"Cybersecurity In Healthcare" (HealthSec) 2025 An IEEE ACSAC Workshop An interdisciplinary workshop to be held in conjunction with the Annual Computer Security Applications Conference (ACSAC41) https://www.acsac.org/ DATE: Tuesday December 9, 2025 LOCATION: Honolulu, Hawaii USA For background, the first HealthSec Workshop held October 2024 can be found here https://publish.illinois.edu/healthsec/ === CALL-FOR-PAPERS In its most basic form, healthcare is gathering data, interpreting data into information, and transforming information into current human knowledge that can be acted upon, with each of these stages open to unintended errors and/or malicious subversion. These stages do not occur within a vacuum but rather within our existing infrastructures and social system with all their current limitations, systemic bias, and exploitable vulnerabilities. While a similar characterization can be made about security in other applied domains, healthcare is undergoing a dramatic transformation, arguably the next technological revolution, presenting immediate opportunities for improvement along with corresponding challenges in security. Our desire is to bring together diverse researchers from academia, government, and the healthcare industry to report on latest research efforts. As this is the inaugural workshop focusing on cybersecurity in healthcare, we aim to encourage, jumpstart, and grow excellent interdisciplinary contributions at the forefront of research. Papers with demonstrated results will be given priority. We seek submissions from researchers and practitioners on a list of potential topics which includes, but is not limited to: Cybersecurity issues (including risks, challenges, incidences, solutions, approaches) Healthcare as critical national infrastructure AI in healthcare (e.g. clinical decision support software, ambient clinical documentation) Big data/high performance computing (HPC) in healthcare Encryption, authentication, provenance of storage in healthcare environments Healthcare supply chains Online health communities Health information exchanges (HIEs) Electronic health records (EHRs) Telehealth and/or patient portals Internet of (medical) Things (MIoT) Medical devices, medical implants, and/or medical wearables Wireless/mobile healthcare and/or remote patient monitoring Digital healthcare tools to improve patient safety Safety engineering in clinical facility settings Healthcare insider threats Software-controlled robotic medical systems Updating/patching software and re-certification of medical devices Ransomware attacks on healthcare – especially hospitals * Events resulting in (HIPAA/GDPR) healthcare privacy breaches ** Comparisons of IT infrastructure in different types of healthcare facilities/services Empirical study of cybersecurity in a specific healthcare IT environment Research specifically addressing the Conficker worm/botnet medical device air gap Policy/Economics/Legal/Ethical position papers – addressing cybersecurity issues in healthcare Technical efforts by governmental entities to improve cybersecurity in healthcare Papers with the following as their only foci are discouraged and will be rejected a priori: Cybersecurity best practice recommendations for healthcare organizations * Longitudinal studies showing increasing cyberattacks on healthcare based on HHS/OCR or proprietary data sets – HHS/OCR data is poor quality and priority datasets are non-replicable artifacts ** Papers mixing analysis of privacy breaches with ransomware outages If you have any questions about your paper topic, please email the workshop chair in advance! === IMPORTANT HealthSec 2025 DATES: Paper Submission Deadline {all paper categories}: Friday July 25, 2025 Paper Review Deadline for PC Members: Friday, September 5th 2024 Paper Acceptance Notification: Saturday September 6th 2025 Camera-Ready Accepted Paper Deadline: to be announced HealthSec 2025 Workshop Date: Tuesday, December 9th , 2025 PAPER SUBMISSION GUIDELINES: Five Paper Submission Categories Regular technical paper submissions should be between 4-8 pages Short technical paper submissions should be between 2-4 pages Lightning/Poster technical paper submissions should be between 1-2 pages Case Study paper submissions should be between 2-6 pages Position paper (opinion/invited paper) submissions should be between 2-12 pages [note – please email workshop chair in advance of the submission deadline to discuss your submission in this category] All papers are required to be in double-column IEEE format including references. Please use the IEEE template available at https://www.ieee.org/conferences/publishing/templates.html. LaTeX submissions must use the IEEEtran.cls version 1.8b template with the \documentclass[conference,compsoc]{IEEEtran} documentclass option. Papers should be formatted for US letter (not A4). All papers must be submitted through the HealthSec 2025 paper submission system a URL link to the HealthSec paper submission system will be provided at this location in the near future. Formatting guidelines will be strictly enforced. Paper submissions not meeting specified IEEE format guidelines risk rejection without consideration of paper merits. It is expected that each accepted paper will be presented in-person at the HealthSec workshop in Hawaii. The HealthSec Workshop does not have funds for paper authors and we realize the ACSAC workshop registration fee and travel cost (airfare + hotel) to be in Hawaii represents a significant cost barrier. As a result, if you are not able to handle the travel cost for an author to register and physically attend the HealthSec Workshop in-person and present your paper then please do not submit a paper. Accepted papers not presented in-person at the HealthSec 2025 workshop will have acceptance withdrawn and paper not published. Unfortunately this is the current reality of research conference economic viability. === Workshop Chairs / Organizing Committee: CHAIR – William (Bill) Yurcik, Centers for Medicare & Medicaid Services (CMS HQ) (healthsec DOT chair AT gmail DOT com) VICE-CHAIR – Gregory Pluta, U of Illinois at Urbana-Champaign (gpluta AT illinois DOT edu) VICE-CHAIR – Scott Kruse, Texas State University (scottkruse AT txstate DOT edu) VICE-CHAIR – Sami Saydjari, Dartmouth College (sami DOT saydjari AT dartmouth DOT edu) VICE-CHAIR & LOCAL SITE COORDINATOR – to be announced === HealthSec 2025 WORKSHOP PROGRAM COMMITTEE: {PC membership is in process of being finalized, to be posted shortly} If you would like to volunteer to be on the HealthSec 2025 program committee and review workshop paper submissions then please email the workshop chair!