Jump to content

Jeff Tully

From Wikipedia, the free encyclopedia
Jeff Tully
Alma materUniversity of Arizona College of Medicine – Phoenix
Known for
  • Medical infrastructure security
  • Medical device security
Scientific career
Fields
  • Cybersecurity
  • Medicine
Institutions
  • University of California-San Diego School of Medicine
  • UCSD Center for Healthcare Cybersecurity
  • Healthcare Ransomware Resiliency and Response Program

Jeff Tully is a medical cybersecurity researcher whose works have been published in JAMA Internal Medicine, JAMA Network Open, The Journal of Emergency Medicine, the Journal of the American College of Cardiology and the Journal of Medical Internet Research, among others.[1][2][3] He has spoken internationally about these topics at conferences like DEF CON, the RSA Conference and DerbyCon.[4][5][6][7][8] He is also co-director of The UCSD Center for Healthcare Cybersecurity at the University of California-San Diego and co-principal investigator of the Healthcare Ransomware Resiliency and Response Program (H-R3P).[9][10] Tully is also a board-certified anaesthesiologist and pediatrician, as well as an associate clinical professor at the University of California-San Diego.[11][12]

Early life and career

[edit]

While attending the University of Arizona College of Medicine – Phoenix, Tully showed an interest in biohacking, presenting at DEF CON 20 in 2013.[4] Tully graduated and specialized in anesthesiology and pediatrics.[8]

Following the WannaCry ransomware attacks in 2017, Tully shifted his attention to improving the cybersecurity of emergency medical services, hospitals, critical medical infrastructure, and medical devices. He organized the CyberMed Summit, a medical cybersecurity conference. The CyberMed Summit offered practical, hands-on clinical simulations  of cybersecurity breaches in hospital environments and included medical professionals, cybersecurity experts, law-enforcement officials, policymakers and hackers.[13][14][15] During the COVID-19 pandemic, Tully brought attention to the security issues of telemedicine and the increased possibility of cyberattacks.[16]

Tully advocates securing access to hospital and healthcare networks, hardening emergency services against cyberattacks and securing medical devices.[17][18][19][20][21] In addition to those duties, Tully is also an associate clinical professor at the University of California-San Diego School of Medicine where he teaches medical students, residents and fellows and contributes to medical and cybersecurity academic research.[12]

In October of 2023, Tully was named co-principal investigator for the Healthcare Ransomware Resiliency and Response Program (H-R3P) at the University of California-San Diego, which secured a $9.5 million Advanced Research Projects Agency for Health grant.[9][17][10]

Selected academic research

[edit]
  • C Dameff, J Selzer, J Fisher, J Killeen, J Tully (2018). “Clinical Cybersecurity Training Through Novel High-Fidelity Simulations.” The Journal of Emergency Medicine.[22]
  • J Tully, M Jarrett, S Savage, J Corman, C Dameff (2018). “Digital Defenses for Hacked Hearts: Why Software Patching Can Save Lives.” Journal of the American College of Cardiology.[23]
  • M Goebel, C Dameff, J Tully (2019). “Hacking 9-1-1: Infrastructure Vulnerabilities and Attack Vectors”. Journal of Medical Internet Research.[24]
  • J Tully, A Coravos, M Doerr, C, Dameff. “Connected Medical Technology and Cybersecurity Informed Consent: A New Paradigm”. Journal of Medical Internet Research.[25]
  • J Tully, J Selzer, J Phillips, P O’Connor, C Dameff (2020). “Healthcare Challenges in the Era of Cybersecurity.” Health Security. [26]
  • L Maggio, C Dameff, S Kanter, B Woods, J Tully (2021). “Cybersecurity Challenges and the Academic Health Center: An Interactive Tabletop Simulation for Executives”. Academic Medicine : Journal of the Association of American Medical Colleges. [27]
  • N Sullivan, J Tully, C Dameff, C Opara, M Snead, J Selzer (2023). “A National Survey of Hospital Cyber Attack Emergency Operation Preparedness”. Disaster Medicine and Public  Health Preparedness. [28]
  • C Dameff, J Tully, T Chan, E Castillo, S Savage, P Maysent, T Hemmen, B Clay, C Longhurst (2023). “Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US”. JAMA Network Open. [29]
  • H Neprash, C Dameff, J Tully (2024). Cybersecurity Lessons from the Change Healthcare Attack. JAMA Internal Medicine. [30]

