An ACM CCS Workshop …

“CYBERSECURITY IN HEALTHCARE”
(HealthSec) 2024

Monday, October 14th, 2024, Salt Lake City, Utah USA
An interdisciplinary workshop to be held in conjunction with the 31st ACM Conference on Computer and Communications Security (CCS 2024)

HealthSec’24 @ GRAND BALLROOM “SALON E”
Salt Lake Marriott Downtown at City Creek 75 S W Temple St, Salt Lake City, UT 84101 (801) 531-0800
Monday October 14th 2024
WORKSHOP SCHEDULE (note – all times listed here are local Salt Lake City Utah USA Mountain Zone times)
7:00AM – LIGHT BREAKFAST @ HOTEL 2nd FLOOR [7:00am-9:00am]
9:00AM – HealthSec’24 CHAIRS’ WELCOME @ GRAND BALLROOM “SALON E”  [9:00am-9:15am]
9:15AM – SESSION 1: OPENING PAPERS DISCUSSION [9:15am-9:40am ]
SESSION 1 CHAIR: Bill Yurcik/CMS
Position Paper: Computer-Related Health Risks” – Peter G. Neumann/SRI Computer Science Laboratory
Clinical and Hospital System Emergency Management Implications of Cyberthreats” – Natalie Sullivan & Kristin Raphel/George Washington University Hospital
Position Paper: Evaluating Analogies and Applying Public Health Models for Cybersecurity” Presenter: O. Sami Saydjari/Dartmouth College
9:45AM – KEYNOTE TALK [9:45am-10:30am]
KEYNOTE SPEAKER: Erik Decker/Intermountain Health
10:30AM – REFRESHMENTS BREAK @ GRAND BALLROOM FOYER [10:30am-11:00am]
11:00AM – SESSION 2: CYBERPROTECTION OF MEDICAL IMAGING [11:00am-11:55am]
SESSION 2 CHAIR: Aashish Sharma/Lawrence Berkeley National Laboratory (LBNL)
11:00am-11:25am “Protecting Lung CT Nodule Classification Models with Feature Fusion of Image and Pixel-level Features”  Presenter: Yunzheng Zhu/UCLA
11:30am-11:55am “The Security of Deep Learning Defenses in Medical Imaging” Presenter: Guy Amit/Ben-Gurion University
NOON – LUNCH BUFFET @ HOTEL 2ND FLOOR [NOON-1:30PM]
1:30PM – SESSION 3: CYBERPROTECTION OF HOSPITALS [1:30pm-3:25pm]
SESSION 3 CHAIR: Scott Kruse/Texas State University
1:30am-1:55am “Cybersecurity Monitoring/Mapping of USA Healthcare (All Hospitals) – Magnified Vulnerability due to Shared IT Infrastructure, Market Concentration, & Geographical Distribution”  Presenter: Bill Yurcik/CMS
2:00pm-2:25pm “A Study of Interoperability in Electronic Health Record Software” Presenter: Vishnupriya Varadharaju/Narf Industries
2:30pm-2:55pm “MediLink: A Secure Blockchain Framework for Multi-Institutional Healthcare” Presenter: Jorge Castillo/University of Texas at Rio Grande Valley
3:00pm-3:25pm “Zeus: IoT-based Healthcare Data Management Security Framework for Remote Patient Monitoring” Presenter: Shreya Nuguri/University of Missouri-Columbia
3:30PM – REFRESHMENTS BREAK @ GRAND BALLROOM FOYER [3:30pm-4:00pm]
4:00PM – SESSION 4: CYBERPROTECTION OF MEDICAL DEVICES [4:00pm-5:00pm]
SESSION 4 CHAIR: Fábio Roberto de Miranda/Insper Institute of Education and Research
4:00pm-4:25pm “Security Analysis of RL-Based Artificial Pancreas Systems” Presenter: Veena Krish/Stony Brook University
4:30pm-4:55pm “SAM: Foreseeing Inference-Time False Data Injection Attacks on ML-enabled Medical Devices”  Presenter: Gargi Mitra/University of British Columbia
5:00PM – SESSION 5: SPECIALIZED HEALTHCARE CYBERPROTECTION – Genetic Data, Rural Services, Healthcare Data, & Senior Living [5:00pm-5:55pm]
SESSION 5 CHAIR: Bill Yurcik/CMS
5:00pm-5:25pm “Privacy-Preserving Collaborative Genomic Research: A Real-Life Deployment and Vision” Presenter: Nahal Shahini/Case Western Reserve University
5:30pm-5:55pm “Mixed Methods Analysis of System Hazards in the Provision of Remote Health Services in Rural Australia” Presenter: Ashley Brooks/Imperial College London
Position Paper: Early Experiences Protecting Healthcare Data for Secondary Use” – John Halamka/Mayo Clinic
Position Paper: Personal Experience in the Technology Opportunities and Associated Risks of Healthcare Challenges in a Continuing Care Retirement Community (CCRC)” – John McHugh/AssuranceLabs & William Yurcik/CMS
6:00PM – WORKSHOP TRANSITION OFFSITE
SESSION 6: POST-WORKSHOP OFF-SITE PAPER DISCUSSION [LOCATION & TIME TO BE ANNOUNCED]
Position Paper: Revealing the Limits of Cybersecurity Law for Healthcare AI” – Charlotte A. Tschider/Loyola University Chicago School of Law & The Beazley Institute of Health Law and Policy

