The 1st IEEE HMD-SPiRiT Workshop

The 1st IEEE Workshop on Healthcare and Medical Device
Security, Privacy, Resilience, and Trust
(IEEE HMD-SPiRiT)

Wyndham Grand Pittsburgh Downtown, Nov. 11, 2025, Pittsburgh, PA, USA

Co-located with IEEE CIC 2025, IEEE TPS 2025 and IEEE CogMI 2025

About IEEE HMD-SPiRiT

Rapid advances in data-centric and AI technologies, as well as computing and communication technologies more broadly, are presenting us with unprecedented opportunities to revolutionize healthcare services, drug discovery, advanced disease diagnostics, and precision or personalized medicine, just to name a few. Similarly, the proliferation of sensors and medical devices, such as wearable, implantable, or neuromorphic devices, which are increasingly integrated into our hyperconnected cyber environments in healthcare settings, further amplifies such opportunities. At the same time, there are growing security and privacy concerns due to the growing reliance of healthcare applications and services on such increasingly complex and hyperconnected computing and information infrastructures. Ensuring security, privacy, resilience and trust of the healthcare ecosystem/sector – one of the 16 critical infrastructures in the USA – including that of health IT infrastructures and services, medical device and sensor ecosystem, clinical diagnostics and analytics, healthcare application ecosystem, etc., are critical for the overall health and well-being of individuals, communities, and society-at-large. Various security and privacy techniques, such as multiparty computation, homomorphic and functional encryption, differential privacy or other statistical information disclosure techniques, federated learning, data use and access control models, trusted execution environments, private information retrieval, etc., show tremendous promise to address data access, sharing, and usage challenges. Preventative, proactive, and defensive mechanisms to address insider and external threats, and building resilience against adversarial attacks, and establishing trustworthiness of the healthcare ecosystem are increasingly becoming very critical.

The first IEEE Workshop on Healthcare and Medical Device Security, Privacy, Resilience and Trust (HMD-SPiRiT) aims to bring together researchers and practitioners to foster foundational and applied research, and explore interdisciplinary socio-technical innovations to address the challenges related to security, privacy, resilience and trust of the healthcare sector and its entire ecosystem, which encompasses devices and sensors, data and digital infrastructure , AI and advanced analytics, public health and bioinformatics, considering broader concerns of the stakeholders such as healthcare providers, consumers, administrators, clinicians, health scientists and researchers.

Keynote

Title: Building Responsible and Reliable AI-Driven Technologies for Biomedicine

Bradley Malin
Accenture Professor of Biomedical Informatics, Biostatistics, and Computer Science, Vanderbilt University, USA
Home Page

Abstract: AI is reshaping the way we think about biomedical research and healthcare.  And yet, the collection and use of patient data, its subsequent conversion into various models, as well as their subsequent use raises many questions related to privacy, security, and trust that, if not sufficiently addressed have the potential to thwart such activities.  The goal of this talk is to discuss how ethical reasoning can be blended with computational modeling to assess the robustness and reliability of AI in the health data lifecycle.  Throughout this talk, I’ll will review several case studies to understand how things have gone wrong in the past, but also, what can go right! 

Bradley Malin

Bio: Bradley Malin, Ph.D., is the Accenture Professor of Biomedical Informatics, Biostatistics, and Computer Science at Vanderbilt University, as well as Vice Chair for Research Affairs in the Department of Biomedical Informatics at Vanderbilt University Medical Center, where he co-directs the AI Discovery & Vigilance to Accelerate Innovation & Clinical Excellence (ADVANCE) Center. His research is in the development of computational methods and infrastructure to enable broad data sharing and development of machine learned systems that are cognizant of organizational, ethical, and legal expectations. He is one of the principal investigators (PIs) of two of the National Institutes of Health’s flagship AI programs, AIM-AHEAD and Bridge2AI. He recently completed a five-year appointment on the Board of Scientific Counselors of the National Center for Health Statistics of the Centers for Disease Control and Prevention (CDC) and is currently part of the U.S. Speaker Program of the U.S. State Department. Among various honors, he is an elected fellow of the U.S. National Academy of Medicine (NAM), the American College of Medical Informatics (ACMI), the American Institute for Medical and Biological Engineering (AIMBE), Institute of Electrical and Electronics Engineers (IEEE), and the International Academy for Health Sciences Informatics (IAHSI). He was also a recipient of the Presidential Early Career Award for Scientists and Engineers (PECASE) from the White House.

