Register Now arrow

The Archimedes Leadership Workshop brings together solution-oriented experts in medical device manufacturing and computer security to meet and discuss effective ways to improve information security and the new FDA guidance on cybersecurity.

7 May 2017


6:00 PM - 8:00 PM
Private Membership Dinner

8 May 2017


8:00 AM - 4:00 PM
Private Membership Meetings

U-M North Campus
Featuring notable guests and thought leaders on discussion topics including "medical device security thru the FDA lens" and "how smart hackers analyze devices" and "anatomy of a lost medical device vulnerability disclosure" and "how bad is it, doc?  What a hospital medical device inventory looks like"

Jim Kuiphof
Jim Kuiphof

Director of Information Security, Spectrum Health

Stephanie Domas
Stephanie Domas, PE, CEH

Lead Medical Security Engineer- Battelle DeviceSecure Services

Kevin Fu
Kevin Fu, Ph.D

Associate Professor, University of Michigan
Director, Archimedes Center for Medical Device Security

Zach Rothstein
Zach Rothstein, JD

Associate Vice President, Technology, and Regulatory Affairs

Suzanne Schwartz
Suzanne Schwartz, MD, MBA

Associate Director for Science and Strategic Partnerships, FDA CDRH

Archimedes Leadership Workshop Begins!

8 May 2017


5:30 PM

Bus from Sheraton Hotel to Gala Dinner

6:00 PM - 9:00 PM

9 May 2017


7:30 AM
Bus from Sheraton Hotel to Michigan Union
8:00 AM - 8:45 AM, Breakfast & Registration
8:45 AM - 9:00 AM, WELCOME
Kevin Fu, Ph.D
Kevin Fu, Ph.D

Associate Professor
Computer Science & Engineering
University of Michigan

9:00 AM - 9:45 AM, Hacker Mindset: demo of security analysis
Stephanie Domas, PE, CEH
Stephanie Domas, PE, CEH

Lead Medical Security Engineer
Battelle DeviceSecure Services

In this presentation we will talk about the different types of hackers. What are motivates them, various skill levels, and preferred targets. What approaches and techniques do malicious hackers use when planning a new attack. The presentation will end with a demo of how easy it can be to modify someone else’s application to circumvent their security mechanisms.

9:50 AM - 10:35 AM, Update on HDO approaches to Medical Device Security
Kevin McDonald, BSN, ME-PD, CISSP
Kevin McDonald, BSN, ME-PD, CISSP

Director, Clinical Information Security
Office of Information Security
Mayo Clinic

Having a medical device security program can provide significant benefits to an institution.  With a program in place, vulnerable devices can be identified, risks can be assessed and remediation’s planned.  A medical device security program though requires that strong base is in place in the areas of governance, policies, standards, process and staff skills.  This session will outline the initial steps needed to start evaluating medical devices by setting up the foundational structure and activities.
10:35 AM - 10:50 AM, Coffee Break
10:50 AM - 11:35 AM, Building a Medical Device Reference Architecture
Todd Carpenter

Chief Engineer & Owner
Adventium Enterprises

ISOSCELES is a safe and secure medical device platform reference architecture that small medical device companies can use to get started. We intend to open-source release the requirements, modeling and configuration tools, and exemplar designs. We will briefly describe the motivation for the architecture, the key components and methods, and wrap up with outstanding gaps that are architecture independent. Since this is a workshop, we invite the audience to interactively provide feedback about the architecture and approach, including but not limited to technical, business, and regulatory hurdles.
11:40 AM - 12:25 PM, A view from the middle of securing devices in a mid-sized manufacturer
Chris Bitza
US R&D Cybersecurity Leader
Over the past few years at conferences, in white papers, and in the press we’ve heard about security from government, researchers, large medical device manufacturers in the critical acute care domain, and from major health-care delivery organizations.  But what about the perspective of small to midsized manufacturers or manufacturers whose products do not directly impact patient care? How do common security problems pose unique challenges for small to mid-sized manufacturers, and more importantly what can be done to address those challenges? In this presentation we will not only explore those challenges but ask what the broader community can do to help address these problems – Think win-win -  and improve healthcare security and patient safety smarter and faster.
12:25 PM - 1:30 PM, Lunch Panel Discussion
Seth Carmody
Seth Carmody

Cybersecurity Project Manager- FDA

Mike Ahmadi,
Mike Ahmadi, CISSP

Global Director of Critical Systems Security


Distinguished Member of Technical Staff, Principal Engineer for Medical Software & Systems Interoperability - UL LCC

Three leading Medical Device Security experts from different parts of the industry are available to answer questions on integrating security into products, vulnerability reporting, and any questions that the conference attendees would like answered!
1:30 PM - 2:15 PM, Assessing security risk in the pre- and post-market settings
Ken Hoyme

Director, Product and Engineering Systems Security
Boston Scientific


2:20 PM - 3:05 PM, Safer, Sooner, Together: A Hippocratic Oath for Connected Medical Devices


Beau Woods

Deputy Director of the Cyber Statecraft Initiative
Atlantic Council

The promise of connected medicine is to improve and prolong life.The perils of connectivity may lead to loss of life and limb and a shattering of public confidence. Our dependence on connected technologies has grown faster than our ability to secure them. We believe we can be safer, sooner, if we work together. Modern healthcare increasingly depends on connected technologies to improve the quality, effectiveness, and availability of the best that medical innovations can offer. The promise of Precision Medicine may unlock new cures and breakthroughs to help us treat and conquer some of our most perplexing diseases. Unfortunately, with this promise comes the perils of hyper-connectivity, exposing us all to a bevy of new accidents and adversaries in cyberspace. Sadly, we are not prepared.While the FDA and industry have made incredible strides over the last two years in cybersafety, 2016 continues to remind us just how much further we have to go. In 2016, an epidemic of ransomware ran havoc through health delivery organizations. In one case, Hollywood Presbyterian was hit so badly it affected patient care and the hospital had to turn ambulances away. Muddy Waters Capital shorted St. Jude’s Medical over what it considered to be material hacking weaknesses in its line of pacemakers.All systems fail. How prepared we are for failure will make all the difference. To this end, “I am The Cavalry” published a Hippocratic Oath for Connected Medical Devices exploring how to avoid failure, take help avoiding failure, learn from failure, mitigate failure, and inoculate against future failure. We will explore this framework and these five postures toward failure to accelerate our corrective actions across a diverse and challenging stakeholder ecosystem. We don’t yet have all the answers, but we know we’ll all be safer, sooner, together.