Last summer, I was working on a new connected healthcare cybersecurity standard. My collaborators were a diverse group of healthcare professionals: caregivers, medical device manufacturers, insurance companies and other payers, medical and cybersecurity liability attorneys, medical device “ethical” hackers, medical device academic researchers, patient advocacy groups, and more. During that process, it occurred to me that I didn’t know of a conference that brought together a similarly diverse set of perspectives for interchange on the important issues in medical security and privacy technology, process, and policy.
I approached Dr. David Klonoff (my co-founder of DTSec) and Rich Nass, a good friend with whom I’ve worked together on other technology conferences over the past many years – who both agreed on the need and graciously offered to help launch MEDSec, which held its inaugural meeting this week in San Jose.
Feedback from the event has been extremely positive; the conference hall remained packed throughout the two-day agenda as we were treated to an array of presentations from fantastic speakers and spirited panel discussions with the full audience.
Suzanne Schwartz from the FDA started the conference with her impassioned explanation of FDA medical device cybersecurity guidance and how current regulations and approval processes cover security risks, given that they contribute to the existing risk management processes for safety.
We heard from leaders at Intel and ARM – who spearhead the two major microprocessor architectures of the modern digital world – both explaining how medical device manufacturers can leverage emerging chipset-based security features in their designs and the path forward for increased leverage of commercial smartphone and wearable technologies in medical contexts.
We heard from Jennifer Granick, a leading civil liberties authority from the Stanford Center for Internet and Society, who shared harrowing stories and lessons learned about the research community’s relationship with manufacturers and the law. We heard from Billy Rios, internationally acclaimed researcher, on the high-pressure lives of researchers, especially those involved in medical device hacking.
We heard from several medical system manufacturers, including Bayer and Ascensia, and their commitment and focus on building security maturity throughout their organizations and software development lifecycles.
Finally, I had the honor of announcing and presenting the official release of DTSec, whose completion following a public review cycle coincided with the start of MEDSec.
MEDSec featured many other informative and entertaining presentations, too many to list here. Thanks to all the attendees, speakers, sponsors, and my co-chairs for starting what will hopefully become an enduring event and opportunity for productive sharing, learning, and innovation in security and privacy for the Internet of Medical Things. It’s a bit early for planning MEDSec 2017, but if you are interested in participating, don’t hesitate to reach out.