Security Research Movement Identifies Principles to Preserve Patient Safety and Build Trust in the Healthcare System.  

Washington, DC, – January 19th, 2016I Am The Cavalry, a cybersecurity volunteer association focused on public safety concerns, today issues an open letter to leaders of the healthcare stakeholder communities, calling for the adoption of a Hippocratic Oath for Connected Medical Devices. The Oath identifies measures to preserve patient safety and trust in the healthcare system as a response to the increasing reliance placed on connected devices in the healthcare sector.

“Connected technologies provide life-saving therapies that would not be achieved without them. We want to head off unintended consequences by guiding manufacturers to build devices that are resilient against the accidents and adversaries of a connected environment,” said Beau Woods of I Am The Cavalry. “We’ve seen a lot of progress in the last two years, as stakeholders have started to proactively collaborate to advance cyber safety. We applaud those efforts and encourage others to ensure we are safer, sooner, together.”

Complex, software-driven, connected technologies are increasingly being used in every facet of modern healthcare. These technologies can offer considerable benefits to both patients and healthcare practitioners; however, these systems are also inherently likely to be vulnerable to flaws, and their connectivity opens them up to potential manipulation.  This can have catastrophic consequences, not only in terms of patient safety, but also in undermining the trust placed in healthcare systems.

In response to this, I Am The Cavalry has updated the language of the Hippocratic Oath for modern healthcare delivered by connected medical devices.  The original Hippocratic Oath, created in the late Fifth Century BC, is made by physicians as an attestation that they will provide care in the best interest of patients. As connected technologies are increasingly the instruments of delivering this care, it stands to reason that the design, development, production, deployment, use, and maintenance of medical devices should follow the symbolic spirit of the Hippocratic Oath.

Patients, care givers, and other stakeholders have the right to make informed decisions about treatment options.  When patients deny themselves the best care available out of cyber safety fears, no ones’ interests are served.  So to give them greater confidence in the safety of technologies, I Am The Cavalry is proposing that those involved in the chain of care – from device design to treatment – publish an attestation of a commitment to the best possible methods for device development and deployment, ensuring that patients are not put at unnecessary risk.

The Hippocratic Oath for Connected Medical Devices offers five core cybersecurity capabilities:

  1. Cyber Safety by Design: Inform design with security lifecycle, adversarial resilience, and secure supply chain practices.
  2. Third-Party Collaboration: Invite disclosure of potential safety or security issues, reported in good faith.
  3. Evidence Capture: Facilitate evidence capture, preservation, and analysis to learn from safety investigations.
  4. Resilience and Containment: Safeguard critical elements of care delivery in adverse conditions, and maintain a safe state with clear indicators when failure is unavoidable.
  5. Cyber Safety Updates: Support prompt, agile, and secure updates.

“In 2015 we announced a coordinated vulnerability disclosure policy, inviting researchers to contribute to our patients’ safety,” said Hannes Molsen, Product Security Manager of Dräger, a Germany based medical device manufacturer. “The Hippocratic Oath for Connected Medical Devices perfectly summarizes the challenges manufacturers, healthcare organizations and security researches face during the development, the deployment, and the maintenance of connected devices throughout their entire lifecycle. It is great to have a document at hand that focuses precisely on medical devices, so every single point matters. For our patients’ safety this is a great step to bring the community together, to establish referable norms for cyber safety, to become safer, sooner.”

“Patients, in consultation with their physicians, make the best judgement for their individual case,” said Dr. Marie Moe, security researcher at SINTEF, pacemaker patient, and I Am The Cavalry volunteer. “They should each be asking questions about the capabilities outlined in the Hippocratic Oath for Connected Medical Devices to make sure their decisions are fully informed.”

“As we seek to treat existing pathologies, we should not inadvertently create new ones,” said Dr. Christian Dameff, M.D. “A Hippocratic oath extends physicians’ commitment to patient safety to others in the chain of care delivery.”

The Open Letter and detail of the Hippocratic Oath for Connected Medical Devices are included in full below. The Oath builds on work also conducted to promote greater collaboration in the medical device sector, which includes participating in panel discussions at the upcoming FDA Public Workshop – Moving Forward: Collaborative Approaches to Medical Device Cybersecurity, on January 20-21. The Oath is also aligned to the approach I Am The Cavalry has taken in other cyber safety sectors, such as the automotive sector, where the group proposed a “Five Star Automotive Cyber Safety Program” and has been working with automakers to drive adoption of these and other security practices.

For more information on the Hippocratic Oath for Connected Medical Devices, or any other I Am The Cavalry initiative, please contact press@iamthecavalry.org.


About I Am The Cavalry

The I Am The Cavalry movement was formed in response to concerns over the impact of cybersecurity threats on public safety.  Its efforts are focused on cybersecurity issues relating to four main of public safety: medical, automotive, home electronics, and public infrastructure. All members are volunteers, and offer their time and expertise free of charge.

For more information, please visit: https://www.iamthecavalry.org/.

Safer. Sooner. Together.