We created a “HealthSec” emailing list for Community Communications!            

 •  To subscribe to this list, send an email to sympa@lists.illinois.edu and in the email subject line type:
             subscribe healthsec firstname lastname (leaving message body blank)
 •  To send to the list after you subscribe, send an email to: healthsec@ischool.illinois.edu
     See general information about UIUC iSchool mailing lists: https://lists.ischool.illinois.edu/lists/help/introduction.html
     If you create a local login at this URL above you can use a graphic interface to the healthsec email list 
• Your subscriber options can be found here: https://lists.illinois.edu/lists/help/user-suboptions.html
• To see member roster currently subscribed to this list, send an email to sympa@lists.illinois.edu and in the email subject line type:
             review healthsec   (leaving the email message body blank)
• To unsubscribe from this list, send an email to sympa@lists.illinois.edu and in the email subject line type:
           unsubscribe healthsec   (leaving the email message body blank)

HealthSec Pre-Conference Workshop Registration

 Register at: https://whova.com/portal/registration/acmcc_202410/
{a $360 pre-conference workshop early bird registration rate lasts until 9/13 after which the rate increases to $410}

Please attend our HealthSec Workshop for:

  • one-of-a-kind human networking opportunities with leading researchers from academia, government, and the healthcare industry!
  • stimulating intellectual discussions, sharing of experience, and evidence-based new ideas toward solving real-world problems!
  • if you are local to Salt Lake City, consider registering to attend before we run out of space capacity and will not be able to accept participants!

Call for Papers

In its most basic form, healthcare is gathering data, interpreting data into information, and transforming information into current human knowledge that can be acted upon, with each of these stages open to unintended errors and/or malicious subversion. These stages do not occur within a vacuum but rather within our existing infrastructures and social system with all their current limitations, systemic bias, and exploitable vulnerabilities. While a similar characterization can be made about security in other applied domains, healthcare is undergoing a dramatic transformation, arguably the next technological revolution, presenting immediate opportunities for improvement along with corresponding challenges in security.

Our desire is to bring together diverse researchers from academia, government, and the healthcare industry to report on latest research efforts. As this is the inaugural workshop focusing on cybersecurity in healthcare, we aim to encourage, jumpstart, and grow excellent interdisciplinary contributions at the forefront of research. Papers with demonstrated results will be given priority. We seek submissions from researchers and practitioners on a list of potential topics which includes, but is not limited to:

  • Cybersecurity issues (including risks, challenges, incidences, solutions, approaches)
    • Healthcare as critical national infrastructure
    • AI in healthcare (e.g. clinical decision support software, ambient clinical documentation)
    • Big data/high performance computing (HPC) in healthcare
    • Encryption, authentication, provenance of storage in healthcare environments
    • Healthcare supply chains
    • Online health communities
    • Health information exchanges (HIEs)
    • Electronic health records (EHRs)
    • Telehealth and/or patient portals
    • Internet of (medical) Things (MIoT)
    • Medical devices, medical implants, and/or medical wearables
    • Wireless/mobile healthcare and/or remote patient monitoring
    • Digital healthcare tools to improve patient safety
    • Safety engineering in clinical facility settings
    • Healthcare insider threats
    • Software-controlled robotic medical systems
    • Updating/patching software and re-certification of medical devices
  • Ransomware attacks on healthcare especially hospitals *
  • Events resulting in (HIPAA/GDPR) healthcare privacy breaches **
  • Comparisons of IT infrastructure in different types of healthcare facilities/services
  • Empirical study of cybersecurity in a specific healthcare IT environment
  • Research specifically addressing the Conficker worm/botnet medical device air gap
  • Policy/Economics/Legal/Ethical position papers – addressing cybersecurity issues in healthcare
  • Technical efforts by governmental entities to improve cybersecurity in healthcare

