publicly available signals
  • Designing rapidly deployable emergency downtime technology platforms that can restore patient safety and business continuity functionality while augmenting paper workflows
  • Creating rigorously constructed controlled trials that validate the impact of commonly accepted cybersecurity practices like phishing training and multifactor authentication
  • Developing and validating didactic curricula for both health science students and computer science students to develop both a healthcare-engaged technical workforce and cybersecurity literate clinician population
  • Performing medical device cybersecurity research, including penetration testing and vulnerability analysis, as well as software bill of materials evaluation
  • Assessing economic and operational impacts of proposed healthcare cybersecurity regulation and policy, particularly devising cost estimates for commonly recommended minimum cybersecurity standards or controls