People
Kevin Fu, PhD, MEng, Professor, PATCH PI and Director
Kevin Fu, Ph.D., is Professor of Electrical & Computer Engineering, the Khoury College of Computer Sciences, and Bioengineering at Northeastern University. He leads research in analog cybersecurity, focusing on threats to the physics of computation and sensing, with work that has influenced medical device manufacturers, global regulators, and international safety standards. A widely published expert in medical device security, healthcare ransomware, automobile cybersecurity, RFID security, and web security, Dr. Fu previously served as Acting Director of Medical Device Cybersecurity at the U.S. FDA and Program Director for Cybersecurity at its Digital Health Center of Excellence. He has testified before Congress, co-chaired the AAMI cybersecurity working group to develop FDA-recognized consensus standards, and co-founded N95decon.org during the COVID-19 pandemic. He holds B.S., M.Eng., and Ph.D. degrees from MIT.
.jpg?width=263&height=263&name=Weiyan_Shi_headshot(1).jpg)
Weiyan Shi, PhD, MA, Assistant Professor, PATCH Co-PI
Weiyan Shi is Assistant Professor at Northeastern University. Her research interests are in NLP, Human-AI Interaction and AI safety. She is recognized as MIT Technology Review 35 Innovators under 35, Rising Star in Machine Learning and Rising Star in EECS. She has received a Best Social Impact Paper, an Outstanding Paper, and a Best Paper Nomination for her work on persuasive dialogues at ACL 2019 and ACL 2024. She was also a core team member behind a Science publication on the first negotiation AI agent, Cicero, that achieved a human level in the game of Diplomacy. This work has been featured in The New York Times, The Washington Post, MIT Technology Review, Forbes, and other major media outlets.
Lili Su, PhD, Assistant Professor, PATCH Deputy Director and Co-PI
Lili Su is Assistant Professor in the Department of Electrical and Computer Engineering, with a courtesy appointment in the Khoury College of Computer Sciences. She completed her postdoctoral work in MIT Computer Science & Artificial Intelligence Laboratory (CSAIL), after earning her doctoral and master’s degrees from the Department of Electrical and Computer Engineering at the University of Illinois (UIUC). Her research explores machine learning and designing provably resilient yet efficient distributed algorithms for large-scale machine learning systems. Within the field, she focuses on distributed/collaborative learning, fault-tolerant and resilient computing, multi-agent systems, and autonomous vehicles.
She received the 2024 NSF Career Award and the 2022 Sony Faculty Innovation Award. She was recognized as a Rising Star in EECS in 2018. Dr.Su is a co-director of the Center for Signal Processing, Imaging, Reasoning, and Learning (SPIRAL) at Northeastern University. She is a guest editor of ACM Transactions on Modeling and Performance Evaluation of Computing Systems. During her PhD studies, her work was runner-up for the Best Student Paper Award at DISC 2016, and she received the Best Student Paper Award at SSS 2015.
https://lilisu3.sites.northeastern.edu/
Mira Collins, MS, Program Coordinator
Mira Collins is a seasoned Program Manager with over two decades of experience leading complex, cross-functional initiatives across healthcare, automotive, and financial sectors. During her nearly 15-year tenure at United Healthcare’s IT division, Optum, she spearheaded enterprise-scale system and application releases supporting member services, provider networks, clinical platforms, enrollment, and eligibility. Her leadership was instrumental in streamlining healthcare deployment for military and government populations through automation and standardized third-party integrations. Mira co-led the launch of in-home care scheduling solutions and drove user engagement through advanced clinical platforms. Most recently, she has transformed operational workflows into AI-powered dashboards that deliver strategic clarity and executive-level insight.
Jiancong Cui, PhD Student
Jiancong Cui is a Ph.D. student in the Khoury College of Computer Sciences at Northeastern University, advised by Prof. Kevin Fu. His research lies at the intersection of cybersecurity, medical device security, and generative AI. He focuses on leveraging physical variations to detect and defend against emerging real-time generative AI systems. He previously gained extensive experience in malware analysis and detection while completing his master’s degree.