Invited Industry Talk

Title: From CVE Alert to Patient Risk - Why Context Matters in Medical Device Security

Ken Zalevsky
Founder/Chief Executive Officer, Vigilant Ops;
Certified CyberSecurity Leader, School of Computer Science, Carnegie Mellon University
Home Page
Ken Zalevsky

Bio: Ken Zalevsky is a Certified CyberSecurity Leader from Carnegie Mellon University’s School of Computer Science with deep MedTech experience. He is also former head of Medical Device Cybersecurity at Bayer and founder/CEO of Vigilant Ops, a leading provider of SBOM lifecycle management solutions. At C2A, he helps manufacturers operationalize device cybersecurity, building efficient, effective programs that embed threat modeling, risk, and vulnerability management across the product lifecycle.

Panel Discussion

Title: Securing the Health Data & Device Lifecycle: Privacy, Resilience, and Trust from Clinic to Cloud

Abstract: How can healthcare systems harness data and AI while keeping patients safe and maintaining trust? This panel brings together leaders from government, academia, and industry to examine end-to-end risks and safeguards across the health data and medical device lifecycle. The discussion will highlight where evidence and tooling are missing and propose directions for where future work can have the most impact, spanning PETs that scale, assurance for clinical AI, resilient device ecosystems, and policy levers that make these sustainable.

Moderator

Amin Rahiman
Amin Rahiman
Assistant Professor, University of Pittsburgh, USA
Home Page

Panelists (Last Names in Alphabetical Order)

Bradley Malin
Bradley Malin
Accenture Professor of Biomedical Informatics, Biostatistics, and Computer Science, Vanderbilt University, USA
Home Page
Shandong Wu
Shandong Wu
Professor in Radiology, Biomedical Informatics, Bioengineering, Intelligent Systems, Clinical and Translational Science; Director, Intelligent Computing for Clinical Imaging (ICCI) Lab, University of Pittsburgh, USA
Home Page
William Yurcik
William Yurcik
CMS Federal Lead, Healthcare Cybersecurity Threat Intelligence, Medicare Headquarters, Centers for Medicare & Medicaid Services (CMS) / Department of Health and Human Services (HHS), USA
Home Page
Ken Zalevsky
Ken Zalevsky
Founder/Chief Executive Officer, Vigilant Ops;
Certified CyberSecurity Leader, School of Computer Science, Carnegie Mellon University
Home Page

Technical Schedule

Breakfast 7 am - 8:30 am

Opening 8:30 am - 8:45 am

Paper Session 1: (20 min each) 8:45 am - 9:45 am
Privacy, and Public and Mobile Health

  • AegisBlock: A Privacy-Preserving Medical Research Framework using Blockchain
    Calkin Garg, Omar Rios Cruz, Tessa Andersen, Gaby G. Dagher, Donald Winiecki and Min Long
  • Examining The CoVCues Dataset: Supporting COVID Infodemic Research Through A Novel User Assessment Study
    Shreetika Poudel and Ankur Chattopadhyay
  • Evaluating Security Features in Mobile Health Apps: A Systematic Review
    Yuanyuan Cao, Yi Xu and Leming Zhou

Coffee Break 9:45am -10:00 am

Paper Session 2: (20 min each) 10:00 am - 11:00 am
Cybersecurity, Privacy and/or Resilience in Healthcare data and LLMs

  • Convergence of Operational Technology/Industrial Control Systems/Internet of Medical Things: Threats to Healthcare as a Critical National Infrastructure
    J. Malakai Bailey and William Yurcik
  • An Unsupervised Domain Adaptation Method to Enhance Diagnostic Model Resilience on Heterogeneous Medical Imaging Data
    Zhiwei Gong, Dooman Arefan, Wendi A. Berg and Shandong Wu
  • Exploring Membership Inference Vulnerabilities in Clinical Large Language Models
    Alexander Nemecek, Zebin Yun, Zahra Rahmani, Yaniv Harel, Vipin Chaudhary, Mahmood Sharif and Erman Ayday

15-min break 11:00 am - 11:15 am

Keynote: 11:15 am - 12:15 pm
Building Responsible and Reliable AI-Driven Technologies for Biomedicine
Speaker: Bradley Malin, Vanderbilt University

Lunch12:15 pm - 1:30 pm

Paper Session 3: (20 min each) 1:30 pm - 2:30 pm
Medical Device Security and Privacy at Scale

