Putting Weird Ideas Together with Weird People

Literally seeing
the future
before it arrives

BFAM is a think tank dedicated to advancing the safe and ethical use of technology and AI in healthcare — founded by two brothers (from another mother) who brought the concept of "medjacking" into the medical literature while walking their dogs.

See the work ↓
Scroll
The Origin Story
It started over a dog walk in December 2014. An academic surgeon and a cybersecurity chief, brothers-in-law, realized that the devices keeping people alive were built on the same vulnerable platforms as the phones in their pockets. That conversation was the spark — but what followed took years of work and a growing community of dedicated collaborators.

Armstrong and Kleidermacher immediately conferenced in two other renowned specialists: David C. Klonoff, Clinical Professor of Medicine at UCSF, founder of the Diabetes Technology Society, and editor-in-chief of the Journal of Diabetes Science and Technology; and Marvin J. Slepian, Regents Professor of Medicine, Medical Imaging, and Biomedical Engineering at the University of Arizona, co-founder of SynCardia Systems — maker of the world's first and only FDA-approved Total Artificial Heart — and a named inventor on over 160 patents.

Together, the four wrote the first paper in the peer-reviewed medical literature on medjacking — the malicious hacking of medical devices — bridging a cybersecurity industry concept into clinical medicine and proposing a regulatory framework based on international Common Criteria.

That paper helped spark a much larger effort. Klonoff established the Cybersecurity Standard for Connected Diabetes Devices (DTSec) Steering Committee, and Kleidermacher co-led the technical work over several years — but the standard was built by a broad coalition of dedicated contributors from across industry, government, and academia. The committee brought together the FDA, the Department of Homeland Security, the National Security Council, NIST, NASA, the NSA, Booz Allen Hamilton, the Bluetooth Special Interest Group, leading device manufacturers, and many others who gave their expertise to the cause.

DTSec became the world's first consensus cybersecurity standard for connected medical devices, later adopted by IEEE and Underwriters Laboratories as the foundation for IEEE 2621 — a milestone that belongs to the entire community that built it. In 2018, the Insulet Omnipod DASH became the first insulin pump certified under the standard. In 2019, the first-ever recall of a diabetes device for cybersecurity vulnerabilities validated what the original authors had warned about.

A decade later, the threat landscape has exploded. AI-powered diagnostics, remote patient monitoring, connected insulin pumps, smart wound care — the attack surface is no longer theoretical. It's on every patient's body.

BFAM exists to think about what happens next.

The Founders
David G. Armstrong
Distinguished Professor of Surgery & Neurological Surgery · USC
A limb preservation surgeon who leads USC's NSF-funded Center to Stream Healthcare in Place (C2SHiP), bridging consumer electronics with medical devices. Founding President of the American Limb Preservation Society. Fellow of the Royal College of Surgeons, Glasgow. The rare clinician who thinks in firmware.
760+
Peer-Reviewed Papers
120+
Books & Chapters
David N. Kleidermacher
VP Engineering, Android Security & Privacy · Google
Protects billions of users and devices across the Android ecosystem. Former CSO of BlackBerry, CTO of Green Hills Software, and co-creator of INTEGRITY — the only OS ever certified to Common Criteria EAL 6+. Board member of the ioXt Alliance. Author of Embedded Systems Security. Thinks in threat models the way surgeons think in anatomy.
3B+
Devices Protected
EAL 6+
Highest Security Cert
Founding Collaborators
David C. Klonoff
Clinical Professor of Medicine · UCSF · Founder, Diabetes Technology Society
Coined the term "diabetes technology" and founded the field's leading professional society. Editor-in-chief of the Journal of Diabetes Science and Technology. Chaired DTSec, DTMoSt, and the IEEE 2621 standards — the world's first three consensus medical device cybersecurity standards. Featured in Wired for this work. Recipient of the ADA Outstanding Physician Clinician Award and an FDA Director's Special Citation.
3
Cybersecurity Standards Chaired
120+
Clinical Trials as PI
Marvin J. Slepian
Regents Professor of Medicine & Biomedical Engineering · University of Arizona
Co-founded SynCardia Systems, maker of the world's only FDA-approved Total Artificial Heart. Inducted into the National Academy of Inventors. Invented endoluminal paving, drug-eluting stents, and biodegradable polymers for tissue repair. A cardiologist who earned a law degree to better navigate the innovation landscape. Thinks across disciplines the way others think within them.
160+
Patents Issued/Pending
1st
Total Artificial Heart (FDA)
Next Generation
Natalie S. Armstrong
PhD Candidate, Johns Hopkins Bloomberg School of Public Health
A Fulbright Scholar who studied water systems in Greenland's Arctic settlements before serving as a Program Officer at the National Academies of Sciences, Engineering, and Medicine. Now pursuing her PhD at Johns Hopkins Bloomberg, working at the food-energy-water (FEW) nexus — the collision point where data centers, infrastructure, and humanity's resource needs converge. The thread connecting Arctic fieldwork to AI server farms: every system is a body, and every body needs protecting.
🇬🇱
Fulbright, Greenland
NAS
National Academies
FEW
Food · Energy · Water
Domains of Inquiry
The questions keeping us up at night
🔓
Medjacking 2.0
The next generation of medical device vulnerabilities — from AI-powered insulin pumps to remote surgical robots. We brought this threat into the medical literature a decade ago. Now the attack surface is inside your body.
🧬
Digital Immunity
Applying biological resilience principles — redundancy, immune surveillance, adaptive response — to cybersecurity architecture for connected health systems.
🤖
AI + Clinical Trust
When AI makes diagnostic and therapeutic decisions, who certifies its security? How do we build trust frameworks for algorithms that touch human tissue?
📡
Streaming Healthcare
The security implications of moving care from hospitals to homes — remote monitoring, wearable therapeutics, and the consumer-medical device convergence.
🏛️
Policy & Standards
Shaping regulatory frameworks for connected medical devices — from FDA cybersecurity guidance to international Common Criteria for health tech.
The Body Electric
Every patient now carries multiple IP addresses in or on their body. We explore the philosophical and practical implications of being permanently networked.
Foundational Works
Literally peering into the future
▶ Classic Lecture · 2012
Repair, Regeneration, and Replacement, Revisited
The original lecture that mapped humanity's evolving relationship with death — from disaster to disease to decay — and charted a future of regenerative medicine, human-machine interfaces, and AI-driven health.
📄 Redux Manuscript · 2025
Repair, Regeneration, and Replacement, Revisited (Redux)
Armstrong, Najafi, Gao, Klonoff & Liu. Thirteen years later — a tour of Tomorrowland today. Human-centered AI applied to regenerative medicine, exoskeletons, biosensors, and memory engineering.
Putting weird ideas together with weird people — and seeing the future before it arrives.
"We are all walking around with IP addresses in or on us, which makes us susceptible to the same attacks as bank accounts and ATM machines."
Armstrong, Kleidermacher, Klonoff & Slepian · JDST, 2016 · The paper that launched the first medical device cybersecurity standard
Two Davids.
One mission.
Protecting the body electric.
Get in Touch