HealthSec2026 | A publish.illinois.edu site

“CYBERSECURITY IN HEALTHCARE” (HealthSec)2026!
An ACSAC42 Workshop
(see HealthSec 2025, HealthSec 2024)

An interdisciplinary one-day workshop to be co-located with the Annual Computer Security Applications Conference (ACSAC42) <https://www.acsac.org/>

Archive of previous HealthSec Workshops:

HealthSec’24 <https://publish.illinois.edu/healthsec/>
HealthSec’25 <https://publish.illinois.edu/healthsec2025/>

===

CALL-FOR-PAPERS

In its most basic form, healthcare is gathering data, interpreting data into information, and transforming information into current human knowledge that can be acted upon, with each of these stages open to unintended errors and/or malicious subversion. These stages do not occur within a vacuum but rather within our existing infrastructures and social system with all their current limitations, systemic bias, and exploitable vulnerabilities. While a similar characterization can be made about security in other applied domains, healthcare is undergoing a dramatic transformation, arguably a technological revolution, presenting ground-breaking opportunities for improvement along with corresponding challenges in security.

Our desire is to bring together diverse researchers from academia, government, and the healthcare industry to report on the latest research efforts. As this is the third workshop, we want to continue momentum toward encouraging, jumpstarting, and growing excellent interdisciplinary contributions at the forefront of cybersecurity in healthcare research. Papers with demonstrated results will be given priority. We seek submissions from researchers and practitioners on a list of potential topics which includes, but is not limited to:

Cybersecurity issues (including risks, challenges, incidences, solutions, approaches)

Healthcare as critical national infrastructure
AI in healthcare (e.g. clinical decision support software, ambient clinical documentation)
Big data/high performance computing (HPC) in healthcare
Storage encryption, authentication, provenance in healthcare environments
Healthcare supply chain resilience
Cyberbiosecurity
Online health communities and patient portals
Health information exchanges (HIEs)
Electronic health records (EHRs)
Hospital-at-Home, Telemedicine, Telehealth
Internet of (medical) Things (MIoT)
Medical devices, medical implants, and/or medical wearables
Wireless/mobile healthcare and/or remote patient monitoring
Digital healthcare tools and safety engineering to improve patient safety
Human factors safety engineering in clinical facility settings
Healthcare insider threats
Software-controlled robotic medical systems
Updating/patching software and re-certification of medical devices
Food Insecurity as a Healthcare concern
Applications of STAMP/CAST/STPA techniques to healthcare
Ransomware attacks on healthcare – especially hospitals (see Note 1 below)
Events resulting in (HIPAA/GDPR) healthcare privacy breaches (see Note 2 below)
Comparisons of IT infrastructure in different types of healthcare facilities/services
Empirical study of cybersecurity in a specific healthcare IT environment
Policy/Legal/Ethical position papers – addressing healthcare cybersecurity issues
Economics of healthcare cybersecurity
Technical efforts by governmental entities to improve cybersecurity in healthcare

Papers with the following as their only foci are discouraged and will be rejected a priori:

Cybersecurity best practice recommendations for healthcare
Note 1- Papers are discouraged which are longitudinal studies showing increasing cyberattacks on healthcare based on HHS/OCR or proprietary data sets – HHS/OCR data is poor quality and proprietary datasets are non-replicable artifacts
Note 2- Papers are discouraged which mix analysis of privacy breaches with ransomware outages

Questions about your paper topic, then please email the workshop chair in advance!

===

IMPORTANT HealthSec 2026 DATES:

Paper Submission Deadline {all paper categories}: Friday July 24^th 2026
Paper Review Deadline for PC Members: Friday August 28^th 2026
Paper Acceptance Notification to Authors: Saturday September 19^th 2026
Camera-Ready Accepted Paper Deadline: Sunday November 1^st 2026
HealthSec 2026 Workshop Date: Tuesday December 8^th 2026

===

PAPER SUBMISSION GUIDELINES:

Five Paper Submission Categories

Regular technical paper submissions between 7-12 pages
Short technical paper submissions between 2-6 pages
Lightning/Poster technical paper submissions between 1-2 pages
Case Study paper submissions between 2-6 pages
Position paper (opinion/invited paper) submissions between 2-12 pages [note – please email workshop chair in advance of the deadline to discuss your submission in this position paper category]

All submitted papers are required to be in the US Letter (not A4) double-column IEEE format which will be strictly enforced. IEEE format templates are available at:

<https://www.ieee.org/conferences/publishing/templates.html>

LaTeX submissions must use the IEEEtran.cls version 1.8b template with the \documentclass[conference,compsoc]{IEEEtran} documentclass option.

