Roman Lysecky

Roman Lysecky received a Ph.D. in Computer Science from the University of California, Riverside in 2005. He is an expert on embedded systems, emphasizing medical device security, automated threat detection and mitigation, runtime adaptive systems, and design optimization. He received the Outstanding Dissertation Award from the European Design and Automation Association, a CAREER award from the National Science Foundation, and six Best Paper Awards. He is an inventor on multiple patents and has authored eight textbooks on C, C++, Java, and Data Structures, among others.

Roman Lysecky is an Associate Professor of Electrical and Computer Engineering at the University of Arizona. He is a speaker at the MedTech Forum 2018 and his session include: Becoming Hackproof in MedTech on Thursday 25th of January. For more information go to the MTF website and follow #MTF2018 on Twitter. ********************************* Security must become the number one concern when developing connected medical devices. Millions of connected devices have already been produced and many of these are implantable. What would happen if these products were compromised by malware? Implantable cardiac devices, such as insulin pumps and other products with wireless connectivity and remote monitoring features, are delivering considerable benefits to patients and health systems. However, without the right protection, this comes with significant risks that hackers might seek to exploit vulnerable devices . The nightmare scenario would be a security breach that could cause cardiac arrest or be used to extract ransom from individuals or institutions. Failure to protect vulnerable patients from cyberattacks could undermine the lifesaving promise of these technologies, potentially breaking the Hippocratic Oath: First Do No Harm. Producing software that is entirely and provably secure is prohibitively costly, time-consuming, and often infeasible. We need resilient systems that automatically detect any security issues and have a built-in way to mitigate any threat this may pose. Threat detection At my lab at the University of Arizona, we believe security should be a fundamental part of the device itself, not an afterthought or a nice-to-have feature. Our team has developed a prototype pacemaker device that detects runtime anomalies – tiny differences in the order or time it takes for the device to perform computational tasks. For example, if it takes 20 milliseconds instead of three milliseconds to send data to the patient’s digital cardiac log, something may be wrong. Currently,...