Skip to main content
Center for Healthcare Cybersecurity Center for Healthcare Cybersecurity
  1. HOME
  2. Past Events
  3. 2024 Academic Symposium
  4. Recordings

CHC Academic Symposium 2024

Chris Longhurst, MD - AI, Digital Health, and Cybersecurity: Advancing Healthcare Resilience and Patient Safety

Dr. Christopher Longhurst, Executive Director of the Jacobs Center for Health Innovation, examines the evolving role of AI, digital health, and cybersecurity in modern healthcare...

Dr. Christopher Longhurst, Executive Director of the Jacobs Center for Health Innovation, examines the evolving role of AI, digital health, and cybersecurity in modern healthcare. He highlights UC San Diego’s leadership in AI integration within electronic health records, smart hospital innovations, and remote patient monitoring. Emphasizing cybersecurity as a critical patient safety issue, Dr. Longhurst presents research linking ransomware attacks to regional healthcare disruptions and increased patient mortality. He also explores cross-sector collaborations, including partnerships with industry leaders like Microsoft, to enhance digital healthcare resilience. This session offers a forward-looking analysis of AI-driven healthcare advancements and the pressing need for cybersecurity strategies that prioritize both data protection and patient safety.

Watch video Open in new tab

Aaron Schulman - Rapid Response to Ransomware: Deploying Emergency IT Infrastructure in Hospitals

Aaron Schulman presents his insights at the CHC Research Symposium, exploring innovative approaches in healthcare research and emerging trends.

In this presentation, Aaron Schulman discusses the challenges and opportunities in modern healthcare research. His talk covers the integration of digital health strategies and cybersecurity measures to enhance patient outcomes and system resilience.

Watch video Open in new tab

Isabel Straw, BMBS, PhD - Cipher: A Data-Driven Framework for Assessing the Clinical Impact of Cyberattacks on Healthcare Systems

Cyberattacks on healthcare institutions present critical risks to patient safety, yet their clinical consequences remain inadequately understood...

Cyberattacks on healthcare institutions present critical risks to patient safety, yet their clinical consequences remain inadequately understood. Dr. Isabel Straw, a visiting fellow at the UCSD Center for Healthcare Cybersecurity, is developing Cipher, an analytical platform designed to model and predict the impact of cyberattacks on hospital operations and patient outcomes. Integrating methodologies from emergency medicine, artificial intelligence, and public health, Cipher employs systematic ransomware incident reviews, expert-driven clinical assessments, and machine learning-based forecasting to identify high-risk patient populations and anticipate care disruptions. Early findings indicate that emergency medicine, trauma care, and pathology services are particularly vulnerable during IT outages, leading to increased morbidity and delayed diagnoses. Future iterations of Cipher will incorporate real-time emergency response strategies to help hospitals prioritize mitigation efforts. By translating cybersecurity threats into public health risk models, this research establishes a data-driven foundation for enhancing healthcare system resilience against cyber threats.

Watch video Open in new tab

Geoff Voelker, PhD - Rethinking Phishing Training: Evaluating the Effectiveness of Embedded Cybersecurity Education in Healthcare

Phishing remains a major cybersecurity threat, particularly in healthcare settings where data security is critical...

Phishing remains a major cybersecurity threat, particularly in healthcare settings where data security is critical. This study evaluated the effectiveness of embedded phishing training through an eight-month randomized controlled trial at UCSD Health, involving approximately 20,000 employees. Participants were divided into five groups—one control and four receiving various training formats, including static and interactive exercises. The study analyzed phishing failure rates to assess how training influenced employees’ ability to detect phishing attempts. Findings reveal that the primary factor affecting phishing susceptibility was the type of phishing lure, rather than training efficacy. While embedded training showed a statistically significant but minimal effect, its impact was outweighed by the effectiveness of the phishing tactic itself. Annual security training also had no measurable influence on reducing risk. Notably, nearly half of the employees exposed to training ignored it, with 90% engaging for less than a minute. These results suggest that traditional phishing training methods may not meaningfully enhance security awareness. Instead, organizations should prioritize alternative strategies, such as multi-factor authentication, behavioral interventions, and real-time security measures. This study underscores the need for evidence-based approaches to cybersecurity training to strengthen organizational resilience against phishing threats.

Watch video Open in new tab

Stefan Savage, PhD - Real-Time Detection of Ransomware Attacks in Healthcare: Leveraging Public Signals for Early Warning and Response

Ransomware attacks on healthcare institutions disrupt critical operations and threaten patient care, yet real-time detection remains a challenge...

Ransomware attacks on healthcare institutions disrupt critical operations and threaten patient care, yet real-time detection remains a challenge due to delayed reporting and limited visibility into affected systems. This work explores methods to infer ransomware incidents by analyzing disruptions in hospital IT infrastructure, leveraging publicly accessible signals such as service availability, healthcare APIs, network activity, and social media indicators. By monitoring deviations in these signals at scale, we develop an empirical approach to identify potential cyberattacks as they unfold. The findings aim to enhance situational awareness, inform response coordination, and provide a longitudinal dataset to support cybersecurity resilience in the healthcare sector.

Watch video Open in new tab

Pat Pannuto, PhD - Securing Embedded Medical Devices: Advancing Beyond Functionality to a Platform-Based Security Model

The security of embedded medical devices has historically lagged behind broader computing advancements, evolving from a focus on functionality to robustness and...

The security of embedded medical devices has historically lagged behind broader computing advancements, evolving from a focus on functionality to robustness and, only recently, security. Pat Pannuto explores this trajectory, highlighting the absence of adversarial threat models in early medical devices and the emergence of vulnerabilities as unintended consequences of broader system risks. He underscores the need for trusted computing platforms that extend security beyond individual devices to firmware, cloud integration, and wireless communication. By examining real-world case studies, Pannuto illustrates how weak protections in medical devices have been exploited and advocates for a platform-based security approach akin to smartphone ecosystems and FCC pre-certification models. His analysis suggests that adopting pre-certified secure platforms could enhance medical device security, streamline regulatory approval, and improve resilience in an increasingly interconnected healthcare landscape.

Watch video Open in new tab

Nitin Natarajan - Evolving Cyber Threats to Critical Infrastructure: Strengthening Resilience in Healthcare and Beyond

As cyber threats evolve in sophistication, critical infrastructure—particularly healthcare—faces escalating risks from cybercriminal enterprises...

As cyber threats evolve in sophistication, critical infrastructure—particularly healthcare—faces escalating risks from cybercriminal enterprises and state-sponsored actors. This session explores the shifting threat landscape, emphasizing the growing reliance on ransomware-as-a-service and the urgent need for cross-sector collaboration to enhance resilience. Key cybersecurity initiatives, including CISA’s Pre-Ransomware Notification Initiative (PRNI), secure-by-design frameworks, and cybersecurity hygiene programs, are examined in the context of mitigating systemic vulnerabilities. The discussion highlights the increasing interdependence of critical infrastructure sectors and the compounded risks posed by supply chain complexity and emerging AI-driven threats. Special attention is given to adversarial activity from the People’s Republic of China (PRC) and its implications for U.S. infrastructure security. Recognizing healthcare’s resource constraints, the session underscores the necessity of integrating cybersecurity into procurement, policy, and workforce education. With a call to action for increased investment and security awareness, the session provides a forward-looking perspective on the need for continuous adaptation and innovation in safeguarding essential systems.

Watch video Open in new tab