  • A High-Assurance Systems Approach to Medical Device Security
    Daniel Cole and William Clark
  • Privacy at Scale in Networked Healthcare
    Amin Rahimian, Benjamin Penny and James B.D. Joshi

Invited Industry Talk: 2:30 pm - 3:00 pm
From CVE Alert to Patient Risk - Why Context Matters in Medical Device Security
Speaker: Ken Zalevsky, Vigilant Ops

Coffee Break 3:00 pm - 3:15 pm

Panel Discussion: 3:15 pm - 4:30 pm
Securing the Health Data & Device Lifecycle: Privacy, Resilience, and Trust from Clinic to Cloud

  • Moderator: Amin Rahimian, University of Pittsburgh
  • Bradley Malin, Vanderbilt University
  • Shandong Wu, University of Pittsburgh
  • William Yurcik, Centers for Medicare & Medicaid Services (CMS)
  • Ken Zalevsky, Vigilant Ops

IEEE HMD-SPiRiT 2025 Call for Papers

Important dates:

  • Time Zone Anywhere on Earth
  • Submission Due Sep. 30, 2025
  • Notification of Acceptance Oct. 10, 2025
  • Camera Ready Version Due Oct. 14, 2025

Useful Quick Links

  • Camera-Ready Instruction page: Here
  • Hotel Reservation: Here
  • Registration: Here
  • EasyChair submission: Here

Submission Guidelines

We solicit research and work-in-progress submissions that are up to 10 pages max. All submissions must follow the same submission guidelines and instructions for the main conference (IEEE TPS), with the IEEE two-column conference format. Templates are available from the IEEE website.

Submissions must be made through EasyChair: IEEE TPS. Select the track: "IEEE Workshop on Healthcare and Medical Device Security, Privacy, Resilience and Trust (HMD-SPiRiT)".

Each submission will be reviewed by at least two members in the workshop's Program Committee. Accepted papers will be included in the IEEE TPS 2025 Proceedings, published by IEEE, and will be included in IEEE Xplore. At least one author must register and attend to present the work.

List of Topics

Topics of interest include, but are not limited to:

  • Privacy protection and security of medical devices (e.g., sensors, embedded, wearable, and neuromorphic devices) – understanding, assessing, and defending against or mitigating both insider and outsider threats
  • Security, privacy, and resilience of cyber-physical healthcare infrastructures and environments
  • Secure, privacy-preserving healthcare data sharing
  • Secure, privacy-preserving, and/or bias-free AI and analytics for healthcare, including LLMs and agentic AI
  • Trust modeling and Trustworthy frameworks for healthcare infrastructures (e.g., Health Information Exchanges) and applications (mHealth, eHealth, health-focused social networking apps, etc.)
  • Blockchain or Distributed Ledger Technologies (DLTs) for digital health
  • Secure and privacy-preserving technologies for public health
  • Social, economic, and behavioral research to enhance secure and privacy-aware healthcare applications
  • Accountability, transparency, ethics, and explainability in Healthcare IT
  • Techno-policy frameworks for resilience and assurance of healthcare and medical device systems, and applications
  • Data protection and privacy laws and policies, and regulatory compliance and liabilities in digital healthcare

General Co-Chairs

  • James Joshi, University of Pittsburgh, USA
  • Li Xiong, Emory University, USA
  • Shandong Wu, University of Pittsburgh, USA

Program Co-Chairs

  • Leming Zhou, University of Pittsburgh, USA
  • Amin Rahimian, University of Pittsburgh, USA

Technical Program Committee

  • Philippe Giabbanelli, Old Dominion University, USA
  • Hamdi Kavak, George Mason University, USA
  • Mei Liu, University of Florida, USA
  • Yajun Mei, New York University, USA
  • Olusola Odeyomi, North Carolina A&T State University, USA
  • Marios Papachristou, Arizona State University, USA
  • Tara Salman, Texas Tech University, USA
  • Chiu Tan, Temple University, USA
  • Huanmei Wu, Temple University, USA
  • Xubo Yue, Northeastern University, USA

Web Co-Chairs

  • Liou Tang, University of Pittsburgh, USA
  • Peilin He, University of Pittsburgh, USA

Coordination & Logistics Chair

  • Benjamin Panny, University of Pittsburgh, USA

Contact

Please contact Dr. James Joshi (jjoshi@pitt.edu) for more information.

Co-located Conferences


2025 © IEEE HMD-SPiRiT All Rights Reserved.

Thanks for the template provider ACMSIGIR