Veronica Estrella, Deputy Director of Archimedes
Veronica Estrella is the Deputy Director of the Archimedes Center for Healthcare and Medical Device Cybersecurity at Northeastern University.
Veronica specializes in advancing collaborations between academia, industry, and government to strengthen medical device cybersecurity and healthcare resilience. With over 15 years of experience spanning management, sales, customer service, and stakeholder engagement, Veronica is recognized for her strategic leadership, partnership-building, and expertise in program development and event planning. She is passionate about fostering collaboration and driving secure, patient-centered healthcare solutions.
Joseph Gardecki, PhD, Program Manager
Jennifer Amos, PhD, Teaching Professor
University of Illinois Urbana-Champaign
Jenny Amos is a Teaching Professor in Bioengineering at the University of Illinois Urbana- Champaign. She is a AIMBE Fellow and Board of Directors Member, BMES Fellow and Board of Directors Member, ABET Commissioner, two-time Fulbright Specialist in engineering education. She has won multiple awards and recognitions for her teaching and scholarship of teaching both on and off campus. Outside of BIOE, she has also worked to revolutionize the future of graduate medical education serving as a founding member of the Carle-Illinois College of Medicine. She also holds affiliations with Art+Design, the Siebel Center for Design, the Center for Global Studies, the College of Education, and the Health Sciences Engineering Center. Amos is part of numerous NSF funded research projects and leads efforts to innovate bioengineering training, medical training, and translation of innovative designs into practice.
https://bioengineering.illinois.edu/people/jamos
David Brumley, PhD, CEO and Professor
David Brumley is CEO and co-founder of ForAllSecure (DBA Mayhem Security), and a full professor at Carnegie Mellon. David brings a unique blend of deep technical expertise and strategic business acumen, demonstrated by Mayhem's successful adoption across major verticals, including Global SaaS, Operational Technology, and Defense. The media has called him the “Nick Saban of Hacking” due to his extensive background as a cybersecurity researcher, Carnegie Mellon University full professor, and a sought-after subject matter expert in cyber operations and exploit development. He has published over 100 peer-reviewed articles, won the United States Presidential Award for scientists, a Sloan award, and numerous best paper and test of time awards from cryptography (Remote Timing Attacks are Practical) to foundations in Automatic Exploit Generation. He founded the world’s most awarded hacking team (MMM/PPP – 8 DEFCon CTF wins), holds a black badge, founded picoctf.org with over 800,000 learners now enrolled, and built RSAC’s newest CTF platform rsac.picoctf.org. He is a frequent speaker, and a sought-after subject matter expert on topics like high performance hacking, weapons system exploitation, and autonomous security.
Education: Phd CS Carnegie Mellon, Masters CS Stanford, BA Math Univ. Northern Colorado
https://en.wikipedia.org/wiki/David_Brumley
Christian Dameff, MD, MS, Associate Professor
Dr. Christian Dameff M.D., M.S is an associate professor of Emergency Medicine, Biomedical Informatics, and Computer Science at the University of California San Diego (UCSD). He is also the co-director of the UCSD Center for Healthcare Cybersecurity. He is a practicing board certified Emergency Medicine physician and Clinical Informatician. He was hired in 2019 as the nation’s first Medical Director of Cybersecurity at UCSD Health. He is an internationally known expert and is among the top published researchers in the field of healthcare cybersecurity. He has testified before the US Congress and US Food and Drug Administration (FDA) on healthcare cybersecurity and ransomware.
https://profiles.ucsd.edu/christian.dameff
Julian M. Goldman, MD, Medical Director, Biomedical Engineering; Director, Program on Smart and Autonomous Medical Systems
Massachusetts General Hospital
Julian M. Goldman, MD, FASA is an attending anesthesiologist at the Massachusetts General Hospital, Founder and Director of the research program on Medical Device Interoperability & Cybersecurity and Medical Director of Biomedical Engineering for Mass General Brigham. Dr. Goldman founded the MD PnP Program in 2004 to advance medical device interoperability for patient safety. The program's Center for Smart and Autonomous Medical Systems (SaAMS) is addressing technology, standards, and safety for remote, virtual, and closed loop medical systems.
