“CYBERSECURITY IN HEALTHCARE”
(HealthSec) 2024

Monday, October 14th, 2024 in Salt Lake City, Utah USA (location to be announced)
An interdisciplinary workshop to be held in conjunction with the 31st ACM Conference on Computer and Communications Security (CCS 2024)

Call for Papers

In its most basic form, healthcare is gathering data, interpreting data into information, and transforming information into current human knowledge that can be acted upon, with each of these stages open to unintended errors and/or malicious subversion. These stages do not occur within a vacuum but rather within our existing infrastructures and social system with all their current limitations, systemic bias, and exploitable vulnerabilities. While a similar characterization can be made about security in other applied domains, healthcare is undergoing a dramatic transformation, arguably the next technological revolution, presenting immediate opportunities for improvement along with corresponding challenges in security.

Our desire is to bring together diverse researchers from academia, government, and the healthcare industry to report on latest research efforts. As this is the inaugural workshop focusing on cybersecurity in healthcare, we aim to encourage, jumpstart, and grow excellent interdisciplinary contributions at the forefront of research. Papers with demonstrated results will be given priority. We seek submissions from researchers and practitioners on a list of potential topics which includes, but is not limited to:

Cybersecurity issues (including risks, challenges, incidences, solutions, approaches)
Healthcare as critical national infrastructure
AI in healthcare (e.g. clinical decision support software, ambient clinical documentation)
Big data/high performance computing (HPC) in healthcare
Encryption, authentication, provenance of storage in healthcare environments
Healthcare supply chains
Online health communities
Health information exchanges (HIEs)
Electronic health records (EHRs)
Telehealth and/or patient portals
Internet of (medical) Things (MIoT)
Medical devices, medical implants, and/or medical wearables
Wireless/mobile healthcare and/or remote patient monitoring
Digital healthcare tools to improve patient safety
Safety engineering in clinical facility settings
Healthcare insider threats
Software-controlled robotic medical systems
Updating/patching software and re-certification of medical devices
Ransomware attacks on healthcare especially hospitals *
Events resulting in (HIPAA/GDPR) healthcare privacy breaches **
Comparisons of IT infrastructure in different types of healthcare facilities/services
Empirical study of cybersecurity in a specific healthcare IT environment
Research specifically addressing the Conficker worm/botnet medical device air gap
Policy/Economics/Legal/Ethical position papers – addressing cybersecurity issues in healthcare
Technical efforts by governmental entities to improve cybersecurity in healthcare

Papers with the following as their only foci are discouraged:

Cybersecurity best practice recommendations for healthcare organizations
* Longitudinal studies showing increasing cyberattacks on healthcare
** Papers mixing analysis of privacy breaches with ransomware outages

If you have any questions, please email the workshop chair.

Workshop Chairs / Organizing Committee:

CHAIR – William (Bill) Yurcik, Centers for Medicare & Medicaid Services (CMS HQ) (healthsec DOT 2024 DOT chair AT gmail DOT com)
VICE-CHAIR – Gregory Pluta, U of Illinois at Urbana-Champaign (gpluta AT illinois DOT edu)
VICE-CHAIR – Toan Luong, MITRE (tluong AT mitre DOT org)
VICE-CHAIR & LOCAL SITE COORDINATOR – Luis Garcia, U of Utah (lgarcia AT cs DOT utah DOT edu)
INVITED KEYNOTE SPEAKER – Erik Decker/CISO Intermountain Health, Salt Lake City, UT

Important Dates

Paper Submission Deadline: Thursday June 20^th 2024 (before 23:59 6/20/24 ANYWHERE ON EARTH!)
Paper Review Deadline for PC Members: Thursday July 18^th 2024
Paper Acceptance Notification: Thursday August 8^th 2024
Camera-Ready Accepted Paper Deadline: Thursday September 5^th 2024 (Firm Deadline)
HealthSec 2024 Workshop Date: Monday, October 14th , 2024 (Columbus Day, Federal Holiday in USA)

Submission Guidelines:

Regular paper submissions should be at most 8 pages in double-column ACM format including references and appendices (the latest sigconf template is here https://www.acm.org/publications/proceedings-template — authors should not change the font or the margins of the ACM format. Papers should be in English and describe original work that is not previously published or concurrently submitted elsewhere. Submissions should NOT be anonymized.
Submissions are to be made to the CCS-2024 Workshop submission HotCRP website. You will be requested to upload the file of your paper (in PDF format only). Submissions not meeting these guidelines risk rejection without consideration of their merits. Proceedings of the workshop will be published by ACM on a CD, available to the workshop attendees. Papers will be included in the ACM Digital Library, with a specific ISBN.
At least one author of each accepted regular paper is required to register to attend the ACM CCS HealthSec Workshop by the early-bird registration deadline. It is expected that each regular paper will be presented in-person at the HealthSec workshop.
Position Papers. Please email your position paper topic idea directly to the workshop chair for feedback and instructions before you submit a draft. Position papers can be up to 12 pages in length with the title starting with “Position Paper: ”.
Proposals for panels are also solicited. Panel proposals are to be concise, up to 2 pages in length, name potential panelists, and describe the topics to be discussed. Disruptive and controversial panels are particularly encouraged. Please email your panel proposal as a PDF attachment directly to the workshop chair.
Optional pre-submission assistive review for authors:
To support authors preparing to submit their work to HealthSec-2024, select members of our program committee are generously offering assistive feedback to help improve papers before the submission deadline!   To request feedback, email healthsec24@assistivereview.org and either attach a copy of your draft or (better) a link to a URL that will be updated to your latest draft. Please also specify the content upon which you would like reviewers to focus their feedback.
One reason we are experimenting with pre-submission author-assistive feedback this year is to help level the playing field for authors who do not have experience submitting to ACM CCS workshops themselves or access to peers with this experience. For example, such feedback may be helpful to medical professionals new to cybersecurity or to cybersecurity researchers new to healthcare. Regardless, all authors may take advantage of this optional service, though we cannot guarantee that we will be able to provide feedback to every request. 

Cybersecurity in Healthcare (HealthSec) 2024 Program Committee:

Jenny Amos, University of Illinois-UC
Spiros Antonatos, Aegis Technologies
Zahid Anwar, Baker Hughes
Stefan Axelsson, Stockholm University
James Barlow, Yahoo!
Roelof Boonstra, Physician Software Systems
Debra Bruemmer, MedSec
Christopher Bunnell, UniteGPS
Roy Campbell, University of Illinois-UC (Emeritus)
George Cantwell, University of Cambridge
Guenevere Chen, University of Texas San Antonio
Sung Choi, University of Central Florida
Michael Collins, USC ISI
Christian Dameff MD, UCSD Health ***
Marek Druzdzel, Bialystok University of Technology
Robert F. Erbacher, Army Research Lab
Wade Fagen-Ulmschneider, University of Illinois-UC
Francisco Fonseca, BitSight
Allan Friedman, CISA
Deborah Frincke, Sandia National Lab
Kevin Fu, Northeastern University (fmr FDA Med Devices)
Simson Garfinkel, BasisTech
Michael T. Gastner, Singapore Inst of Technology
Carrie Gates, Bank of America
Dan Geer, In-Q-Tel
Carl Gunter, University of Illinois-UC
Jaiwei Han, University of Illinois-UC
Dan Harkness, Argonne National Lab
Ragib Hasan, University of Alabama at Birmingham
Colton Hood MD, George Washington U Hospital ***
Tadd Hopkins, BitSight
Allen Householder, CMU SEI CERT
Haochen Huang, Whova
Cynthia Irvine, Naval Postgraduate School
Anupam B. Jena MD, Harvard Medical School ***
Eric Johnson, Vanderbilt University
James Joshi, University of Pittsburgh
Nikolai Joukov, modelizeIT
Nadir Kiyanclar, Oracle
Gregory Koenig, Arkstro
Scott Kruse, Texas State University
Kiran Lakkaraju, Sandia National Lab
Tom Linehan, BitSight
Kwan-Liu Ma, UC-Davis
John McHugh, AssuranceLabs, Inc.
Forrest Xin Meng, DragonPass
Ethan Miller, UC-Santa Cruz
Jacki Monson, Sutter Health
Suvda Myagmar, Salesforce
Peter G. Neumann, SRI
Stephen North, Infovisible
Godwin Odia, Captain USPHS (Ret), Applied Health Informatics ***
Rhonda O’Kane, BitSight
Sean Peisert, Lawrence Berkeley National Lab
Eric Perakslis, Pluto Health
Jim Prewett, University of New Mexico
Ronald Pulivarti, NIST
Raj Rajagopalan, Resideo
Ram Ramadoss
Esa M. Rantanen, Rochester Inst of Technology
Daniel Reed, University of Utah
Will Ricciardi, BitSight
Nichols Romero, AMD
Jeremy Rossi, Binary Data Engineering
Avi Rubin, Harbor Labs
Marcus Sachs, Center for Internet Security
Rami Saydjari MD, Ronin Institute ***
Sami Saydjari, Dartmouth University
Stuart Schechter, Harvard University
Andreas Schick, FDA
Naomi Schwartz, Medcrypt
Cigdem Sengul, Brunel University
Aashish Sharma, Lawrence Berkeley National Lab
Bryan Smith, Boldend
Natalie Sullivan MD, George Washington U Hospital ***
Jeff Tully MD, UCSD Health ***
Eugene Vasserman, Kansas State University
Jun Wang, Rackspace Hosting
David Wiegandt, Sandia National Lab
Christopher Worsham MD, Mass General & Harvard Medical School ***
Felix Wu, UC-Davis
Xiaoxin Yin, Airbnb
Erez Zadok, Stony Brook University

*** medical professional