What’s Next for Archimedes and the Field of Healthcare and Medical Device Security?

Nov 16, 2020
Archimedes Center

This year has brought unparalleled changes to our lives, affecting nearly every one of our industries and institutions. The field of healthcare and medical device security is no exception. As medical, pharmaceutical, and other healthcare services have had to rapidly adapt to a virtual landscape, new challenges to device and data security have followed.

As a proud leader in the healthcare and medical device security field, the Archimedes Center has remained active and busy during 2020. We remain dedicated to preparing the healthcare industry to meet these challenges, and to providing value to our members throughout these changes.

With exciting new partnerships, plans to host our annual Medical Device Security 101 Conference virtually in January 2021, and the development of a new collection of entry-level cybersecurity educational materials underway, we have found new ways to expand the educational and sharing opportunities available to our members and to the growing number of industries that need comprehensive and reliable security education. We have also produced a new report, Product Security 2020 Survey Results, which contains original data about the function of product security in the medical device manufacturing industry.


Despite our recent progress, there are still many opportunities for Archimedes to expand our mission, research, and resources. The growing necessity of security across the healthcare industry, as well as the many changes that COVID-19 has brought to the medical field, call for increased access to relevant and effective cybersecurity education. In light of this, we recently sat down with our founder and Chief Scientist, Dr. Kevin Fu, to discuss Archimedes’ growth over the past year, the expanding role of cybersecurity across the healthcare industry, and where our organization is heading as 2021 approaches.

Keep reading for more information about what the Archimedes Center has been working on during 2020, what our members can expect in 2021, our upcoming 101 Conference, and more!


Medical Device Security 101 Conference Goes Virtual for 2021

As always, our annual Medical Device Security 101 Conference is focused first and foremost on providing trustworthy cybersecurity education and facilitating valuable conversations and relationships among those in the healthcare and security fields. Now, more than ever, it is necessary to discuss our industry’s security challenges and solutions.

For the upcoming 101 Conference, we are proud to have Harb Singh, Program Manager of Medical Device Security for Cedars-Sinai Health System, and Sofia Martinez Gomez, Cybersecurity Specialist at Roche Diagnostics, as our two conference co-chairs.


Through our 101 Conference, we are able to tackle the issues that matter most with leading experts in the medical security industry. In the past, our attendees have included chief information security officers, directors of product engineering, system engineers, VPs of global product security, IT security managers, physicians, chairs of medical device security standard bodies, security researchers, and front-line engineers from clinical facilities.

Bringing together attendees from such diverse professional backgrounds makes the 101 Conference an excellent learning and networking environment. We also pride ourselves on making our conference a space for open and honest dialogue, allowing our attendees to discuss the critical cybersecurity issues and vulnerabilities that impact their work and professional fields as a whole. The 101 Conference boasts a low sponsor-to-attendee ratio, so you can make the most of this time to learn from and network with those in your industry.

Previous 101 Conference attendees have expressed the value of our conference environment in fostering important conversations in the world of device security. According to Suzanne Schwartz, Deputy Director of the Office of Strategic Partnerships & Technology Innovation at the FDA’s Center for Devices & Radiological Health, “The Archimedes Medical Device Security 101 Conference continues to be a unique gathering of stakeholders most deeply involved in medical device security. From manufacturers, to HDOs, to researchers and FDA, highly informative dialogue happens in an open and safe environment that fosters sharing of perspectives, challenges, and opportunities across the medical device ecosystem.”

In 2021, the 101 Conference will be held virtually on January 11th, 12th, and 13th. Due to the ongoing COVID-19 pandemic, there are a number of changes that accompany the 101 Conference’s virtual format.

Virtual Networking Opportunities

Building on the success of our popular in-person Expert Breakfast sessions at previous events, we’ll be introducing an Expert Lunch Hour via Zoom breakout rooms for 2021. These small group networking sessions will bring even more members of our industry together to create lasting, beneficial connections.

101 Conference Confirmed Topics

As we continue working with our 101 Conference speakers to finalize their topics, we’d like to offer this sneak peak into a few of our confirmed topics:

  • FDA updates
  • Telehealth
  • The impact of COVID on in-vitro medical device security
  • Remote work
  • Panel discussions with CISOs and medical device manufacturers

With these and many other critical and timely topics, as well as a virtual format making our event more accessible to those with travel limitations, we look forward to hosting a robust and valuable event. Register now for the 2021 Medical Device Security 101 Conference!



Engaging the Pharmaceutical Manufacturing Industry

One of the groups that Archimedes is most excited to engage in our upcoming conference and educational opportunities is the pharmaceutical manufacturing industry. “Archimedes has grown by demand, from not just the medical device industry but the pharmaceutical industry,” said Dr. Fu.

“In some sense, the medical device industry is a little bit ahead of the pharmaceutical industry when it comes to computer security,” Dr. Fu explained. “That’s mainly because the medical industry has already suffered some consequences.” By contrast, the pharmaceutical industry has yet to experience some of the major cybersecurity concerns that have already impacted other healthcare fields.

As the COVID-19 pandemic continues, we see this as an important time for the medical device security community to engage with the pharmaceutical industry. Threats ranging from the spread of medical misinformation to digital attacks on the manufacturing process loom over COVID-19 vaccine development and distribution.

In the months and years to come, we have an opportunity to bring cybersecurity assurance to the pharmaceutical industry. Archimedes can be instrumental in helping pharmaceutical manufacturers formulate the right questions to ask while designing their systems, securing their operational technologies, and hiring contractors or employees.

According to Dr. Fu, one area where Archimedes has excelled is in bringing together diverse stakeholders from the medical health and cybersecurity worlds, and engaging the pharmaceutical industry in these conversations is an extension of that success. Ultimately, we hope to show that security is a solution to be embraced, not a problem or expense to try to avoid.

