While innovative health technologies from step-counting smartwatches to artificially intelligent pacemakers have the capacity to change our lives for the better, the success of these tools and systems hinges increasingly on their cybersecurity. In 2022 alone, the sensitive health data of 9.7 million Australian citizens was
compromised, the U.S. Food and Drug Administration provided
new warnings about medical device vulnerabilities risking direct harm to patients, and two-thirds of healthcare organisations surveyed worldwide reported that they were subject to
ransomware attack.
Cybersecurity concerns are therefore of increasingly critical importance for health technology developers, and health professionals
alike. Cybersecure health technology development is yet itself however an increasingly
complicated and
multi-faceted task. While computer scientists have in recent years expressed growing awareness of the
cultural component of this technical challenge, how health technologies are developed is also changing. Innovation is today increasingly often driven by
startup companies, about whose cybersecurity efforts we know less, whom might be most at risk, and whom might benefit most from technological solutions tailored to their unique needs and experiences.
This challenge, Simon Nam Thanh Vu and Ziru Li seized the opportunity to address in the work of their MSc thesis. Adopting an interdisciplinary, participatory approach, Simon and Ziru engaged 17 engineers, founders and executives of nine Danish health technology startups in interviews and workshops for the purpose of developing new insight into just how Danish health technology startups navigate the growing cybersecurity challenge. Analysis of these research efforts contributed
new knowledge of startups’ perceptions of cybersecurity as while essential often elusive, one amongst many priorities, and frequently a self-taught discipline.
Working closely with mobile app, AI diagnostics and medical device technology developers, Simon and Ziru in turn leveraged this new knowledge to inform the design of a diverse variety of novel technological solutions to support an increasingly security-conscious approach to health technology development. Following thorough discussion, ideation and testing of prototypes, a bespoke
Self Assessment Platform was chosen as the concept for implementation.
This tool to support increased cybersecurity awareness and preparedness among health technology startups generates a tailored ranking of cybersecurity recommendations based on companies’ goals, resources, areas of expertise and confidence in diverse cybersecurity domains — encouraging team members to continually improve their startups' cybersecurity through a range of gamified features from badges and leaderboards to tailored visual representations of actionable initiatives. Expert evaluation by six senior cybersecurity professionals deemed this tool novel, feasible and notably accessible to new and smaller-scale companies, with the potential to meaningfully impact startups’ capacity to develop increasingly cybersecure health technologies.