hehehaha

Inspiration

Our inspiration comes mainly from our experience with the healthcare industry, and its associated challenges. With most of our team coming from a cybersecurity background, we felt that this hackathon was a great platform to put what we have learnt from modules and internships into good use.

The healthcare industry is often overlooked in cybersecurity, yet it poses life threatening risks. Notwithstanding the potential disaster that follows sensitive health information leakage, imagine if a threat actor manages to infiltrate a vulnerable infusion pump (known to have many vulnerabilities); people's lives are now at stake.

What it does

Synergy was built in consultation with cyber defense experts we reached out to in the healthcare industry. One of the many things they pioneered was the Cybersecurity Labelling Scheme (CLS) for Medical Devices, and it was only logical that we crafted our solution based on the insights gleaned from them.

Synergy is a web application built for both patients and healthcare institutions.

Patients

Patients can track the healthcare professionals that retrieve and update their medical records. By having another pair of eyes on medical data usage, it will be much easier to flag any unauthorised accesses. Additionally, should they own medical devices, they are able to register them to Synergy. Synergy will then keep track of any vulnerabilities or software patches for each device, and raise an alert should there be an advisory, recall or disclosed vulnerability that requires the patient's attention. This bridges the information gap between brands and patients, as well as shorten the lead time to security response. Additionally, they can browse a catalog of all medical devices available on the market, which is pre-sorted by their CLS rating. This not only incentivizes vendors to build secure products to obtain a higher catalog ranking, but also nudges patients to purchase safer devices as well.

Healthcare institutions

Healthcare institutions can also benefit from Synergy as insights to macro-level cybersecurity. The first element is a cybersecurity risk dashboard that provides a breakdown of the institutions risk and compliance statistics. Risk scores will go down based on how many devices have low CLS ratings or with vulnerabilities, and compliance scores will go up based on how many devices have up-to-date patches. Other metrics available would also be notices for security matters, and number of devices that are un-patched/vulnerable. The second element is a catalog of all medical devices in its inventory, as well as other institutions. In the event that one device fails or is unsafe to use, they can request from other institutions that have spare inventory, a common practice today but now enhanced with Synergy's visbility.

How we built it

We used a React frontend with TypeScript. We opted for a PostgreSQL backend with TypeScript as well, but also included hardcoded examples for demonstration and for anyone who wants to quickly try out Synergy without setting up the database.

Some libraries we used include AntDesign and Material UI.

Challenges we ran into

Backend took some tinkering to set up, before we realised it might be too complicated to setup for demonstration purposes. As a result, we decided to add in an alternative way to view sample data without having to set up the backend.

Additionally, some of us had little prior web development experience, especially in creating dashboards, resulting in much time experimenting with libraries, but as a result we learnt alot!

Time constraints were also a big factor as many of us were on internship, so we had to work through the night to see Synergy through. There were some elements we wished we had time to complete, but unfortunately could not ship them out on time.

Accomplishments that we're proud of

Making further progress in our MVP than our past hackathons, and being able to submit a decently working project that demonstrates that what we are trying to achieve with Synergy.

Dashboard looks decent! :)

What we learned

Aside from the technical aspects, talking to the cyber defenders from the healthcare industry gave us understanding that did not strike us previously. Rather than talking about technical aspects, they gave many current and future consequences of vulnerability in medical devices, as well as their current challenges they face in implementing solutions. This formed the basis of Synergy and our attempt to plug some of the gap.

What's next for Synergy

We would love to utilise AI to detect unauthorised accesses to patient records. While accesses can be made by doctors, should all doctors have access to them? A doctor in one hospital may not have a need to access a patient's data in another hospital. Leveraging AI could help flag out any suspicious retrieval of data, even though on paper it looks like a valid access.

One important element is the vulnerability of data in transit by medical devices. Nowadays, medical devices are increasingly connected to the internet, which allows the recording of medical data and sending to a database via the internet. Yet, it has many vulnerabilities that could allow data sent/retrieved by the device to be exfiltrated or worse, manipulated. Synergy hopes to be the middleman that encrypts the data collected from the device, before it is sent for storage, to prevent any life-threatening scenarios that may ensue.