“CYBERSECURITY IN HEALTHCARE” (HealthSec) 2025

An ACSAC Workshop …

An interdisciplinary one-day workshop to be co-located with the Annual Computer Security Applications Conference (ACSAC41) <https://www.acsac.org/>

For background, the first HealthSec Workshop held October 2024 can be found here-> <https://publish.illinois.edu/healthsec/>

===

CALL-FOR-PAPERS

In its most basic form, healthcare is gathering data, interpreting data into information, and transforming information into current human knowledge that can be acted upon, with each of these stages open to unintended errors and/or malicious subversion. These stages do not occur within a vacuum but rather within our existing infrastructures and social system with all their current limitations, systemic bias, and exploitable vulnerabilities. While a similar characterization can be made about security in other applied domains, healthcare is undergoing a dramatic transformation, arguably the next technological revolution, presenting immediate opportunities for improvement along with corresponding challenges in security.

Our desire is to bring together diverse researchers from academia, government, and the healthcare industry to report on the latest research efforts. As this is the second workshop following a first workshop that exceeded all expectations, we want to continue momentum toward encouraging, jumpstarting, and growing excellent interdisciplinary contributions at the forefront of cybersecurity in healthcare research. Papers with demonstrated results will be given priority. We seek submissions from researchers and practitioners on a list of potential topics which includes, but is not limited to:

Cybersecurity issues (including risks, challenges, incidences, solutions, approaches)

• Healthcare as critical national infrastructure
• AI in healthcare (e.g. clinical decision support software, ambient clinical documentation)
• Big data/high performance computing (HPC) in healthcare
• Storage encryption, authentication, provenance in healthcare environments
• Healthcare supply chains resilience
• Online health communities and patient portals
• Health information exchanges (HIEs)
• Electronic health records (EHRs)
• Hospital-at-Home, Telemedicine, Telehealth
• Internet of (medical) Things (MIoT)
• Medical devices, medical implants, and/or medical wearables
• Wireless/mobile healthcare and/or remote patient monitoring
• Digital healthcare tools and safety engineering to improve patient safety
• Human factors safety engineering in clinical facility settings
• Healthcare insider threats
• Software-controlled robotic medical systems
• Updating/patching software and re-certification of medical devices
• Applications of STAMP/CAST/STPA techniques to healthcare
• Ransomware attacks on healthcare – especially hospitals (see Note 1 below)
• Events resulting in (HIPAA/GDPR) healthcare privacy breaches (see Note 2 below)
• Comparisons of IT infrastructure in different types of healthcare facilities/services
• Empirical study of cybersecurity in a specific healthcare IT environment
• Research specifically addressing the Conficker worm/botnet medical device air gap
• Policy/Legal/Ethical position papers – addressing healthcare cybersecurity issues
• Economics of healthcare cybersecurity
• Technical efforts by governmental entities to improve cybersecurity in healthcare

Papers with the following as their only foci are discouraged and will be rejected a priori:

• Cybersecurity best practice recommendations for healthcare
• Note 1- Longitudinal studies showing increasing cyberattacks on healthcare based on HHS/OCR or proprietary data sets – HHS/OCR data is poor quality and proprietary datasets are non-replicable artifacts
• Note 2- Papers mixing analysis of privacy breaches with ransomware outages

Questions about your paper topic, then please email the workshop chair in advance!

===

WORKSHOP REGISTRATION:

If you are interested in attending, check the appropriate box on the ACSAC 2025 conference registration form and add “CYBERSECURITY IN HEALTHCARE” (HealthSec) Workshop fee.

We welcome all participants! – Including those newly attracted to this research space as well as those who live in this research space such that they may be tempted to swim to Hawaii to attend!  One of the unique things about our inclusive community is that our research space indeed touches everyone and each of us has some experience to share and/or expert knowledge to contribute. This research space is large enough for all of us so please join us – where everyone knows your name – and they’re always glad you came!  There are no strangers in our workshop community, only friends who have not met yet. 😊

A non-US citizen who seeks to travel to the Hawaii in the United States generally must first obtain a U.S. visa. Visas are placed in the traveler’s passport, a travel document issued by the traveler’s country of citizenship. Certain international travelers may be eligible to travel to the United States without a visa if they meet the requirements for visa-free travel. For additional detailed information about the visa process, please check what the requirements are to travel from your country to the USA, and access this link on the ACSAC 2025 conference website <https://www.acsac.org/visa/>.  PLEASE PLAN AHEAD TO ALLOW ENOUGH TIME (WEEKS/MONTHS) FOR THE MULTI-STEP VISA PROCESS TO EXECUTE, THIS IS YOUR RESPONSIBILITY.  

===

“HealthSec” email list created for Workshop Communications!  😊     

•  To subscribe, send an email to sympa@lists.ischool.illinois.edu and in the email subject line type:
           subscribe healthsec firstname lastname  {leaving message body blank}
 •  To send email to list after you subscribe (must be subscribed before sending to list), send an email to:            

                     healthsec@ischool.illinois.edu

 •  To see general information about UIUC iSchool mailing lists: 

https://lists.ischool.illinois.edu/lists/help/introduction.html
                     {if you create a local login at this URL above you can use a graphic interface to the healthsec email list} 
• Your subscriber options can be found here: 

              https://lists.ischool.illinois.edu/lists/help/user-suboptions.html
• To see member roster currently subscribed, send an email to:        

              sympa@ischool.illinois.edu   {and in the email subject line type:}
           review healthsec  {leaving the email message body blank}
• To unsubscribe from this list, send an email to: 

             sympa@lists.ischool.illinois.edu {and in the email subject line type:}
             unsubscribe healthsec  {leaving the email message body blank}

===

IMPORTANT HealthSec 2025 DATES:

