Cybersecure Health Technology Design | Simon Nam Thanh Vu & Ziru Li
Partners
DTU Center for Security, Danish Health Technology Startups, Nordic Startup Organisations
Process
Literature Review, Interviewing, Design Workshops, Participatory Design, Digital Prototyping
DTU Center for Security, Danish Health Technology Startups, Nordic Startup Organisations
Process
Literature Review, Interviewing, Design Workshops, Participatory Design, Digital Prototyping
While innovative health technologies from step-counting smartwatches to artificially intelligent pacemakers have the capacity to change our lives for the better, the success of these tools and systems hinges increasingly on their cybersecurity. In 2022 alone, the sensitive health data of 9.7 million Australian citizens was compromised, the U.S. Food and Drug Administration provided new warnings about medical device vulnerabilities risking direct harm to patients, and two-thirds of healthcare organisations surveyed worldwide reported that they were subject to ransomware attack.
Cybersecurity concerns are therefore of increasingly critical importance for health technology developers, and health professionals alike. Cybersecure health technology development is yet itself however an increasingly complicated and multi-faceted task. While computer scientists have in recent years expressed growing awareness of the cultural component of this technical challenge, how health technologies are developed is also changing. Innovation is today increasingly often driven by startup companies, about whose cybersecurity efforts we know less, whom might be most at risk, and whom might benefit most from technological solutions tailored to their unique needs and experiences.
This challenge, Simon Nam Thanh Vu and Ziru Li seized the opportunity to address in the work of their MSc thesis. Adopting an interdisciplinary, participatory approach, Simon and Ziru engaged 17 engineers, founders and executives of nine Danish health technology startups in interviews and workshops for the purpose of developing new insight into just how Danish health technology startups navigate the growing cybersecurity challenge. Analysis of these research efforts contributed new knowledge of startups’ perceptions of cybersecurity as while essential often elusive, one amongst many priorities, and frequently a self-taught discipline.
Working closely with mobile app, AI diagnostics and medical device technology developers, Simon and Ziru in turn leveraged this new knowledge to inform the design of a diverse variety of novel technological solutions to support an increasingly security-conscious approach to health technology development. Following thorough discussion, ideation and testing of prototypes, a bespoke Self Assessment Platform was chosen as the concept for implementation.
This tool to support increased cybersecurity awareness and preparedness among health technology startups generates a tailored ranking of cybersecurity recommendations based on companies’ goals, resources, areas of expertise and confidence in diverse cybersecurity domains — encouraging team members to continually improve their startups' cybersecurity through a range of gamified features from badges and leaderboards to tailored visual representations of actionable initiatives. Expert evaluation by six senior cybersecurity professionals deemed this tool novel, feasible and notably accessible to new and smaller-scale companies, with the potential to meaningfully impact startups’ capacity to develop increasingly cybersecure health technologies.
Cybersecurity concerns are therefore of increasingly critical importance for health technology developers, and health professionals alike. Cybersecure health technology development is yet itself however an increasingly complicated and multi-faceted task. While computer scientists have in recent years expressed growing awareness of the cultural component of this technical challenge, how health technologies are developed is also changing. Innovation is today increasingly often driven by startup companies, about whose cybersecurity efforts we know less, whom might be most at risk, and whom might benefit most from technological solutions tailored to their unique needs and experiences.
This challenge, Simon Nam Thanh Vu and Ziru Li seized the opportunity to address in the work of their MSc thesis. Adopting an interdisciplinary, participatory approach, Simon and Ziru engaged 17 engineers, founders and executives of nine Danish health technology startups in interviews and workshops for the purpose of developing new insight into just how Danish health technology startups navigate the growing cybersecurity challenge. Analysis of these research efforts contributed new knowledge of startups’ perceptions of cybersecurity as while essential often elusive, one amongst many priorities, and frequently a self-taught discipline.
Working closely with mobile app, AI diagnostics and medical device technology developers, Simon and Ziru in turn leveraged this new knowledge to inform the design of a diverse variety of novel technological solutions to support an increasingly security-conscious approach to health technology development. Following thorough discussion, ideation and testing of prototypes, a bespoke Self Assessment Platform was chosen as the concept for implementation.
This tool to support increased cybersecurity awareness and preparedness among health technology startups generates a tailored ranking of cybersecurity recommendations based on companies’ goals, resources, areas of expertise and confidence in diverse cybersecurity domains — encouraging team members to continually improve their startups' cybersecurity through a range of gamified features from badges and leaderboards to tailored visual representations of actionable initiatives. Expert evaluation by six senior cybersecurity professionals deemed this tool novel, feasible and notably accessible to new and smaller-scale companies, with the potential to meaningfully impact startups’ capacity to develop increasingly cybersecure health technologies.
Publications
Li, Z., Vu, S. N. T., Dragoni, N., & Doherty, K. (2023, April). Accomplishing More With Less: The Practice of Cybersecure Health Technology Design Among Danish Startups. CHI EA’23 (pp. 1-8). ACM. LINK
Li, Z. & Vu, S. N. T. (2022, June). CyberSecure Health Technology Design. Joint Design & Innovation and Computer Science & Engineering MSc Thesis submitted to the Technical University of Denmark.
