Medical devices comprise both hardware and software elements; however, the technology in these devices increases the risk of cyberattacks and poses safety risks to patients.
To ensure these devices are safe and secure, a team of Johns Hopkins computer scientists has identified a gap between regulatory expectations and practical implementation, driven by the absence of educational resources and reference designs to build on. As a result, medical device manufacturers are often left to independently interpret and translate policy into what they believe are secure systems.
In response, the team developed an open-source platform to standardize medical device cybersecurity education. The team’s research was presented in the poster “A Hands-On Platform for Medical Device Security Education” at the Association for Computing Machinery Special Interest Group for Computer Science Education’s Technical Symposium 2026. The annual event, held this year in St. Louis, provides an opportunity for computer science educators to share ideas related to teaching and pedagogy.
What started as a class project in a Medical Device Cybersecurity course grew into a collaboration with Michael Rushanan—a lecturer in the Johns Hopkins University Information Security Institute and the principal investigator of the Health and Medical Security Lab—to address a critical gap in both academia and the medical device industry, explains Dibyajyoti Nath, a graduate student in the department’s Master of Science in Security Informatics (MSSI) program and one of the authors of the paper.
“We developed an open-source, secure medical device reference design that allows manufacturers to exceed FDA cybersecurity expectations. Then we adapted the design into a practical educational platform to provide educators and students with a consistent, reproducible, regulatory- and standards-aligned method for developing secure medical devices,” says Nath. “By integrating education, research, and real-world application, our work strengthens the cybersecurity posture of the medical device ecosystem and helps improve patient safety.”
The researchers’ platform supports a real clinical application and includes elements generally found in devices that diagnose and treat medical conditions. To evaluate its platform, the team focused on a medical device that monitors Parkinson’s treatment and used it to demonstrate how manufacturers can translate abstract regulatory policies into a practical, secure-by-design workflow so they can be held to cybersecurity expectations and international standards.
The research team includes Nath, Kaixin Du, Ramit Saraswat, and Zhicheng Sun, all students in the MSSI program; Rushanan; and Tushar M. Jois, Engr ’19, ’20 (MS), ’23 (PhD), now a faculty member at the City College of New York.