• Paper Submission Deadline {all paper categories}: Friday July 25^th 2025 extended to Friday August 1st 2025
  [[ DEADLINE HAS PASSED — NO LONGER RECEIVING SUMISSIONS]]
• Paper Review Deadline for PC Members: Sunday September 14^th 2025
• Paper Acceptance Notification to Authors: Saturday September 20^th 2025 
• Camera-Ready Accepted Paper Deadline: Saturday November 1^st 2025
• HealthSec 2025 Workshop Date: Tuesday December 9^th 2025

===

PAPER SUBMISSION GUIDELINES:

• Five Paper Submission Categories

• All submitted papers are required to be in the US Letter (not A4) double-column IEEE format which will be strictly enforced. IEEE format templates are available at: 

                             <https://www.ieee.org/conferences/publishing/templates.html>  

LaTeX submissions must use the IEEEtran.cls version 1.8b template  with the \documentclass[conference,compsoc]{IEEEtran} documentclass option. 

Papers must be NON-BLINDED clearly listing each author’s organizational affiliation and contact information for one corresponding author.  Paper submissions not meeting these specified format guidelines risk rejection without consideration of paper merits.

• All papers must be submitted through the EasyChair HealthSec-2025 paper submission system at this link:           <https://easychair.org/conferences?conf=healthsec2025>.

• Accepted papers published in the IEEE Xplore Digital Library workshop proceedings. 

• Post workshop revised papers will be published by Springer Nature in a separate book workshop proceedings.

• For each accepted paper – at least one author must register for the HealthSec Workshop – and attend in-person –  with each accepted paper presented in-person at the workshop.  Unfortunately the HealthSec Workshop does not have funds for paper authors and we realize the workshop registration fee and travel cost (airfare + hotel) represents a significant cost barrier.  As a result, if you are not able to handle the cost for an author to register and physically attend and present your paper at the workshop then please do not submit a paper. Special cases may be handled on a case-by-case basis in coordination with the ASCAC41 Conference Organizers. Accepted papers not presented in-person at the HealthSec 2025 workshop may have their acceptance withdrawn and paper not published. This in-person attendance requirement is the current reality of research conference economic viability.

===

===

Workshop Chairs / Organizing Committee:

• CHAIR – William (Bill) Yurcik (healthsec DOT chair AT gmail DOT com)
• VICE-CHAIR – Gregory Pluta, U of Illinois at Urbana-Champaign (gpluta AT illinois DOT edu)
• VICE-CHAIR – Scott Kruse, University of Texas at El Paso (cskruse AT utep DOT edu)
• VICE-CHAIR – Sami Saydjari, Dartmouth College (sami DOT saydjari AT dartmouth DOT edu)
• VICE-CHAIR & LOCAL SITE COORDINATOR – Mehdi Tarrit Mirakhorli, University of Hawaii – Manoa  ( mehdi23 AT Hawaii DOT edu )

===

HealthSec 2025 WORKSHOP PROGRAM COMMITTEE:

Mahshid Abir, RAND Corporation
Jenny Amos, University of Illinois – Urbana-Champaign
Prashant Anantharaman, Narf Industries
Spiros Antonatos, Cymph
Zahid Anwar, North Dakota State University
Adam Bates, University of Illinois – Urbana-Champaign
Peter Beling, Virginia Tech University
Bhavani Thuraisingham, University of Texas – Dallas
Joseph Bonvie, Home Base
Roy Campbell, University of Illinois – Urbana-Champaign (emeritus)
Guenevere (Qian) Chen, University of Texas – San Antonio
Michael Collins, USC Information Sciences Institute (ISI)
Diane Dolezel, Texas State University
Robert Erbacher, U.S. Army Research Laboratory
Kevin Farinholt, Caretaker Medical
Luis Garcia, University of Utah
Dan Geer, In-Q-Tel
Dan Harkness, Argonne National Laboratory
Ragib Hasan, University of Alabama-Birmingham
Allen Householder, Carnegie Mellon University (CMU) Software Engineering Institute (SEI) CERT
Haochen Huang, Whova 
Cynthia Irvine, Naval Postgraduate School
M. Eric Johnson, Vanderbilt University
Latifur Khan, University of Texas – Dallas
Gregory Koenig, Annuity Association
Taisa Kushner, Galois Inc
Kiran Lakkaraju, Microsoft
Patricia McGaffigan, Institute for Healthcare Improvement (IHI)
John McHugh, AssuranceLabs
Ethan Miller, Pure Storage
Fábio Roberto de Miranda, Insper Institute of Education and Research
Monique K. Monsoura, Global Health Security & Biotechnology, Strategic Advisor
Peter G. Neumann, SRI
Stephen North, Infovisible
Sean Peisert, Lawrence Berkeley National Laboratory
Jim Prewett, University of New Mexico
Raj Rajagopalan, Resideo
Esa Rantanen, Rochester Institute of Technology (RIT)
Raj Ratwani, Medstar Health
Avi Rubin, Harbor Labs
Marcus Sachs, Center for Internet Security
Rami Saydjari, Ronin Institute for Independent Scholarship 2.0
Naomi Schwartz, MedCrypt
Cigdem Sengul, Brunel University-London
Aashish Sharma, Lawrence Berkeley National Lab
Natalie Sullivan, George Washington University Hospital
Eugene Vasserman, Kansas State University
Nalini Venkatasubramanian, University of California – Irvine
Gang Wang, University of Illinois – Urbana-Champaign
Christopher Worsham, Harvard Medical School & Mass General Hospital
Daphne Yao, Virginia Tech University
Xiaoxin Yin, Airbnb

If you would like to volunteer to be on the HealthSec 2025 program committee and peer review workshop paper submissions then please email the workshop chair! 

===

…..