Cybersecurity experts at Indiana University are leading two projects to enhance the security of national research data and personal health records by improving open-source systems that manage this information. These efforts have been recognized with $3 million in funding from the National Science Foundation’s Safety, Security and Privacy of Open-Source Ecosystems program. Each project will receive $1.5 million, making IU one of only six universities awarded under this program, with two other grants going to private cybersecurity organizations.
Brad Wheeler, Sungkyunkwan Professor of Information Systems and Rudy Professor of Operations & Decision Technologies at the Kelley School, is a co-leader on the grant focused on protecting research data. “This is a program very focused on supporting practical matters of merit to the national interest,” Wheeler said. “For IU to receive not one but two of these awards, especially in this very competitive national funding environment, is a big deal.”
Sagar Samtani, associate professor of operations and decision technologies and director of the Data Science and Artificial Intelligence Lab at the Kelley School, joins Wheeler in leading the research data security project. The team will work with UITS Research Technologies to strengthen Jetstream and Exosphere—open-source platforms managed by IU that provide cloud-based collaboration environments for thousands of U.S.-based research projects funded by the NSF.
“Our project is about empowering researchers to identify and address software vulnerabilities in real time, using AI to improve the resilience and safety of these ecosystems,” Samtani said. He explained that their lab will develop AI agents capable of scanning for code vulnerabilities and suggesting fixes automatically. “We’re not just scanning for vulnerabilities,” he added. “We’re building tools that help users understand and fix them, so they can focus on science without worrying about cybersecurity.”
The second project aims to secure OpenMRS—the world’s largest open-source electronic medical records system—which supports medical records management in over 40 countries. Saptarshi Purkayastha, associate professor of health informatics at the Luddy School in Indianapolis and director of its Health Informatics Program, leads this initiative alongside colleagues from the IU School of Medicine and Regenstrief Institute.
“There is both a security incentive and a financial incentive to this project since reducing administrative overhead reduces the overall cost of healthcare,” Purkayastha said. “The wider adoption of open-source software in healthcare will lower costs both through fostering greater competition in the marketplace and reducing dependance on expensive proprietary systems.”
Purkayastha’s involvement with OpenMRS dates back to 2008 as a Google Summer of Code intern before becoming a core contributor with authority over high-level code integrations. His current work will introduce structured security training for contributors, adapt an established vulnerability scoring system for proposed code changes, and launch an official bug bounty program.
Other contributors include Xukai Zou from the Luddy School—an expert in security research—and Burke Mamlin from IU School of Medicine and Regenstrief Institute who co-founded OpenMRS.
“The real strength of open-source systems comes from the fact that they’re community-driven,” Purkayastha said. “People contribute to these systems because they believe in the software’s mission, and that can create a type of resilience and innovation that isn’t always seen in other systems.”