Dr. Goldman is Board Certified in Anesthesiology and Clinical Informatics, Served as VP of Medical Affairs of Masimo Corp. before joining MGH to serve as a principal anesthesiologist in the MGH Operating Room of the Future. Dr. Goldman served on FDA Pulse Oximetry Advisory Committees and leads several international medical device standardization committees.
More information: www.jgoldman.info
Michael Holt, President & CEO to Forward Deployed Engineer
Michael Holt builds at the intersection of AI, climate, and cybersecurity—turning policy and science into shipped products. At Traverse Ventures—and in management consulting—he leads venture studio efforts that build commercialization and other production-grade tools.
His teams have managed $20M+ across federal programs, helped generate $275M+ in follow-on capital, and supported 30+ startups and institutions.
He also serves as CEO of Virta Labs, delivering an open security platform for connected care and critical infrastructure. His prior work includes contributions to standards and safety with NIST Picture Archiving and Communication System (PACS) and the Health Sector Coordinating Council (HSCC).
Daniel B. Kramer, MD, MPH, Associate Professor and Section Head
BIDMC / Harvard Medical School
Dr. Daniel Kramer studied Philosophy at Brown University prior to earning his MD from Harvard Medical School and MPH from the Harvard TH Chan School of Public Health. He completed internal medicine training at Massachusetts General Hospital and fellowships in cardiovascular disease at clinical cardiac electrophysiology at Beth Israel Deaconess Medical Center, as well as the Medical Device Fellowship Program with the FDA. He is a member of the cardiac electrophysiology service at BIDMC, where he is Section Head of Electrophysiology and Digital Health at the Richard and Susan Smith Center for Outcomes Research. Dr. Kramer is an Associate Professor of Medicine at Harvard Medical School, where he is also a member of the faculty at the Center for Bioethics and affiliated faculty at the Brigham and Women’s Hospital Program on Regulation, Therapeutics, and Law.
Dr. Kramer’s research focuses on ethics, policy, and clinical outcomes related to the use of cardiac devices, with funding support from the Harvard Catalyst, Paul Beeson Scholars Program, the Greenwall Faculty Scholars Program in Bioethics, the National Institutes of Health, and the Patient- Centered Outcomes Research Institute.
https://bidmc.theopenscholar.com/vtcenter/people/daniel-kramer-md
Jack Kufahl, MLS, Chief Information Security Officer
Jack Kufahl is the Chief Information Security Officer for Michigan Medicine at the University of Michigan.
He has over 20 years of experience in information technology, primarily in leadership roles. He is one of the incorporating officers of the Michigan Healthcare Cybersecurity Council. The MiHCC is a public-private partnership in the State of Michigan and the healthcare industry supporting the citizens, patients, workforce , and students of Michigan. Jack is also a graduate of the esteemed FBI CISO Academy, the US Army War College National Security Seminar Program, and has completed the Master of Legal Studies degree with a concentration in compliance law at Washington University in St Louis.
Michael Rosenberg, MD, Associate Professor
University of Colorado Anschutz Medical Campus
Michael is an Associate Professor of Medicine at the University of Colorado Health Sciences Center, with a faculty clinical cardiac electrophysiologist in the Division of Cardiology for the University of Colorado Hospital. I am the medical director of the ECG Laboratory for the University of Colorado Hospital, as well as the Clinical Sciences Program of the CU Division of Cardiology. My research is funded by the NIH to focus on translational approaches to the study of cardiac arrhythmias through advanced quantitative methods.
