DiMe at DEF CON 27: What We Can Learn from the Security Research Community
At the BioHacking Village at DEF CON this weekend, the Digital Medicine Society (DiMe) won the Research Competition after pitching our vision for the future of digital medicine to a panel of judges from several industry companies: Abbott, BD, EY, Siemens, and Thermo Fisher. Fellow award winners included Ember.Bio for their work developing RXN wristbands and Mindseye Biomedical.
This award symbolizes much more than DiMe’s growing impact in the field of digital medicine. It reflects the security research community’s dedication to collaborating with the medical device industry and ensuring the safety of new health technologies — themes reinforced by the event talks, labs, and attendees.
The Medical Device Industry is Embracing Security Researchers
This year the BioHacking Village, in collaboration with the FDA and I Am The Calvary, hosted the the Medical Device Village, a mock hospital with extensive opportunities for hands-on hacking that brought collaboration to life on the conference floor. This living lab, designed to simulate medical technologies in the hospital environment, made 40 medical devices available for security researchers to learn and build their skills alongside patients, medical device manufacturers, hospitals, the FDA, and others. These 40 medical devices were an eight-fold increase on the five devices available to security researchers at last year’s event.
Security Researchers are Critical to Digital Medicine
Digital medicine tools offer unrivaled potential for accelerated research, improved outcomes, and more personalized medicine, but without strong security practices, there are substantial new privacy and security risks to individuals. We must embed security research throughout all phases of development and implementation to ensure that the digital tools we are using are indeed trustworthy.
Collaboration in Action
The security research community welcomed several members of DiMe to the BioHacking Village. Eric Perakslis described the critical role of security experts in his campaign against medical misinformation; Andrea Downing relayed the risks to online patient support groups highlighted by her organization, the Light Collective; and all attendees were inspired by the leadership of BioHacking Village Executive Director and DiMe Strategic Advisory Board member Nina Alli.
In addition, several members of the FDA returned to this year’s BioHacking Village. Along with Seth Carmody, DiMe Scientific Leadership Board member Suzanne Schwartz attended all of Black Hat, BSides Las Vegas, and DEF CON last week, forging meaningful relationships with experts in the field and presenting alongside security researchers, device manufacturers, and clinicians.
This is consistent with regulatory engagement with initiatives such as #wehearthackers and the integration of security experts into FDA’s Medical Device Cybersecurity Program through the U.S. Department of Health & Human Services’ Entrepreneurs-in-Residence program. Regulators also took the time to highlight their upcoming Patient Engagement Advisory Council meeting on September 10 where the Committee will discuss and make recommendations on the topic “Cybersecurity in Medical Devices: Communication That Empowers Patients.”
I left the BioHacking Village humbled by the security research community’s commitment to the privacy, security, and safety of patients and individuals. I also walked away intrigued and inspired by its commitment to collaboration. There’s no doubt in my mind: It is critical that we embrace the security research community in advancing the field of digital medicine, just as they welcomed us this weekend. It’s time to work together to define a patients first approach to managing software safety and security vulnerabilities in digital medicine.