Health care information systems form the backbone of health care infrastructures and are increasingly reliant on medical devices to capture and transmit data. These devices, however, are vulnerable to attacks from the digital domain. The number of differing medical devices and information systems interacting with one another in new and increasingly less secure and disparate ways creates new challenges in information systems security. This work-in-progress paper presents a system design and methodology for modelling data interactions and data flow within the health care infrastructure. The system will increase situational awareness for users of information systems and promote stronger cyber security best practices and policies within this rapidly evolving landscape.