Dr. Mike Rushanan Teaches Groundbreaking Course on Medical Device Cybersecurity at Johns Hopkins University

Whitepaper: Dr. Rushanan explains Best Practices for Ensuring Secure… Read Now

Cybersecurity Testing
- - - Cybersecurity Testing
      
      We test medical technologies for resilience, applying deep expertise, advanced tools, and regulatory insight to strengthen systems.
      
      Overview
  - - Cybersecurity Testing Solutions
      
      Hardware Testing
      
      Software & Firmware Testing
      
      Vulnerability Testing
      
      Healthcare IT Systems
Regulatory Support
- - - Regulatory Support
      
      We bring scientific rigor to support FDA and global medical device requirements—on your timeline.
      
      Overview
  - - Regulatory Support Solutions
      
      Compliance Assessment & Submission
      
      Persistent Vulnerability Monitoring
Cyber Engineering
- - - Cyber Engineering
      
      We design resilient, secure software and embedded systems that power connected medical technologies.
      
      Overview
  - - Cyber Engineering Solutions
      
      Security Data & Privacy
      
      Software Design & Development
Proven Success
- - - Featured Case Study
      
      Automated External Defibrillator
      
      Resolving an FDA hold for an AED manufacturer by fixing firmware update vulnerabilities—enabling regulatory approval, renewed sales, and improved postmarket cybersecurity.
      
      Learn More
  - - Proven Success
      
      Our Methodology
      
      Case Studies
- - - Our Methodology
    - Case Studies
Resources
- - - Thought Leadership
    - Whitepapers
Company
Contact Us

Thought Leadership

Dr. Mike Rushanan Teaches Groundbreaking Course on Medical Device Cybersecurity at Johns Hopkins University

In a new course, students prepare for the FDA's ramped up security requirements for insulin pumps, pacemakers, and other wearables.

Dr. Mike Rushanan teaching Johns Hopkins University course

The Internet of Things has long delivered on the promise of connecting everyday products such as smart thermostats, appliances, cars, and more.

But as the human body has come to occupy a central place in that connected landscape through fitness trackers, insulin pumps, pacemakers, and other wearable devices, the perils of cybersecurity have escalated.

Wirelessly infiltrating such medical devices to inflict harm has occupied many a fictional thriller—from the TV show Homeland to the novel Kill Decision—as well as real life policy debates such as the vulnerability of former Vice President Dick Cheney’s pacemaker. In 2019, the U.S. Food and Drug Administration took the historic step of recalling a specific type of insulin pump because of potential cybersecurity risks.

Still, medical device manufacturers have continued to push products toward the market before they have implemented fully integrated cybersecurity measures, focusing more on making sure the products are safe for patients rather than from outside hacking threats.

Now, a new course offered by the Johns Hopkins Whiting School of Engineering, Medical Device Cybersecurity, is preparing students for the revised approval process mandated by the FDA, which has ramped up requirements for cybersecurity measures throughout the medical device design process.

“Protecting these devices from cyber threats is not just a technical challenge—it’s a matter of patient safety,” states the syllabus for the class, taught by Dr. Michael Rushanan, a lecturer in the Department of Computer Science who earned his PhD from JHU in 2016. “A security breach in medical devices like pacemakers and insulin pumps can have life-threatening consequences.”

The class provides an in-depth review of FDA cybersecurity guidance and the processes needed to meet those relatively nascent government requirements—from the initial design and development steps through device deployment.

The course teaches real-world case studies and provides practical exercises and simulations—including a final project that requires students to build actual medical devices equipped with air-tight cybersecurity measures.

“We want the students to go into the field knowing how critical it is to apply cybersecurity risk management from the design stage,” said Rushanan, chief scientist at Harbor Labs, the firm founded by retired Johns Hopkins professor Avi Rubin. “If you don’t, device manufactures are going to continue to have a ton of problems at the end of the process that can cost them hundreds of thousands of dollars to fix.”

