Threat Modeling Essentials at Archimedes 2026 Healthcare Security Week
Threat Modeling Essentials, led by Adam Shostack, is a standout offering at Archimedes 2026 Healthcare Security Week, Feb 18 in Las Vegas.
Join Adam February 18, 2026, in Las Vegas, for an in-person Threat Modeling Essentials training event.
Healthcare cybersecurity is not just an IT problem. It is a patient safety issue, a clinical continuity issue, a regulatory issue, and increasingly, an ethical one.
From ransomware attacks that delay care to vulnerabilities in connected medical devices that put patients at risk, the healthcare sector faces a threat landscape unlike any other. Devices are often deployed for years; sometimes decades. And security failures can have real-world, physical consequences. Lives depend on medical systems and devices remaining safe and operational without interruption.
Beyond that, the U.S. Food and Drug Administration (FDA) has made it clear through its premarket and postmarket cybersecurity guidance that manufacturers and healthcare organizations must take a systematic, risk-based approach to identifying and mitigating cybersecurity threats. Security can no longer be treated as a final checklist item; it must be embedded throughout design, development, deployment, and maintenance.
That is why Threat Modeling Essentials, led by Adam Shostack, is a standout offering at Archimedes 2026 Healthcare Security Week, taking place February 18–20, 2026, in Las Vegas.
The Archimedes Center for Healthcare and Device Security advances cybersecurity across the healthcare ecosystem by:
- Bridging industry, academia, and government
- Supporting FDA-aligned cybersecurity research and education
- Focusing specifically on healthcare delivery organizations and medical devices
- Elevating best practices through training, collaboration, and community
By bringing together practitioners, researchers, regulators, and security leaders, Archimedes creates a space where theory meets practice, and where patient safety remains the north star.
Cybersecurity as a Patient Safety and Lifecycle Issue
FDA guidance frames cybersecurity as an extension of patient safety and quality systems, emphasizing the need for manufacturers to anticipate reasonably foreseeable threats and document how risks are identified, assessed, and mitigated over the total product lifecycle. Threats to confidentiality, integrity, and availability can directly impact clinical decision-making, device performance, and continuity of care.
The Archimedes team understands something many others are still catching up to; creating secure healthcare environments must balance:
- Patient safety and clinical outcomes
- Regulatory compliance (FDA, HIPAA, CMS, and beyond)
- Operational continuity
- Legacy systems that cannot easily be redesigned
- long device lifecycles
- Rapid innovation and interoperability demands
- Increasing connectivity and remote access requirements
Traditional “bolt-on” security approaches are not enough. What healthcare organizations need is a way to systematically identify, prioritize, and mitigate risk before vulnerabilities turn into incidents.
That is where threat modeling becomes essential.
Threat Modeling and FDA Guidance: A Natural Fit
Adam Shostack is widely recognized as one of the leading authorities on threat modeling, but his relevance to healthcare and medical device cybersecurity goes beyond authorship and training. He consulted with the FDA during the development of its cybersecurity guidance, bringing real-world threat modeling expertise into regulatory discussions.
It’s no surprise then that, FDA premarket and postmarket cybersecurity guidance repeatedly points to practices that are foundational to threat modeling, including:
- Identifying assets, threats, and vulnerabilities
- Assessing risk based on likelihood and impact
- Implementing appropriate mitigations
- Documenting security risk management decisions
- Reassessing risk as systems evolve
Threat modeling provides a structured, repeatable process to do exactly this early in design and continuously over time.
For medical device manufacturers and healthcare organizations, threat modeling supports:
- Premarket submissions and design history file documentation
- Secure-by-design and defense-in-depth strategies
- Ongoing risk management and postmarket surveillance
- Cross-functional collaboration between engineering, security, quality, and regulatory teams
What Adam Shostack Brings to the Table
Adam Shostack is not just teaching a framework; he is bringing decades of experience shaping how organizations think about security.
As the author of Threat Modeling: Designing for Security and one of the most influential voices in cybersecurity and threat modeling, Adam has helped make security accessible, practical, and actionable; especially for teams that don’t live and breathe cybersecurity every day.
Participants in Threat Modeling Essentials can expect:
- Clear, practical methods that scale from small teams to complex organizations
- Real-world examples that go beyond theory
- Guidance that respects business, engineering, and regulatory constraints
- A focus on usable security, not academic perfection
Why This Training Matters Now
Healthcare cybersecurity is at an inflection point. Attackers are more sophisticated. FDA expectations around cybersecurity continue to evolve, with increasing emphasis on secure-by-design principles, proactive risk identification, and lifecycle management. And the consequences of failure are increasingly visible.
Threat Modeling Essentials with Adam Shostack equips healthcare and medical device professionals with tools and perspectives that directly support those expectations and helps create secure healthcare environments.
For those responsible for product security, quality, regulatory compliance, risk management, or healthcare IT security, this training offers a rare opportunity to learn from someone who has helped shape both industry practice and regulatory thinking.
Join Adam February 18, 2026, in Las Vegas, and strengthen your approach to healthcare cybersecurity.