References

[edit]
  1. ^ Dameff, Christian; Tully, Jeffrey; Chan, Theodore C.; Castillo, Edward M.; Savage, Stefan; Maysent, Patricia; Hemmen, Thomas M.; Clay, Brian J.; Longhurst, Christopher A. (2023-05-08). "Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US". JAMA Network Open. 6 (5): e2312270. doi:10.1001/jamanetworkopen.2023.12270. ISSN 2574-3805. PMC 10167570. PMID 37155166.
  2. ^ Goebel, Mat; Dameff, Christian; Tully, Jeffrey (2019-07-09). "Hacking 9-1-1: Infrastructure Vulnerabilities and Attack Vectors". Journal of Medical Internet Research. 21 (7): e14383. doi:10.2196/14383. ISSN 1438-8871. PMC 6647750. PMID 31290401.
  3. ^ Neprash, Hannah T.; Dameff, Christian; Tully, Jeffrey (2024-11-01). "Cybersecurity Lessons From the Change Healthcare Attack". JAMA Internal Medicine. 184 (11): 1283–1284. doi:10.1001/jamainternmed.2024.3162. ISSN 2168-6106. PMID 39250110.
  4. ^ a b "Hacking humans: Building a better you". CNET. Retrieved 2025-01-22.
  5. ^ Zetter, Kim. "How Hackers Could Mess With 911 Systems and Put You at Risk". Wired. ISSN 1059-1028. Retrieved 2025-01-22.
  6. ^ Thomson, Iaian (September 26, 2017). "Docs ran a simulation of what would happen if really nasty malware hit a city's hospitals". Retrieved January 22, 2025.
  7. ^ Barth, Bradley (2020-09-23). "Lessons from the ransomware death: Prioritize cyber emergency preparedness". SC Media. Retrieved 2025-01-22.
  8. ^ a b Innes, Stephanie. "Can medical devices be hacked? Arizona doctors prepare for possibility of cyberattacks". The Arizona Republic. Retrieved 2025-01-22.
  9. ^ a b Ribeiro, Anna (2023-10-04). "HHS' ARPA-H awards $50 million in funding for six research contracts to advance health data security". Industrial Cyber. Archived from the original on 2024-08-16. Retrieved 2025-01-22.
  10. ^ a b "DIGIHEALS Awardees | ARPA-H". arpa-h.gov. 2024-07-01. Retrieved 2025-01-23.
  11. ^ "Verification of Certification | The American Board of Pediatrics". www.abp.org. Retrieved 2025-01-22.
  12. ^ a b "Jeffrey Tully | UCSD Profiles". profiles.ucsd.edu. Retrieved 2025-01-22.
  13. ^ Stanford, Julianne. "Hacking a heart pacemaker isn't science fiction. See what experts are doing to prevent it". The Arizona Republic. Retrieved 2025-01-22.
  14. ^ "Video Fears of hackers targeting hospitals, medical devices". ABC News. Retrieved 2025-01-22.
  15. ^ "Now doctors need to be hackers, too". Engadget. 2017-06-16. Retrieved 2025-01-22.
  16. ^ Drees, Jackie (2020-05-06). "COVID-19 cyber threats: Why data integrity is crucial & how to protect it". www.beckershospitalreview.com. Retrieved 2025-01-22.
  17. ^ a b "UCSD School of Medicine awarded $9.5M to develop cybersecurity measures". KPBS Public Media. 2023-10-03. Retrieved 2025-01-22.
  18. ^ Wetsman, Nicole (2018-11-02). "The FDA Needs to Better Prepare for Cyberattacks on Medical Devices: Report". Gizmodo. Retrieved 2025-01-22.
  19. ^ "When ransomware hijacks your health care". www.wbur.org. 2024-07-04. Retrieved 2025-01-22.
