Jeff Tully

Last updated
Jeff Tully
Jeff Tully security researcher.jpg
Alma materUniversity of Arizona College of Medicine – Phoenix
Known for
  • Medical infrastructure security
  • Medical device security
Scientific career
Fields
  • Cybersecurity
  • Medicine
Institutions
  • University of California-San Diego School of Medicine
  • UCSD Center for Healthcare Cybersecurity
  • Healthcare Ransomware Resiliency and Response Program

Jeff Tully is a medical cybersecurity researcher whose works have been published in JAMA Internal Medicine, JAMA Network Open, The Journal of Emergency Medicine, the Journal of the American College of Cardiology and the Journal of Medical Internet Research, among others. [1] [2] [3] He has spoken internationally about these topics at conferences like DEF CON, the RSA Conference and DerbyCon. [4] [5] [6] [7] [8] He is also co-director of The UCSD Center for Healthcare Cybersecurity at the University of California-San Diego and co-principal investigator of the Healthcare Ransomware Resiliency and Response Program (H-R3P). [9] [10] Tully is also a board-certified anaesthesiologist and pediatrician, as well as an associate clinical professor at the University of California-San Diego. [11] [12]

Contents

Early life and career

While attending the University of Arizona College of Medicine – Phoenix, Tully showed an interest in biohacking, presenting at DEF CON 20 in 2013. [4] Tully graduated and specialized in anesthesiology and pediatrics. [8]

Following the WannaCry ransomware attacks in 2017, Tully shifted his attention to improving the cybersecurity of emergency medical services, hospitals, critical medical infrastructure, and medical devices. He organized the CyberMed Summit, a medical cybersecurity conference. The CyberMed Summit offered practical, hands-on clinical simulations  of cybersecurity breaches in hospital environments and included medical professionals, cybersecurity experts, law-enforcement officials, policymakers and hackers. [13] [14] [15] During the COVID-19 pandemic, Tully brought attention to the security issues of telemedicine and the increased possibility of cyberattacks. [16]

Tully advocates securing access to hospital and healthcare networks, hardening emergency services against cyberattacks and securing medical devices. [17] [18] [19] [20] [21] In addition to those duties, Tully is also an associate clinical professor at the University of California-San Diego School of Medicine where he teaches medical students, residents and fellows and contributes to medical and cybersecurity academic research. [12]

In October of 2023, Tully was named co-principal investigator for the Healthcare Ransomware Resiliency and Response Program (H-R3P) at the University of California-San Diego, which secured a $9.5 million Advanced Research Projects Agency for Health grant. [9] [17] [10]

Selected academic research

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer software, systems and networks from threats that can lead to unauthorized information disclosure, theft or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

A blended threat is a software exploit that involves a combination of attacks against different vulnerabilities. Blended threats can be any software that exploits techniques to attack and propagate threats, for example worms, trojan horses, and computer viruses.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

Jeffrey Carr is a cybersecurity author, researcher, entrepreneur and consultant, who focuses on cyber warfare.

A cyberattack occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content.

Change Healthcare Inc. is a provider of revenue and payment cycle management that connects payers, providers, and patients within the U.S. healthcare system. The name also refers to a company founded in 2007 which subsequently became part of the current conglomerate. The company operates the largest financial and administrative information exchange in the United States.

A medical device hijack is a type of cyber attack. The weakness they target are the medical devices of a hospital. This was covered extensively in the press in 2015 and in 2016.

<span class="mw-page-title-main">WannaCry ransomware attack</span> 2017 worldwide ransomware cyberattack

The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It was propagated using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry's spread was from organizations that had not applied these, or were using older Windows systems that were past their end of life. These patches were imperative to cyber security, but many organizations did not apply them, citing a need for 24/7 operation, the risk of formerly working applications breaking because of the changes, lack of personnel or time to install them, or other reasons.

<span class="mw-page-title-main">Petya (malware family)</span> Family of encrypting ransomware discovered in 2016

Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the users make a payment in Bitcoin in order to regain access to the system.

The city of Atlanta, Georgia was the subject of a ransomware attack which began in March 2018. The city recognized the attack on Thursday, March 22, 2018, and publicly acknowledged it was a ransomware attack.

The 2018 SingHealth data breach was a data breach incident initiated by unidentified state actors, which happened between 27 June and 4 July 2018. During that period, personal particulars of 1.5 million SingHealth patients and records of outpatient dispensed medicines belonging to 160,000 patients were stolen. Names, National Registration Identity Card (NRIC) numbers, addresses, dates of birth, race, and gender of patients who visited specialist outpatient clinics and polyclinics between 1 May 2015 and 4 July 2018 were maliciously accessed and copied. Information relating to patient diagnosis, test results and doctors' notes were unaffected. Information on Prime Minister Lee Hsien Loong was specifically targeted.

On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that afflicted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack. Overseen by the FBI, the company paid the amount that was asked by the hacker group within several hours; upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state.