New Partnership Between Archimedes and AAMI

At Archimedes, we value partnerships and collaboration with people and groups that are working on healthcare security. Sharing information and capabilities benefits everyone, from patients to the hospitals, medical practices, pharmacies, and medical device manufacturers that serve them.

One of our major collaborative efforts this year has been our partnership with the Association for the Advancement of Medical Instrumentation (AAMI), a healthcare technology standards body and professional community. By continuing to build connections with healthcare technology professionals and medical device manufacturers who are members of AAMI, and whose interests AAMI represents, we can continue to make important changes in the healthcare and medical device security industry.

We believe education empowers healthcare professionals to efficiently integrate cybersecurity into their operations. Through this new partnership, we aim to distribute more of our education and training among healthcare technology professionals and medical device manufacturers.

As Dr. Fu explained, “One of the biggest goals [of this partnership] is about educating large communities of many constituents from the healthcare delivery vantage point.” We look forward to the opportunities this partnership presents for promoting and sharing cybersecurity education among the larger medical community.

In addition to this new partnership with AAMI, Archimedes is increasing our partnership with the Bakken Medical Devices Center at the University of Minnesota. In 2021, we’re excited to have more involvement in the Bakken Center’s upcoming Design of Medical Devices Conference on April 11th and 12th. Stay tuned for more updates about this partnership!

Archimedes is proud to continue our collaborative efforts, both within the medical devices community and beyond.

Introducing Our Body of Knowledge Project

Both the increased accessibility of the upcoming virtual 101 Conference and the new partnership with AAMI align with the Archimedes Center’s goal of expanding cybersecurity educational opportunities within the healthcare community.

Another new cybersecurity education initiative we’re working on is our upcoming Body of Knowledge project. This compendium of single-page resources, developed by Archimedes researchers, will address speciality topics in the field of medical device security.

Through the Body of Knowledge project, we’ll be sharing best practices, industry standards, and the information most critical to our field. With our laser-focused, one-page resources, busy professionals can get straight to the point. Our goal is to make these resources accessible to a wide audience, helping to set the standard for the healthcare industry.

The Body of Knowledge project will provide a number of unique benefits to healthcare professionals.

Intended for Education, Not Sales

When making sales is an objective, it’s all too easy for a piece of informational content to become bloated or biased. This is one reason why it can be difficult for many healthcare professionals to access objective, research-based content concerning security in their industry.

By contrast, Archimedes’ goal is to educate and serve our members and audience with trusted, independent, research-based expertise, particularly with the Body of Knowledge Project. “We are born from academia,” said Dr. Fu. “We’re not selling products. Our job is to educate. I think the members find it very efficient to get information from us.”

Empowering Industry Leaders and Professionals

Not every hospital, medical office, pharmacy, or medical device manufacturer works the same. When healthcare and medical device security resources are overly prescriptive, their advice may not be best suited for everyone in the field.

At Archimedes, we believe that the key is to help people help themselves. According to Dr. Fu, “We don’t want to change these places and their workflows, but give them information to use with systems they already have set up.”

Hospitals, healthcare delivery organizations, pharmacies, and device manufacturers have the operational knowledge to best integrate our security expertise into their workplaces. Through the Body of Knowledge project, we look forward to providing them with these necessary resources in an accessible format!

Product Security 2020 Survey Results

Experiencing a data breach—or even simply having your cybersecurity vulnerabilities exposed—can be a public relations nightmare for organizations of any kind. Due to HIPAA and other industry compliance regulations, the security of patient information is an especially important and sensitive topic.

As a result, there is a significant lack of data about the state of product security in the medical device security industry. This year, Archimedes partnered with one of our longstanding members, Hillrom, a medical device provider operating worldwide, to distribute an anonymous survey among device manufacturers and report on the results.

Our short report, the Product Security 2020 Survey Results, contains original data about how the medical device security industry is evolving and how product security teams are organized. Until recently, the results of this survey were only available to our MDM members. We’re now happy to share the results of this survey publicly for the first time as a brief glimpse into the unique information and data available through our membership program.

Download the report today, available only from Archimedes! For more exclusive data, information, and resources, join our membership program.


The Changing Role of Device Security in the Medical Industry

The growing need for medical device security has only multiplied given the expansion of telehealth services during the COVID-19 pandemic. “This was an unplanned grand experiment at global scale,” said Dr. Fu. “We’ve moved to this mostly virtual world, so suddenly these devices have to remain secure, even when the clinician is not physically next to the patient.”

In addition, the shift to telehealth has introduced huge amounts of healthcare data being produced. This new data must be appropriately secured every step of the way, from creation to transmission to storage.

“It’s just one ransomware hack away from disruption and havoc,” Dr. Fu warns. “More information being virtual creates a bigger need for cyber hygiene and threat modeling.” With proper education and training for the healthcare industry, we can close the gap between the expansion of telehealth and the lag of accompanying cybersecurity.

Want to Stay Informed About What’s Next? Connect with Archimedes

The Archimedes Center for Healthcare and Device Security is an independent, leading research center dedicated to advancing medical device security knowledge. Our founder and Chief Scientist, Dr. Kevin Fu, is credited for establishing the field of medical device security in 2008, and we have since produced the most highly cited research on the cybersecurity of medical devices to date.

Stay informed about what’s next in the healthcare and medical device security industry by joining our membership program. As a member of Archimedes’ Circle, you gain access to vital and trustworthy educational resources, exclusive data and training, and a network of colleagues and world leaders in healthcare and medical device security, engineering, and government regulation.

Become a part of our community today!