Indianapolis, Indiana – In an era where cyber threats grow more sophisticated by the day, researchers at Indiana University are standing on the front lines of digital defense — protecting some of the nation’s most sensitive data. Cybersecurity specialists from IU’s Kelley School of Business and Luddy School of Informatics, Computing and Engineering are working to shield both large-scale scientific research systems and personal health records from potential cyberattacks.
Their efforts recently gained national recognition with a major funding award from the National Science Foundation’s (NSF) Safety, Security and Privacy of Open-Source Ecosystems program. IU received not one, but two separate $1.5 million grants — totaling $3 million — to strengthen open-source platforms that support vital public research and healthcare systems.
“This is a program very focused on supporting practical matters of merit to the national interest,” said Brad Wheeler, Sungkyunkwan Professor of Information Systems and Rudy Professor of Operations & Decision Technologies at the Kelley School, who co-leads one of the funded projects. “For IU to receive not one but two of these awards, especially in this very competitive national funding environment, is a big deal.”
Strengthening the Digital Backbone of National Research
The first of the two NSF-funded projects focuses on securing cloud-based research infrastructure that thousands of scientists rely upon across the United States. Wheeler and his colleague, Sagar Samtani — an associate professor of operations and decision technologies and director of IU’s Data Science and Artificial Intelligence Lab — are leading efforts to enhance the cybersecurity of two open-source platforms: Jetstream and Exosphere.
Administered by IU under multiple NSF grants, these platforms serve as digital engines for collaboration and computing in scientific research. They allow teams across universities and institutions to create virtual research environments and share massive data resources seamlessly. But this flexibility, while critical for discovery, also introduces risk.
“Our project is about empowering researchers to identify and address software vulnerabilities in real time, using AI to improve the resilience and safety of these ecosystems,” said Samtani, whose lab specializes in applying artificial intelligence to issues such as threat intelligence, vulnerability assessment, and secure cloud infrastructure.
Jetstream’s decentralized design enables scientists to launch independent servers quickly, a feature that accelerates collaboration and experimentation. However, this same independence can lead to unpatched systems when research groups move on or fail to update their software. Such oversights can expose valuable datasets — and by extension, taxpayer-funded research — to security breaches.
To combat this problem, Samtani’s team is developing artificial intelligence tools capable of automatically scanning for weak points in the code and suggesting immediate fixes. These AI-driven agents will not only flag potential vulnerabilities but will guide researchers toward solutions, easing the burden of manual maintenance and patch management.
“We’re not just scanning for vulnerabilities,” Samtani explained. “We’re building tools that help users understand and fix them, so they can focus on science without worrying about cybersecurity.”
The project also partners with IU’s University Information Technology Services (UITS) Research Technologies division, which oversees the technical backbone for the university’s computing environments. Together, the teams hope to demonstrate how AI-enhanced cybersecurity can make research infrastructure more resilient — and, ultimately, more trustworthy.
Protecting the World’s Largest Open-Source Medical Record System
While Wheeler and Samtani’s project focuses on research data, another IU-led initiative is tackling an even more personal challenge: the security of medical information.
Saptarshi Purkayastha, an associate professor of health informatics and director of the Health Informatics Program at the Luddy School, is leading a companion project to secure OpenMRS — the world’s largest open-source electronic medical records system.
Developed initially for IU’s AMPATH health partnership in Kenya, OpenMRS has since grown into a global platform managing patient data in more than 40 countries. The system, which is free and open-source, is now used by hospitals, clinics, and nonprofits to manage care in regions ranging from sub-Saharan Africa to parts of the United States.
By improving OpenMRS’s defenses against cyberattacks, Purkayastha and his collaborators at the IU School of Medicine and the Regenstrief Institute aim to make it safer and more appealing for healthcare providers worldwide. The benefits extend beyond privacy and security — the team believes that better protection will also help drive down healthcare costs.
“There is both a security incentive and a financial incentive to this project since reducing administrative overhead reduces the overall cost of healthcare,” Purkayastha said. “The wider adoption of open-source software in healthcare will lower costs both through fostering greater competition in the marketplace and reducing dependance on expensive proprietary systems.”
For Purkayastha, the project is also deeply personal. His connection to OpenMRS began in 2008, when he was a master’s student participating in Google’s Summer of Code program. He went on to become a core contributor and trusted authority in the OpenMRS developer community, with the responsibility to approve other developers’ code contributions.
Now, years later, his NSF-funded research builds directly upon that legacy. Instead of relying on centralized updates, his team plans to establish a structured security training and certification program for OpenMRS contributors. This approach empowers the global community of developers who maintain the software — ensuring that new code is both innovative and secure.
They are also adapting a trusted vulnerability scoring system tailored to open-source medical applications and launching a “bug bounty” initiative to encourage developers to identify and fix known security flaws.
Other key collaborators include Xukai Zou, a professor of computer science at the Luddy School who specializes in cybersecurity research, and Burke Mamlin, an associate professor of clinical medicine at the IU School of Medicine and a co-founder of OpenMRS. Mamlin, who also serves as the platform’s chief software architect, continues to guide its development from both a technical and clinical perspective.
“The real strength of open-source systems comes from the fact that they’re community-driven,” Purkayastha said. “People contribute to these systems because they believe in the software’s mission, and that can create a type of resilience and innovation that isn’t always seen in other systems.”
A Broader Impact on Digital Trust and Innovation
For Indiana University, these twin cybersecurity projects underscore a growing national role in defending the digital ecosystems that power research and healthcare. The NSF’s decision to award IU two of only six university-led grants in this highly competitive program reflects confidence in the university’s capacity to address complex, real-world challenges.
The initiative also aligns with IU’s long-standing leadership in research computing and data management. Over the years, IU has developed and maintained several key systems that underpin national scientific collaboration, positioning the university as a trusted guardian of open science infrastructure.
By combining advanced AI-driven vulnerability detection with grassroots community education and training, IU’s cybersecurity experts are building solutions that go beyond code. They’re helping create a culture of digital responsibility — one where researchers and healthcare providers can innovate without fear of exposing sensitive data.
In an increasingly connected world, where cyber threats evolve faster than most defenses, that kind of protection is invaluable. As Wheeler, Samtani, and Purkayastha’s work continues, Indiana University stands as a model for how academic institutions can safeguard the public good while driving innovation forward — ensuring that both scientific breakthroughs and personal health information remain secure for years to come.