Papers must be NON-BLINDED clearly listing each author’s organizational affiliation and contact information for one corresponding author. Paper submissions not meeting these specified format guidelines risk rejection without consideration of paper merits.

All papers must be submitted through the EasyChair HealthSec-2026 paper submission system at this link: <to be listed soon>.
Accepted papers published in the IEEE Xplore Digital Library workshop proceedings!
Selected post-workshop revised papers will also be published by Springer Nature in a separate book workshop proceedings!
For each accepted paper – at least one author must register for the HealthSec Workshop – and attend in-person – with each accepted paper presented in-person at the workshop. Unfortunately the HealthSec Workshop does not have funds for paper authors and we realize the workshop registration fee and travel cost (airfare + hotel) represents a significant cost barrier. As a result, if you are not able to handle the cost for an author to register and physically attend and present your paper at the workshop then please do not submit a paper. Special cases may be handled on a case-by-case basis in coordination with the ASCAC42 Conference Organizers. Accepted papers not presented in-person at the HealthSec 2026 workshop may have their acceptance withdrawn and paper not published. This in-person attendance requirement is the current reality of research conference economic viability.

WORKSHOP PARTICIPATION VIA ATTENDANCE – REGISTRATION DETAILS

If you are interested in attending, check the appropriate box on the ACSAC 2026 conference registration form and add “CYBERSECURITY IN HEALTHCARE” (HealthSec) Workshop fee.

We welcome all participants! – Including those newly attracted to this research space as well as those who live in this research space such that they may be tempted to swim to Hawaii to attend! One of the unique things about our inclusive community is that our research space indeed touches everyone and each of us has some experience to share and/or expert knowledge to contribute. This research space is large enough for all of us so please join us – where everyone knows your name – and they’re always glad you came! There are no strangers in our workshop community, only friends who have not met yet!

A non-US citizen who seeks to travel to the Hawaii in the United States generally must first obtain a U.S. visa. Visas are placed in the traveler’s passport, a travel document issued by the traveler’s country of citizenship. Certain international travelers may be eligible to travel to the United States without a visa if they meet the requirements for visa-free travel. For additional detailed information about the visa process, please check what the requirements are to travel from your country to the USA, and access this link on the ACSAC 2026 conference website <https://www.acsac.org/visa/>. PLEASE PLAN AHEAD TO ALLOW ENOUGH TIME (WEEKS/MONTHS) FOR THE MULTI-STEP VISA PROCESS TO EXECUTE, THIS IS YOUR RESPONSIBILITY.

===

“HealthSec” email list created for Workshop Communications!

• To subscribe, send an email to sympa@lists.ischool.illinois.edu and in the email subject line type:
subscribe healthsec firstname lastname {leaving message body blank}
• To send email to list after you subscribe (must be subscribed before sending to list), send an email to:

healthsec@ischool.illinois.edu

• To see general information about UIUC iSchool mailing lists:

https://lists.ischool.illinois.edu/lists/help/introduction.html
{if you create a local login at this URL above you can use a graphic interface to the healthsec email list}
• Your subscriber options can be found here:

https://lists.ischool.illinois.edu/lists/help/user-suboptions.html
• To see member roster currently subscribed, send an email to:

sympa@ischool.illinois.edu {and in the email subject line type:}
review healthsec {leaving the email message body blank}
• To unsubscribe from this list, send an email to:

sympa@lists.ischool.illinois.edu {and in the email subject line type:}
unsubscribe healthsec {leaving the email message body blank}

===

Workshop Chairs / Organizing Committee:

CHAIR – William (Bill) Yurcik, Centers for Medicare & Medicaid Services (CMS) [healthsec DOT chair AT gmail DOT com]
VICE-CHAIR – Gregory Pluta, U of Illinois at Urbana-Champaign (UIUC) [gpluta AT illinois DOT edu]
VICE-CHAIR – Scott Kruse, University of Texas at El Paso [cskruse AT utep DOT edu]
VICE-CHAIR – Gregory Koenig, PhD/MBA & Independent Researcher [koenig AT acm DOT org]
VICE-CHAIR & LOCAL SITE COORDINATOR FOR Los Angeles– [to be announced!]

===

HealthSec 2026 WORKSHOP PROGRAM COMMITTEE:

presently being formed….

If you would like to volunteer to be on the HealthSec 2026 program committee and peer review workshop paper submissions then please email the workshop chair!

===

…..