"Cybersecurity In Healthcare" (HealthSec) 2025
An IEEE ACSAC Workshop

An interdisciplinary workshop to be held in conjunction with the
Annual Computer Security Applications Conference (ACSAC41)
https://www.acsac.org/

DATE: Tuesday December 9, 2025

LOCATION: Honolulu, Hawaii USA

For background, the first HealthSec Workshop held October 2024 can be
found here https://publish.illinois.edu/healthsec/

===

CALL-FOR-PAPERS

In its most basic form, healthcare is gathering data, interpreting
data into information, and transforming information into current human
knowledge that can be acted upon, with each of these stages open to
unintended errors and/or malicious subversion. These stages do not
occur within a vacuum but rather within our existing infrastructures
and social system with all their current limitations, systemic bias,
and exploitable vulnerabilities. While a similar characterization can
be made about security in other applied domains, healthcare is
undergoing a dramatic transformation, arguably the next technological
revolution, presenting immediate opportunities for improvement along
with corresponding challenges in security.

Our desire is to bring together diverse researchers from academia,
government, and the healthcare industry to report on latest research
efforts. As this is the inaugural workshop focusing on cybersecurity
in healthcare, we aim to encourage, jumpstart, and grow excellent
interdisciplinary contributions at the forefront of research. Papers
with demonstrated results will be given priority. We seek submissions
from researchers and practitioners on a list of potential topics which
includes, but is not limited to:

    Cybersecurity issues (including risks, challenges, incidences,
    solutions, approaches)
        Healthcare as critical national infrastructure
        AI in healthcare (e.g. clinical decision support software,
          ambient clinical documentation)
        Big data/high performance computing (HPC) in healthcare
        Encryption, authentication, provenance of storage in healthcare
           environments
        Healthcare supply chains
	Online health communities
    	Health information exchanges (HIEs)
    	Electronic health records (EHRs)
    	Telehealth and/or patient portals
    	Internet of (medical) Things (MIoT)
    	Medical devices, medical implants, and/or medical wearables
    	Wireless/mobile healthcare and/or remote patient monitoring
    	Digital healthcare tools to improve patient safety
    	Safety engineering in clinical facility settings
    	Healthcare insider threats
    	Software-controlled robotic medical systems
    	Updating/patching software and re-certification of medical devices

   Ransomware attacks on healthcare – especially hospitals *
   Events resulting in (HIPAA/GDPR) healthcare privacy breaches **
   Comparisons of IT infrastructure in different types of healthcare
      facilities/services
   Empirical study of cybersecurity in a specific healthcare IT environment
   Research specifically addressing the Conficker worm/botnet medical
     device air gap
   Policy/Economics/Legal/Ethical position papers – addressing
     cybersecurity issues in healthcare
   Technical efforts by governmental entities to improve
     cybersecurity in healthcare


Papers with the following as their only foci are discouraged and will
be rejected a priori:
    Cybersecurity best practice recommendations for healthcare organizations

    * Longitudinal studies showing increasing cyberattacks on
      healthcare based on HHS/OCR or proprietary data sets – HHS/OCR
      data is poor quality and priority datasets are non-replicable
      artifacts

    ** Papers mixing analysis of privacy breaches with ransomware outages

If you have any questions about your paper topic, please email the
workshop chair in advance!

===

IMPORTANT HealthSec 2025 DATES:

    Paper Submission Deadline {all paper categories}: Friday July 25, 2025
    Paper Review Deadline for PC Members: Friday, September 5th 2024
    Paper Acceptance Notification: Saturday September 6th 2025 
    Camera-Ready Accepted Paper Deadline: to be announced
    HealthSec 2025 Workshop Date: Tuesday, December 9th , 2025

PAPER SUBMISSION GUIDELINES:
    Five Paper Submission Categories

    Regular technical paper submissions should be between 4-8 pages
    Short technical paper submissions should be between 2-4 pages
    Lightning/Poster technical paper submissions should be between 1-2 pages
    Case Study paper submissions should be between 2-6 pages
    Position paper (opinion/invited paper) submissions should be between 2-12 pages [note – please email workshop chair in advance of the submission deadline to discuss your submission in this category]

All papers are required to be in double-column IEEE format including
references. Please use the IEEE template available at
https://www.ieee.org/conferences/publishing/templates.html. LaTeX
submissions must use the IEEEtran.cls version 1.8b template with the
\documentclass[conference,compsoc]{IEEEtran} documentclass option.
Papers should be formatted for US letter (not A4). All papers must be
submitted through the HealthSec 2025 paper submission system a URL
link to the HealthSec paper submission system will be provided at this
location in the near future. Formatting guidelines will be strictly
enforced. Paper submissions not meeting specified IEEE format
guidelines risk rejection without consideration of paper merits.

It is expected that each accepted paper will be presented in-person at
the HealthSec workshop in Hawaii.  The HealthSec Workshop does not
have funds for paper authors and we realize the ACSAC workshop
registration fee and travel cost (airfare + hotel) to be in Hawaii
represents a significant cost barrier.  As a result, if you are not
able to handle the travel cost for an author to register and
physically attend the HealthSec Workshop in-person and present your
paper then please do not submit a paper.  Accepted papers not
presented in-person at the HealthSec 2025 workshop will have
acceptance withdrawn and paper not published. Unfortunately this is
the current reality of research conference economic viability.

===

Workshop Chairs / Organizing Committee:
    CHAIR – William (Bill) Yurcik, Centers for Medicare & Medicaid
      Services (CMS HQ) (healthsec DOT chair AT gmail DOT com)

    VICE-CHAIR – Gregory Pluta, U of Illinois at Urbana-Champaign
      (gpluta AT illinois DOT edu)

    VICE-CHAIR – Scott Kruse, Texas State University (scottkruse AT
      txstate DOT edu)

    VICE-CHAIR – Sami Saydjari, Dartmouth College (sami DOT saydjari
      AT dartmouth DOT edu)

    VICE-CHAIR & LOCAL SITE COORDINATOR – to be announced

===

HealthSec 2025 WORKSHOP PROGRAM COMMITTEE:

{PC membership is in process of being finalized, to be posted shortly}

If you would like to volunteer to be on the HealthSec 2025 program
committee and review workshop paper submissions then please email the
workshop chair!