twitter facebook rss

The Hippocratic Oath and the Internet of Things

Posted by on January 20, 2016.

My colleague Stephen Cobb drew my attention to an organization called I am the cavalry whose mission is ‘focused on issues where computer security intersect public safety and human life.’ And in particular, its Hippocratic Oath for Connected Medical Devices. While the idea of an oath for devices may seem to be carrying the idea of the Internet of Things a little too far, the idea is deadly serious. It’s based on a letter sent to the ‘Healthcare Stakeholder Communities’, urging them to:

  • Acknowledge that patient safety issues can be caused by cybersecurity issues;
  • Embrace security researchers as willing allies to preserve safety and trust;
  • Attest to these five foundational capabilities to improve visibility of their Cyber Safety programs;
  • Collaborate now to avert negative consequences in the future.

In other words, to acknowledge the potential for harm to the community generated by insufficient consideration of security with regard to medical devices. The article offers a way in which

Manufacturers and others involved in the chain of care delivery may demonstrate their commitment to cyber safety by attesting to the way they fulfil this oath.

The ‘others’, according to the Oath itself, could be said to include security researchers, patients, device and policy makers, insurers and payers, physicians and care givers, standards organizations, healthcare providers, and government agencies.

I haven’t ‘taken the pledge’ on the web page. Given the ‘hands off’ relationship I have with security research nowadays, I’d feel a little precious doing that. But I can identify with several of those ‘others’ in terms of past careers and life experiences. So it’s good to see that the risks of divergence between medical technology and security are being taken seriously by somebody.

David Harley


2 thoughts on “The Hippocratic Oath and the Internet of Things

  1. Thanks for posting about the Oath, David. We felt like _everybody_ should be taking these risks seriously, and not letting fear deny us the best medical care available. If you feel like you can’t take the oath as a security researcher, you can take it as an individual citizen pledging your support. You may be a patient one day, and can hopefully weigh among alternative treatments fully informed.

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: David Harley | Tags: , , , ,