Amanda St. Martin, Hospital Programs Manager
Michigan Center for Rural Health
Amanda St. Martin serves as the Hospital Programs Manager at the Michigan Center for Rural Health, where she leads quality improvement initiatives for Michigan’s Critical Access Hospitals (CAHs) through the MI CAH Quality Network. Her work focuses on supporting hospitals as they adopt new care models, including the Rural Emergency Hospital designation, integrating Remote Patient Monitoring to improve outcomes, and expanding access to community-based palliative care. She also contributes to national efforts to advance healthcare equity for individuals with complex needs and disabilities. Driven by a passion for strengthening rural healthcare, Amanda’s efforts continue to shape the future of care delivery across Michigan.
Jeff Tully, MD, Associate Professor
UC San Diego Center for Healthcare Cybersecurity
Jeffrey Tully is an Associate Clinical Professor of Anesthesiology and Co-Director of the UC San Diego Center for Healthcare Cybersecurity. Tully’s research focuses on the intersections of safety, security, and equity in an increasingly technologically connected healthcare system by covering two primary domains: the patient safety and clinical outcomes effects of cybersecurity attacks on healthcare, and the validation of clinical applications of artificial intelligence and machine learning tools with a focus on ensuring equitable access across populations.
Tully completed his medical degree at the University of Arizona College of Medicine – Phoenix, followed by residencies in pediatrics and anesthesiology. He is board-certified in anesthesiology, pediatrics, and clinical informatics.
https://en.wikipedia.org/wiki/Jeff_Tully
Axel Wirth, MS, Chief Security Strategist
As Chief Security Strategist at Medcrypt, Axel Wirth is focusing on cybersecurity in the healthcare industry. Over 15 years he has developed a deep understanding of the unique security challenges in this space.
Axel has a proven track record of developing and implementing effective security solutions that ensure the confidentiality, integrity, and availability of medical devices and the sensitive data they manage. He teaches courses in medical device cybersecurity at the University of Connecticut and through AAMI and has contributed to several books. Axel is known for his exceptional problem-solving skills, technical knowledge, and excellent communication and leadership abilities. He is committed to advancing the field by ensuring that medical devices are secure, and patients are safe.
He holds a Master of Science in Engineering Management (MSEM) from The Gordon Institute of Tufts University and a Bachelor of Science in Electrical Engineering (BSEE) from Düsseldorf University of Applied Sciences.
Advisory Board Members
Pamela Arora, President and CEO
Pamela Arora is President and CEO of the Association for the Advancement of Medical Instrumentation (AAMI), a nonprofit organization founded in 1967 and a global leader in developing national and international consensus standards. AAMI has a network of over 14,000+ members across more than 70 countries, including industry leaders, healthcare professionals, and government representatives working together to improve patient safety and healthcare outcomes.
Prior to joining AAMI, Arora served for 14 years as Senior Vice President of Strategic Technology and CIO at Children’s Health System of Texas, where she led enterprise IT, cybersecurity, and digital transformation initiatives. Her experience navigating operational disruption and cyber risk in clinical environments informs AAMI’s work to support safe and effective health technology across the device lifecycle.
Arora’s standards and health technology leadership aligns with the PATCH Project goals of enabling timely, scalable, and safe patching of medical devices. By convening manufacturers, providers, and public-sector stakeholders, AAMI helps translate shared cybersecurity and safety expectations into implementable practices that protect patients. Though Pamela's leadership at AAMI, the PATCH Project is able to accelerate the impact of its Whole Hospital Simulator and Vulnerability Mitigation Platform.
Greg Garcia, Executive Director, HSCC
Greg Garcia is the Executive Director of the Health Sector Coordinating Council Cybersecurity Working Group, a government-recognized critical infrastructure industry council representing more than 400 healthcare providers, pharmaceutical and medical technology companies, payers, and health IT organizations. In this role, he leads industry collaboration with government partners to identify and mitigate cyber threats to health data and research, healthcare systems, manufacturing, and patient care.
