Skip to main content
Center for Healthcare Cybersecurity Center for Healthcare Cybersecurity
  1. HOME
  2. Media
  3. Tock Foundation Partnership

UC San Diego Center for Healthcare Cybersecurity Partners with Tock Foundation to Advance Secure-by-Design Medical Technology

April 29, 2026

As cyberattacks against healthcare systems continue to grow, the need for secure, resilient medical technology has become increasingly urgent. The UC San Diego Center for Healthcare Cybersecurity is partnering with the Tock Foundation to advance applied research focused on secure-by-design approaches for medical devices and healthcare technology.

The collaboration brings together the Center’s clinical and cybersecurity expertise with the Tock Foundation’s leadership in embedded systems security. Tock is an open-source embedded operating system designed for low-power, low-memory, resource-constrained microcontrollers. These small computing components are found throughout connected devices, including many medical technologies. Tock supports multiple concurrent applications with strong isolation between applications, drivers and the operating system kernel.

That design is especially relevant in healthcare, where connected medical devices increasingly support patient monitoring, diagnostics, clinical workflows and care delivery. As these devices become more intelligent, networked and software-defined, the security of the underlying firmware and embedded systems becomes central to patient safety and operational resilience.

“Tock was built by design to run concurrent, mutually distrustful applications,” said Patrick Pannuto, Ph.D., assistant professor in the UC San Diego Department of Computer Science and Engineering and a CHC-affiliated faculty member. “Applications don’t trust each other, and the core platform doesn’t trust applications. It does all of these things by default.”

Tock’s kernel is written in Rust, a systems programming language developed to improve memory safety and reliability. By supporting application isolation on microcontroller-class devices, Tock creates new possibilities for building medical technologies that are more resilient by design rather than relying only on security controls added later.

“Our vision for the Center for Healthcare Cybersecurity is built around innovative research that moves the needle on the biggest challenges facing our field,” said Jeff Tully, M.D., co-director of the UC San Diego Center for Healthcare Cybersecurity. “The Tock operating system has enormous potential to support the next generation of secure-by-design medical devices, ensuring safer and more secure care. This collaboration will combine the expertise of the Tock Foundation’s amazing team with the unique clinical domain knowledge of the Center to fast track the kinds of applied projects that will realize this potential with real impact and scale.”

The partnership builds on UC San Diego’s strength in systems security research and the Center’s mission to protect patient care through clinically informed cyber resilience research. Pannuto’s work in computer engineering, embedded systems and physically constrained computing helps connect the collaboration to UC San Diego’s broader expertise in secure systems, hardware, software and real-world deployment.

Healthcare cybersecurity challenges are often addressed in technical silos, separated from the operational realities of hospitals and patient care. The Center and the Tock Foundation aim to close that gap by combining technical depth with clinical insight, focusing on practical projects that can translate into tools, methods and design patterns that work in healthcare settings.

The UC San Diego Center for Healthcare Cybersecurity will share additional updates as the collaboration develops.

Learn more about Tock:
https://www.tockos.org/