Rubin, who started the Johns Hopkins Health and Medical Security Lab, said manufacturers have become more aware of security issues than they used to be thanks to new comprehensive FDA regulations. But, he added, the class is a first for teaching that new landscape—from understanding the regulatory landscape to incorporating those requirements into the design process.

“This is a first-of-its-kind course on the cybersecurity of medical devices with a focus on the specific issues and challenges inherent in that environment,” Rubin said. “The high level of regulation and the cyber-physical nature of devices that interact directly with humans, along with the privacy sensitivity of health data represent a unique set of challenges. This course provides students with hands-on experience working specifically on medical device security. It will give students a launchpad into careers related to medical and healthcare security.”

The students presented the products they developed with cybersecurity measures fully enmeshed in the designs on May 12. They included:

ThermaTrack:

Provides real-time tracking of a patient’s body temperature and can alert caregivers when it detects abnormal variations. The data is stored securely on the AWS cloud where it can be accessed through a web and mobile application.

Cardio Crisis:

ECG monitors heart activity through a sensor placed on the body and which is connected to a high-speed processor that transmits the data via Bluetooth to a smartphone application. It can detect cardiac irregularities in real time, allowing for quick responses by medical personnel.

PulseLite:

Creates, analyzes, and displays echocardiographic data collected on a patient’s body and provides remote monitoring to alert emergency contacts when abnormalities such as heart attacks are detected.

HappyKittySleepyKitty:

Monitors sleep patterns and stress levels in individuals with PTSD and anxiety. The device tracks physiological indicators that correlate with stress spikes and sleep disturbances, providing real-time feedback and artificial intelligence-driven suggestions for interventions that can improve the users’ well-being.

NeuroMotion:

Tracks movement and other medical data for patients suffering from Parkinson’s disease to determine if treatment is beneficial. It helps patients track their progress and optimize treatment plans that can assist with better recovery and positive mental health outcomes.

Original Article by Doug Donovan, Johns Hopkins University
Image credit: Will Kirk, Johns Hopkins University

About the Author

Dr. Mike Rushanan
Chief Scientist
Dr. Mike Rushanan is the Chief Scientist at Harbor Labs. Dr. Rushanan has been on the front line of the medical device security industry since its inception, serving as the lead engineer on the FDA’s first ever cybersecurity alert in 2015. His extensive experience with all facets of medical cybersecurity, including regulatory policy, clinical technologies, healthcare IT, cryptography, and secure system design is reflected in the countless thousands of fielded medical systems certified through his reviews. Dr. Rushanan is renowned for his work in diabetes care cybersecurity. He has worked with most major providers and a broad set of diabetes care technologies, including insulin pumps, CGMs, closed loop systems, and diabetes management software. Dr. Rushanan also specializes in cardiac care systems, surgical robotics, next-gen sequencing systems, and drug infusion systems. Dr. Rushanan teaches the course Security and Privacy in Computing, and is the course designer and instructor of Medical Device Security at Johns Hopkins University. His Ph.D. from Johns Hopkins University is in the area of Computer System and Network Security.

THOUGHT LEADERSHIP

Cybersecurity Testing

Cybersecurity Testing Solutions

Regulatory Support

Regulatory Support Solutions

Cyber Engineering

Cyber Engineering Solutions

Featured Case Study

Automated External Defibrillator

Proven Success

Dr. Mike Rushanan Teaches Groundbreaking Course on Medical Device Cybersecurity at Johns Hopkins University

The Internet of Things has long delivered on the promise of connecting everyday products such as smart thermostats, appliances, cars, and more.

ThermaTrack:

Cardio Crisis:

PulseLite:

HappyKittySleepyKitty:

NeuroMotion:

About the Author

More From Harbor Labs Experts

Why FDA Rejects the Cybersecurity Content of Regulatory Submissions

Regulatory Science Meets Cyber Science; Why It’s So Much More than a Pen Test

Medical Device Manufacturer Must Do’s for Cybersecurity

Your Project’s Success Starts with a Conversation