Garcia was appointed by President George W. Bush as the nation’s first Assistant Secretary for Cybersecurity and Communications at the U.S. Department of Homeland Security. Across a 32-year career in national service, he has influenced and implemented change at the intersection of business, public policy, and national security, with executive leadership roles spanning healthcare, financial services, high technology, and the United States Congress. He has served on the President’s Information Security and Privacy Advisory Board and is a recipient of the 2024 Malcolm Baldrige Foundation Award for Leadership Excellence.
Through HSCC, Greg’s work delivers immediate, sector-wide impact across hundreds of organizations responsible for patient care, medical products, and healthcare infrastructure. This directly aligns with the PATCH mission to move healthcare cybersecurity beyond compliance checklists toward measurable resilience at system scale. In recognition of his leadership advancing healthcare cyber resilience, Greg is also a recipient of the 2025 Archimedes Leadership Award, ceremonially bestowed with an industry standard coconut. Greg Garcia and Dr. Kevin Fu have been collaborating for over a decade, including co-authoring the 2012 NIST ISPAB federal advisory board letter that led to the restructuring of HHS and FDA accountability for more deliberate regulation of medical device security.
John D Halamka, MD, MS
Dwight and Dian Diercks President
For over 40 years, John D. Halamka, M.D., M.S., has been dedicated to the technology and policy that enable information exchange among clinical, educational and administrative stakeholders. In particular, Dr. Halamka is focused on bringing people together for multidisciplinary collaboration and career development at all levels. He works across government, academia and industry to form consortia that accelerate progress in informatics and patient care.
As Dwight and Dian Diercks President of the Mayo Clinic Platform, Dr. Halamka is currently collaborating with Young J. Juhn, M.D., M.P.H., on research addressing algorithmic bias. This work has profound implications for artificial intelligence (AI) research and health equity and is a high priority of the Mayo Clinic Platform and Mayo Clinic as a whole.
Dr. Halamka also is dedicated to educating the next generation of health care technology professionals. His expertise has given him the opportunity to teach extraordinarily diverse audiences, ranging from medical students to international policymakers. Before transitioning to Mayo Clinic, he served as a professor at Harvard Medical School for 25 years.
Dr. Halamka's research and clinical background, combined with his passion for teaching, have enabled him to implement innovative technologies in local, regional, national and international settings. During the COVID-19 pandemic, he served as co-leader of the COVID-19 Healthcare Coalition and the national convalescent plasma effort, The Fight Is In Us. He also was an active participant in Harvard's Clinical and Translational Science Awards program and was the co-principal investigator of Harvard's i2b2 project and Harvard Catalyst efforts.
As CIO at Beth Israel Deaconess Medical Center, Dr. Halamka managed IT operations during one of the earliest major cybersecurity incidents to disrupt a U.S. hospital, when the SQL Slammer worm exploited an unpatched SQL vulnerability in January 2003. That experience highlighted the clinical risks of delayed patching and helped shape early healthcare cybersecurity practices. His operational and policy expertise aligns with the mission of the UPGRADE program to ensure timely, scalable, and safe patching of medical devices to protect patient care. Read more about the history at https://www.networkworld.com/article/888384/lan-wan-at-a-boston-hospital-lessons-learned-from-slammer.html
Mark Herschberg, CEO
Mark Herschberg is a technology entrepreneur, educator, and author with a career spanning startups, Fortune 500 companies, and academia, with deep experience in security, cryptography, and building organizations from the ground up. His work has ranged from tracking criminal and terrorist activity on the dark web to creating marketplaces and novel authentication systems, and he holds more than a dozen patents.