Papers with the following as their only foci are discouraged:

  • Cybersecurity best practice recommendations for healthcare organizations
  • * Longitudinal studies showing increasing cyberattacks on healthcare
  • ** Papers mixing analysis of privacy breaches with ransomware outages

Workshop Chairs / Organizing Committee:

  • CHAIR – William (Bill) Yurcik, Centers for Medicare & Medicaid Services (CMS HQ) (healthsec DOT 2024 DOT chair AT gmail DOT com)
  • VICE-CHAIR – Gregory Pluta, U of Illinois at Urbana-Champaign (gpluta AT illinois DOT edu)
  • VICE-CHAIR – Toan Luong, MITRE (tluong AT mitre DOT org)
  • VICE-CHAIR & LOCAL SITE COORDINATOR – Luis Garcia, U of Utah (lgarcia AT cs DOT utah DOT edu)
  • KEYNOTE SPEAKER – Erik Decker/CISO Intermountain Health, Salt Lake City, UT

Important Dates

  • Paper Submission Deadline: PAST DUE – WE ARE NO LONGER ACCEPTING PAPER SUBMISSIONS! (past deadlines were June 20, 2024 which was extended to July 2nd, 2024)
  • Paper Review Deadline for PC Members: Friday, August 9th 2024
  • Paper Acceptance Notification: Saturday August 10th 2024 (all authors have been directly notified!)
  • Camera-Ready Accepted Paper Deadline: Friday August 30th 2024 (Firm Deadline – was previously Sep 5 but was moved up by ACM Publisher)
  • HealthSec 2024 Workshop Date: Monday, October 14th , 2024 (Columbus Day, Federal Holiday in USA)

Submission Guidelines:

  • Regular paper submissions should be between 4 to 8 pages in double-column ACM format including references and appendices (the latest sigconf template is here https://www.acm.org/publications/proceedings-template authors should not change the font or the margins of the ACM format. Papers should be in English and describe original work that is not previously published or concurrently submitted elsewhere. Submissions should NOT be anonymized.
  • Submissions are to be made to the CCS-2024 Workshop submission HotCRP website here ->> https://healthsec-2024.hotcrp.com/. You will be requested to upload the file of your paper (in PDF format only). Submissions not meeting these guidelines risk rejection without consideration of their merits. Proceedings of the workshop will be published by ACM on a CD, available to the workshop attendees. Papers will be included in the ACM Digital Library, with a specific ISBN.
  • At least one author of each accepted regular paper is required to register to attend the ACM CCS HealthSec Workshop by the early-bird registration deadline. It is expected that each regular paper will be presented in-person at the HealthSec workshop.
  • Position Papers. Please email your position paper topic idea directly to the workshop chair for feedback and instructions before you submit a draft. Position papers can be between 1 to 12 pages in length with the title starting with “Position Paper: ”.
  • Proposals for panels are also solicited. Panel proposals are to be concise, up to 2 pages in length, name potential panelists, and describe the topics to be discussed. Disruptive and controversial panels are particularly encouraged. Please email your panel proposal as a PDF attachment directly to the workshop chair.
  • Optional pre-submission assistive review for authors:
    • To support authors preparing to submit their work to HealthSec-2024, select members of our program committee are generously offering assistive feedback to help improve papers before the submission deadline!   To request feedback, email healthsec24@assistivereview.org and either attach a copy of your draft or (better) a link to a URL that will be updated to your latest draft. Please also specify the content upon which you would like reviewers to focus their feedback.
    • One reason we are experimenting with pre-submission author-assistive feedback this year is to help level the playing field for authors who do not have experience submitting to ACM CCS workshops themselves or access to peers with this experience. For example, such feedback may be helpful to medical professionals new to cybersecurity or to cybersecurity researchers new to healthcare. Regardless, all authors may take advantage of this optional service, though we cannot guarantee that we will be able to provide feedback to every request. 

