MICS Capstone Project Summer 2023


Problem Statement

As medical clinics continue to incorporate increased amounts of IT equipment into their work environments, the risk of cyber attacks rises drastically. The healthcare industry as a whole continues to be a prime target for cyber threat actors who look to steal PII and PHI for financial gain. In 2022, medical clinics experienced 849 incidents with 571 confirmed data breaches which accounts for approximately 31% of the total cyber attacks in 2022, an increase from the 23% in 2021. As cyber threat actors pivot to targeting small health clinics, who often lack robust security preparedness, staff size, and budget, this number will grow.

Of all small and mid-size medical clinics, about 48% of executives say their organization had a forced or proactive shutdown during the last six months due a cyber attack. For these smaller medical clinics, shutdowns that last over 9 hours can cost approximately $47,500 per hour. Accounting for remediation costs, a data breach can cost approximately $1-3 million. This has caused many instances where small to mid-size clinics were forced to shut down permanently.

We propose a solution directly targeting the small medical clinics who do not have the resources or capabilities to conduct proper cyber security. A product that would protect this specific sector could potentially save millions of dollars. Also, our automated detection and remediation system would place less strain on the employees of small health clinics, giving them a secured network environment while not pulling them away from their medical duties. Moreover, looking to close the gap in security for small health clinics would finally resolve a much overlooked sector of the healthcare industry.

The Solution

We aim to provide a managed service to give small medical clinics (SMC) access to a managed SOC that can help identify and remediate the key threats they are likely to face in real-time. By leveraging Security Onion and its suite of open source tools, we will provide an automated MDR solution to SMCs. In addition to the MDR solution, MediGuard will also build a website that contains the User Dashboard for SMC Administrators and their IT personnel to access where they can view the security status of their endpoint systems in an easy to understand fashion. As an added capability, MediGuard will automatically alert SMCs to potential vulnerabilities that violate HIPAA standards and provide a way forward. Lastly, to bridge the gap between SMCs and Cyber Insurance providers, MediGuard will provide an automated report of security posture to assist Cyber Insurance Evaluators working with SMCs to provide the coverage

Overall Architecture


User Dashboard Generation Flow Diagram

MDR Architecture Diagram

Last updated:

August 10, 2023