On the PATCH project, Herschberg has been instrumental in advising on team formation and hiring practices to manage the risks inherent in building multidisciplinary teams. He brings extensive operational experience in recruiting, leadership development, and startup execution, helping ensure that PATCH teams can translate technical innovation into durable, high-impact outcomes. He also helped launch MIT’s Undergraduate Practice Opportunities Program (UPOP), often described as the institute’s career success accelerator, and has taught hundreds of students at MIT and guest lectured at the University of Michigan on career development. At Harvard Business School, Mark helped create a platform used to teach finance at prominent business schools. He also works with many non-profits, including Techie Youth and Plant A Million Corals. He was one of the top-ranked ballroom dancers in the country and now lives in New York City, where he is known for his social gatherings, including his annual Halloween party, as well as his diverse cufflink collection.
He earned a BS in Physics, a BS in Electrical Engineering and Computer Science, and a Master of Engineering in EECS from MIT, with a focus on cryptography. He is the author of The Career Toolkit: Essential Skills for Success That No One Taught You, the creator of the Brain Bump app, and also performs stand-up comedy. Read his book at https://www.thecareertoolkitbook.com/
Eric Horvitz, PhD, MD, Chief Scientific Officer
Eric Horvitz, MD, PhD, is Chief Scientific Officer at Microsoft where he leads initiatives at the intersection of science, technology, and society, with emphases on artificial intelligence, biosciences, and healthcare. His research contributions have advanced AI through innovations in perception, reasoning, and decision-making under uncertainty.
Dr. Horvitz is known for foundational contributions to AI theory and practice, particularly for developing probabilistic and decision-theoretic methods that enable intelligent systems to operate in complex, open-world settings and collaborate effectively with people. He has also led major efforts on AI ethics, values, and safety, founding and chairing Microsoft’s Aether Committee, establishing Stanford’s One Hundred Year Study on AI, and co-founding the Partnership on AI, as well as serving as a Congressionally appointed commissioner on the National Security Commission on AI.
Eric received his MD and PhD from Stanford University and previously served as director of Microsoft Research, overseeing research labs across North America, Europe, and Asia.
His work on responsible and trustworthy AI, including research on key considerations for the responsible development and fielding of AI systems, aligns with the PATCH Project goals of applying AI to strengthen healthcare infrastructure and autonomous patching of vulnerabilities. For further reading, see, Key Considerations for the Responsible Development and Fielding of Artificial Intelligence at https://erichorvitz.com/Key_Considerations.pdf
Ben Ransford, PhD
Ben Ransford is a security engineer based in Seattle. He has cofounded four B2B startups focused on security, machine learning, and speech automation, as well as software, hardware, e-commerce, and retail startups, including the first medical-device security company and a Linux game store. He earned a B.S. in computer science from Cornell University and an M.S. and Ph.D. in computer science from UMass Amherst as an NSF Graduate Research Fellow, followed by a multidisciplinary postdoctoral fellowship at the University of Washington.
He has been a security engineer at Stripe, a systems engineer at D. E. Shaw & Co., L.P., and a tragically young stand-up comedian. His academic work on security, ultra-low-power systems, compilers, RFID, and network protocols have won two test-of-time awards (IEEE Security & Privacy, PLDI) and two best-paper awards (SIGCOMM, IEEE Security & Privacy). He has his best ideas when riding a mountain bike, playing a guitar, or teaching programming.
Ben was a co-lead author of the influential 2008 paper, Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses, that helped establish medical device cybersecurity as a research field. Discussion of his paper appeared almost two decades ago in the New York Times and the Wall Street Journal. The paper provided the first rigorous study to evaluate wireless implantable medical device security and privacy and which later received recognition with the IEEE Symposium on Security and Privacy Test of Time Award. Ben's work on understanding and mitigating risks in lifesaving medical technologies directly supports the goals of the PATCH project, which seeks to accelerate vulnerability discovery and remediation across connected healthcare devices while ensuring uninterrupted patient care.