<span class="mw-page-title-main">Health Service Executive ransomware attack</span> 2021 cyber attack on the Health Service Executive in Ireland

On 14 May 2021, the Health Service Executive (HSE) of Ireland suffered a major ransomware cyberattack which caused all of its IT systems nationwide to be shut down.

In mid-May 2021 hospital computer systems and phone lines run by the Waikato District Health Board (DHB) in New Zealand were affected by a ransomware attack. On 25 May, an unidentified group claimed responsibility for the hack and issued an ultimatum to the Waikato DHB, having obtained sensitive data about patients, staff and finances. The Waikato DHB and New Zealand Government ruled out paying the ransom.

<span class="mw-page-title-main">2022 Ukraine cyberattacks</span> Attack on Ukrainian government and websites

During the prelude to the Russian invasion of Ukraine and the Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.

The Advanced Research Projects Agency for Health (ARPA-H) is an agency within the Department of Health and Human Services. Its mission is to "make pivotal investments in break-through technologies and broadly applicable platforms, capabilities, resources, and solutions that have the potential to transform important areas of medicine and health for the benefit of all patients and that cannot readily be accomplished through traditional research or commercial activity."

Rhysida is a ransomware group that encrypts data on victims' computer systems and threatens to make it publicly available unless a ransom is paid. The group uses eponymous ransomware-as-a-service techniques, targets large organisations rather than making random attacks on individuals, and demands large sums of money to restore data. The group perpetrated the notable 2023 British Library cyberattack and Insomniac Games data dump. It has targeted many organisations, including some in the US healthcare sector, and the Chilean army.

Once a cyberattack has been initiated, certain targets need to be attacked to cripple the opponent. Certain infrastructures as targets have been highlighted as critical infrastructures in times of conflict that can severely cripple a nation. Control systems, energy resources, finance, telecommunications, transportation, and water facilities are seen as critical infrastructure targets during conflict. A new report on the industrial cybersecurity problems, produced by the British Columbia Institute of Technology, and the PA Consulting Group, using data from as far back as 1981, reportedly has found a 10-fold increase in the number of successful cyber attacks on infrastructure Supervisory Control and Data Acquisition (SCADA) systems since 2000. Cyberattacks that have an adverse physical effect are known as cyber-physical attacks.

