CareFortress wraps unpatchable clinical equipment — Windows XP, QNX, VxWorks — in a KVM hypervisor layer that contains ransomware, blocks lateral movement, and preserves a tamper-evident audit chain. Without touching the certified OS.
Hospital ransomware attacks have diverted ambulances, delayed surgeries, and cost lives. Legacy medical devices are among the most vulnerable endpoints in any facility — and the hardest to protect.
FDA-cleared devices cannot receive OS updates without re-certification. A Windows XP ventilator controller from 2012 will run Windows XP until it's decommissioned.
WannaCry spread device-to-device over SMB in minutes. A single compromised patient monitor can reach every device on the same network segment.
When a device is compromised, the attacker clears the logs. Standard network segmentation has no visibility into what happened inside the device.
Restoring a ransomed medical device requires a field service visit, hardware replacement, or vendor re-imaging — measured in days, not minutes.
CareFortress runs on dedicated edge hardware beside the legacy device. The certified OS runs unmodified inside a KVM guest VM — isolated, monitored, and recoverable.
CareFortress converts ransomware against the medical device fleet from a fleet-wide, persistent, stealthy, catastrophic event into a single-device, recoverable, detected, contained one.
Isolated network bridges with deny-all routing between guest VMs. A compromised device has no route to its neighbors. Validated empirically from a guest-vantage attack simulation.
Logs collected out-of-guest over virtio-serial. SHA-256 chained. Append-only via kernel-enforced chattr. An attacker who owns the guest cannot reach or alter the host-side record.
KVM snapshot rollback restores a compromised guest to a known-good state in minutes. No field service visit. No vendor re-imaging. No extended downtime.
HL7 proxy enforces message-type whitelist (ORU^R01, ADT^A01, etc). DICOM proxy enforces SOP class and AE Title. Worm payloads cannot tunnel through permitted clinical protocol ports.
TPM PCR measurements verify guest boot integrity on every attestation cycle. Boot-level tampering is detectable even if the OS appears to be running normally.
In-guest telemetry agents for Linux, Windows (PE32+ XP compatible), QNX, and VxWorks. Agentless deployment also supported for devices where no software installation is permitted.
Pluggable profile model forwards validated, SHA-256 chained audit entries to your existing SIEM in real time. Chain is verified on-host before forwarding — the SIEM receives only clean, attributable events.
Every security claim is backed by empirical testing. All commits are GPG signed. The SBOM, CVE scan, OWASP report, pentest findings, and MITRE ATT&CK threat model are committed to the public repository.
Full OWASP Top 10 (2021) test results from an external Kali VM. A01–A10 documented with evidence, remediation applied, and post-fix verification confirmed.
Penetration test covering JWT attacks, SSH hardening, business logic, race conditions, and infrastructure. 3 findings fixed, 2 accepted with documented rationale.
MITRE ATT&CK kill-chain analysis for ransomware (TA-1) and nation-state APT (TA-2). Three empirical validation tests with results. Residual risk register included.
CIS Ubuntu 26.04 Level 2 hardening profile. Kernel sysctl settings, SUID reduction, service allowlist, AppArmor confinement, and file integrity baseline.
Software Bill of Materials generated by Syft 1.45.1. Grype CVE scan clean across all 16 Python dependencies after cryptography upgrade to 49.0.0.
Phase 4 SIEM integration specification. Pluggable profile architecture, five platform adapters, integrity model, and disk impact analysis.
CareFortress is open source under the MIT license. Clone the repository, review the security documentation, and run the validation suite against your own environment.
The full source, documentation, and security testing reports are in a single repository.
Start with docs/APT_THREAT_MODEL.md for the architecture threat analysis, then docs/SECURITY_TESTING.md for empirical test results.
Run scripts/validate-chain.py to verify audit chain integrity. The SBOM and CVE scan are pre-generated in docs/.
For OEM integration, research collaboration, or hospital deployment discussions, reach out via LinkedIn or open an issue on GitHub.