The meeting was instrumental to obtain inputs to better think about the ethics of cybersecurity in health care and to discuss some emerging issues. Although the presentations were divided into three sections (systems, devices and information), there were significant overlaps among the presentations in the different slots. By combining the different inputs, the following problem landscape emerges.
Requirements and desiderata for health systems
Health care industry is in an early phase where the problem is being recognized step by step. Other industries went through the same cycles and are partly still in it. It is the responsibility of all participants to support these efforts. Many attacks are not special to healthcare and so are many countermeasures. However care must be taken as the potential damage of attacks as well as of unwanted side effects of security measures are very high. Good technical security needs to be considered in every development phase, starting with the training of personnel, during the requirements phase, the design phase, development, testing and also during operations. Technical Security measures should be lightweight and as unintrusive as possible. If they interfere with the daily work of personnel, it is likely that they cause side effects or that they are bypassed. It is important to have a balanced approach that integrates all aspects of IT security in order to avoid building high protection on one side and allowing the attacker to easily gain access on the other side. The security of medical devices cannot be defined without looking at the whole environment where they are running (systems they connect to, systems for configuration, persons that connect to, their awareness, etc.) It is important to accept that attacks can happen and will happen. This means that health care must build up detection and reaction capabilities in order to minimize the damage.
Ambitions of future information and communication technology in health
The recognition of cyber-security challenges and the optimization of cyber-security defenses must consider several evolving features of the social and economic landscape around data. First of all, health-relevant information can potentially be inferred from a variety of new sources. Reconstructing a person’s overall health situation and prospects from the myriad of facts represented in her “digital phenotype” is necessary to preserve the holistic view of the person at the center of medicine. Second, each source of data can be made available for different uses (e.g. health, wellness, philanthropy, public health) and each use comes with specific cybersecurity and privacy risks attached.
Challenges and new developments
Cybersecurity is a technological arm race between socio-technical weapons and defenses. The increasing amount, capacity, and heterogeneity of connected systems steadily generate new vulnerabilities, forcing affected stakeholders to renegotiate the existing level of cybersecurity constraints. Different decision-makers and affected stakeholders must be coordinated in order to generate, and make socially acceptable, an adequate level of economic investment and unavoidable sacrifices of usability and privacy. Without an appropriate coordination of stakeholders, cybersecurity strategies risk becoming ineffective, or worse, backfire. Achieving such coordination is itself a new socio-technical challenge for which new forms of governance should be developed.
More information about the goals and the participants can be found in the Workshop Report of Foundation Brocher.