References

  1. Dameff, Christian; Tully, Jeffrey; Chan, Theodore C.; Castillo, Edward M.; Savage, Stefan; Maysent, Patricia; Hemmen, Thomas M.; Clay, Brian J.; Longhurst, Christopher A. (2023-05-08). "Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US". JAMA Network Open. 6 (5): e2312270. doi:10.1001/jamanetworkopen.2023.12270. ISSN   2574-3805. PMC   10167570 . PMID   37155166.
  2. Goebel, Mat; Dameff, Christian; Tully, Jeffrey (2019-07-09). "Hacking 9-1-1: Infrastructure Vulnerabilities and Attack Vectors". Journal of Medical Internet Research. 21 (7): e14383. doi: 10.2196/14383 . ISSN   1438-8871. PMC   6647750 . PMID   31290401.
  3. Neprash, Hannah T.; Dameff, Christian; Tully, Jeffrey (2024-11-01). "Cybersecurity Lessons From the Change Healthcare Attack". JAMA Internal Medicine. 184 (11): 1283–1284. doi:10.1001/jamainternmed.2024.3162. ISSN   2168-6106. PMID   39250110.
  4. 1 2 "Hacking humans: Building a better you". CNET. Retrieved 2025-01-22.
  5. Zetter, Kim. "How Hackers Could Mess With 911 Systems and Put You at Risk". Wired. ISSN   1059-1028 . Retrieved 2025-01-22.
  6. Thomson, Iaian (September 26, 2017). "Docs ran a simulation of what would happen if really nasty malware hit a city's hospitals" . Retrieved January 22, 2025.
  7. Barth, Bradley (2020-09-23). "Lessons from the ransomware death: Prioritize cyber emergency preparedness". SC Media. Retrieved 2025-01-22.
  8. 1 2 Innes, Stephanie. "Can medical devices be hacked? Arizona doctors prepare for possibility of cyberattacks". The Arizona Republic. Retrieved 2025-01-22.
  9. 1 2 Ribeiro, Anna (2023-10-04). "HHS' ARPA-H awards $50 million in funding for six research contracts to advance health data security". Industrial Cyber. Archived from the original on 2024-08-16. Retrieved 2025-01-22.
  10. 1 2 "DIGIHEALS Awardees | ARPA-H". arpa-h.gov. 2024-07-01. Retrieved 2025-01-23.
  11. "Verification of Certification | The American Board of Pediatrics". www.abp.org. Retrieved 2025-01-22.
  12. 1 2 "Jeffrey Tully | UCSD Profiles". profiles.ucsd.edu. Retrieved 2025-01-22.
  13. Stanford, Julianne. "Hacking a heart pacemaker isn't science fiction. See what experts are doing to prevent it". The Arizona Republic. Retrieved 2025-01-22.
  14. "Video Fears of hackers targeting hospitals, medical devices". ABC News. Retrieved 2025-01-22.
  15. "Now doctors need to be hackers, too". Engadget. 2017-06-16. Retrieved 2025-01-22.
  16. Drees, Jackie (2020-05-06). "COVID-19 cyber threats: Why data integrity is crucial & how to protect it". www.beckershospitalreview.com. Retrieved 2025-01-22.
  17. 1 2 "UCSD School of Medicine awarded $9.5M to develop cybersecurity measures". KPBS Public Media. 2023-10-03. Retrieved 2025-01-22.
  18. Wetsman, Nicole (2018-11-02). "The FDA Needs to Better Prepare for Cyberattacks on Medical Devices: Report". Gizmodo. Retrieved 2025-01-22.
  19. "When ransomware hijacks your health care". www.wbur.org. 2024-07-04. Retrieved 2025-01-22.
  20. Drees, Jackie (2019-06-03). "Threats, vulnerabilities of medical device cyberattacks: 4 Qs with UC Davis cybersecurity expert Dr. Jeff Tully". www.beckershospitalreview.com. Retrieved 2025-01-22.
  21. Rappleye, Emily (2019-05-01). "Avoid the 'basic cardinal sins of password generation': 3 questions with UC Davis security expert Dr. Jeff Tully". www.beckershospitalreview.com. Retrieved 2025-01-22.
  22. Dameff, Christian J.; Selzer, Jordan A.; Fisher, Jonathan; Killeen, James P.; Tully, Jeffrey L. (February 2019). "Clinical Cybersecurity Training Through Novel High-Fidelity Simulations". The Journal of Emergency Medicine. 56 (2): 233–238. doi:10.1016/j.jemermed.2018.10.029. PMID   30553562.
  23. Tully, Jeffrey; Jarrett, Mark; Savage, Stefan; Corman, Joshua; Dameff, Christian (2018-07-03). "Digital Defenses for Hacked Hearts: Why Software Patching Can Save Lives". Journal of the American College of Cardiology. 72 (1): 126–127. doi:10.1016/j.jacc.2018.03.540. ISSN   0735-1097. PMID   29957225.
  24. Goebel, Mat; Dameff, Christian; Tully, Jeffrey (2019-07-09). "Hacking 9-1-1: Infrastructure Vulnerabilities and Attack Vectors". Journal of Medical Internet Research. 21 (7): e14383. doi: 10.2196/14383 . ISSN   1438-8871. PMC   6647750 . PMID   31290401.
  25. Tully, Jeffrey; Coravos, Andrea; Doerr, Megan; Dameff, Christian (2020-03-30). "Connected Medical Technology and Cybersecurity Informed Consent: A New Paradigm". Journal of Medical Internet Research. 22 (3): e17612. doi: 10.2196/17612 . ISSN   1438-8871. PMC   7154933 . PMID   32224492.
  26. Tully, Jeff; Selzer, Jordan; Phillips, James P.; O'Connor, Patrick; Dameff, Christian (2020-06-01). "Healthcare Challenges in the Era of Cybersecurity". Health Security. 18 (3): 228–231. doi:10.1089/hs.2019.0123. ISSN   2326-5094. PMID   32559153.
  27. Maggio, Lauren A.; Dameff, Christian; Kanter, Steven L.; Woods, Beau; Tully, Jeffrey (June 2021). "Cybersecurity Challenges and the Academic Health Center: An Interactive Tabletop Simulation for Executives". Academic Medicine. 96 (6): 850–853. doi:10.1097/ACM.0000000000003859. ISSN   1040-2446. PMID   33239532.
  28. Sullivan, Natalie; Tully, Jeffery; Dameff, Christian; Opara, Chibuzo; Snead, Mackenzie; Selzer, Jordan (2023). "A National Survey of Hospital Cyber Attack Emergency Operation Preparedness". Disaster Medicine and Public Health Preparedness. 17: e363. doi: 10.1017/dmp.2022.283 . ISSN   1935-7893. PMID   36945857.
  29. Dameff, Christian; Tully, Jeffrey; Chan, Theodore C.; Castillo, Edward M.; Savage, Stefan; Maysent, Patricia; Hemmen, Thomas M.; Clay, Brian J.; Longhurst, Christopher A. (2023-05-08). "Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US". JAMA Network Open. 6 (5): e2312270. doi:10.1001/jamanetworkopen.2023.12270. ISSN   2574-3805. PMC   10167570 . PMID   37155166.
  30. Neprash, Hannah T.; Dameff, Christian; Tully, Jeffrey (2024-11-01). "Cybersecurity Lessons From the Change Healthcare Attack". JAMA Internal Medicine. 184 (11): 1283–1284. doi:10.1001/jamainternmed.2024.3162. ISSN   2168-6106. PMID   39250110.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.