Cybersecurity in Healthcare (HealthSec) 2024 Program Committee:

  • Jenny Amos, University of Illinois-UC
  • Spiros Antonatos, Aegis Technologies
  • Zahid Anwar, North Dakota State University
  • Stefan Axelsson, Stockholm University
  • James Barlow, Yahoo!
  • Roelof Boonstra, Physician Software Systems
  • Debra Bruemmer, MedSec
  • Christopher Bunnell, UniteGPS
  • Roy Campbell, University of Illinois-UC (Emeritus)
  • George Cantwell, University of Cambridge
  • Guenevere Chen, University of Texas San Antonio
  • Sung Choi, University of Central Florida
  • Michael Collins, USC ISI
  • Christian Dameff MD, UCSD Health ***
  • Marek Druzdzel, Bialystok University of Technology
  • Robert F. Erbacher, Army Research Lab
  • Wade Fagen-Ulmschneider, University of Illinois-UC
  • Francisco Fonseca, BitSight
  • Allan Friedman, CISA
  • Deborah Frincke, Sandia National Lab
  • Kevin Fu, Northeastern University (fmr FDA Med Devices)
  • Simson Garfinkel, BasisTech
  • Michael T. Gastner, Singapore Inst of Technology
  • Carrie Gates, Bank of America
  • Dan Geer, In-Q-Tel
  • Carl Gunter, University of Illinois-UC
  • Jaiwei Han, University of Illinois-UC
  • Dan Harkness, Argonne National Lab
  • Ragib Hasan, University of Alabama at Birmingham
  • Colton Hood MD, George Washington U Hospital ***
  • Tadd Hopkins, BitSight
  • Allen Householder, CMU SEI CERT
  • Haochen Huang, Whova
  • Cynthia Irvine, Naval Postgraduate School
  • Anupam B. Jena MD, Harvard Medical School ***
  • Eric Johnson, Vanderbilt University
  • James Joshi, University of Pittsburgh
  • Nikolai Joukov, modelizeIT
  • Nadir Kiyanclar, Oracle
  • Gregory Koenig, Arkstro
  • Scott Kruse, Texas State University
  • Kiran Lakkaraju, Sandia National Lab
  • Tom Linehan, BitSight
  • Kwan-Liu Ma, UC-Davis
  • John McHugh, AssuranceLabs, Inc.
  • Fabio Miranda, Insper Institute
  • Forrest Xin Meng, DragonPass
  • Ethan Miller, UC-Santa Cruz
  • Jacki Monson, Sutter Health
  • Suvda Myagmar, Salesforce
  • Peter G. Neumann, SRI
  • Stephen North, Infovisible
  • Godwin Odia, Captain USPHS (Ret), Applied Health Informatics ***
  • Rhonda O’Kane, BitSight
  • Sean Peisert, Lawrence Berkeley National Lab
  • Eric Perakslis, Pluto Health
  • Jim Prewett, University of New Mexico
  • Ronald Pulivarti, NIST
  • Raj Rajagopalan, Resideo
  • Ram Ramadoss
  • Esa M. Rantanen, Rochester Inst of Technology
  • Daniel Reed, University of Utah
  • Will Ricciardi, BitSight
  • Jeremy Rossi, Binary Data Engineering
  • Avi Rubin, Harbor Labs
  • Marcus Sachs, Center for Internet Security
  • Rami Saydjari MD, Ronin Institute ***
  • Sami Saydjari, Dartmouth University
  • Stuart Schechter, Harvard University
  • Andreas Schick, FDA
  • Naomi Schwartz, Medcrypt
  • Cigdem Sengul, Brunel University
  • Aashish Sharma, Lawrence Berkeley National Lab
  • Bryan Smith, Boldend
  • Natalie Sullivan MD, George Washington U Hospital ***
  • Jeff Tully MD, UCSD Health ***
  • Eugene Vasserman, Kansas State University
  • Jun Wang, Rackspace Hosting
  • David Wiegandt, Sandia National Lab
  • Christopher Worsham MD, Mass General & Harvard Medical School ***
  • Felix Wu, UC-Davis
  • Xiaoxin Yin, Airbnb
  • Erez Zadok, Stony Brook University

*** medical professional