  20. ^ Drees, Jackie (2019-06-03). "Threats, vulnerabilities of medical device cyberattacks: 4 Qs with UC Davis cybersecurity expert Dr. Jeff Tully". www.beckershospitalreview.com. Retrieved 2025-01-22.
  21. ^ Rappleye, Emily (2019-05-01). "Avoid the 'basic cardinal sins of password generation': 3 questions with UC Davis security expert Dr. Jeff Tully". www.beckershospitalreview.com. Retrieved 2025-01-22.
  22. ^ Dameff, Christian J.; Selzer, Jordan A.; Fisher, Jonathan; Killeen, James P.; Tully, Jeffrey L. (February 2019). "Clinical Cybersecurity Training Through Novel High-Fidelity Simulations". The Journal of Emergency Medicine. 56 (2): 233–238. doi:10.1016/j.jemermed.2018.10.029. PMID 30553562.
  23. ^ Tully, Jeffrey; Jarrett, Mark; Savage, Stefan; Corman, Joshua; Dameff, Christian (2018-07-03). "Digital Defenses for Hacked Hearts: Why Software Patching Can Save Lives". Journal of the American College of Cardiology. 72 (1): 126–127. doi:10.1016/j.jacc.2018.03.540. ISSN 0735-1097. PMID 29957225.
  24. ^ Goebel, Mat; Dameff, Christian; Tully, Jeffrey (2019-07-09). "Hacking 9-1-1: Infrastructure Vulnerabilities and Attack Vectors". Journal of Medical Internet Research. 21 (7): e14383. doi:10.2196/14383. ISSN 1438-8871. PMC 6647750. PMID 31290401.
  25. ^ Tully, Jeffrey; Coravos, Andrea; Doerr, Megan; Dameff, Christian (2020-03-30). "Connected Medical Technology and Cybersecurity Informed Consent: A New Paradigm". Journal of Medical Internet Research. 22 (3): e17612. doi:10.2196/17612. ISSN 1438-8871. PMC 7154933. PMID 32224492.
  26. ^ Tully, Jeff; Selzer, Jordan; Phillips, James P.; O'Connor, Patrick; Dameff, Christian (2020-06-01). "Healthcare Challenges in the Era of Cybersecurity". Health Security. 18 (3): 228–231. doi:10.1089/hs.2019.0123. ISSN 2326-5094. PMID 32559153.
  27. ^ Maggio, Lauren A.; Dameff, Christian; Kanter, Steven L.; Woods, Beau; Tully, Jeffrey (June 2021). "Cybersecurity Challenges and the Academic Health Center: An Interactive Tabletop Simulation for Executives". Academic Medicine. 96 (6): 850–853. doi:10.1097/ACM.0000000000003859. ISSN 1040-2446. PMID 33239532.
  28. ^ Sullivan, Natalie; Tully, Jeffery; Dameff, Christian; Opara, Chibuzo; Snead, Mackenzie; Selzer, Jordan (2023). "A National Survey of Hospital Cyber Attack Emergency Operation Preparedness". Disaster Medicine and Public Health Preparedness. 17: e363. doi:10.1017/dmp.2022.283. ISSN 1935-7893. PMID 36945857.
  29. ^ Dameff, Christian; Tully, Jeffrey; Chan, Theodore C.; Castillo, Edward M.; Savage, Stefan; Maysent, Patricia; Hemmen, Thomas M.; Clay, Brian J.; Longhurst, Christopher A. (2023-05-08). "Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US". JAMA Network Open. 6 (5): e2312270. doi:10.1001/jamanetworkopen.2023.12270. ISSN 2574-3805. PMC 10167570. PMID 37155166.
  30. ^ Neprash, Hannah T.; Dameff, Christian; Tully, Jeffrey (2024-11-01). "Cybersecurity Lessons From the Change Healthcare Attack". JAMA Internal Medicine. 184 (11): 1283–1284. doi:10.1001/jamainternmed.2024.3162. ISSN 2168-6106. PMID 39250110.