Podcast: Threat Modeling and Frameworks for Cybersecurity in Connected Healthcare Ecosystems

Re-Think Health Podcast Series Season 2


[toggle title=”View Transcript” state=”close”]

Maria Palombini
Hello, everyone, and welcome to season two of the IEEE SA rethink health podcast series. I’m your host Maria Palombini and I lead the IEEE SA Healthcare and Life Sciences Practice. Coming off the premiere season introducing some of the more inspiring technology compelling us to rethink the approach to better care for all, this season, we will focus a little bit more on the growing threat that could impede the trusted adoption of these great technologies and applications. And we’re going to bring experts from all corners of the globe to talk about the regulatory technical application side for connected healthcare systems and where cybersecurity is the pediment to getting trusted adoption. When we look at all the IoMTs, the artificial intelligence, the blockchain, or traditional health wearables. Today, I’m very excited to have with me, Florence Hudson, she’s going to be talking about the growing challenges and alternative ways to address cybersecurity in a connected healthcare system.

Florence Hudson
Thank you, Maria, for that wonderful introduction. I’m delighted to be here today and to be able to speak with all of you about this very important topic, and also to share opportunities for you to consider how you can participate from anywhere around the world to join us in this effort. I’m the Executive Director of the Northeast Big Data Innovation Hub headquartered at Columbia University in New York. I lead one of four big data innovation hubs funded by the US National Science Foundation. And we are a collaboration hub, a community convener and a catalyst for data science innovation. And as you know, in connected healthcare, it’s all about the data. How can you leverage the data? How can you move the data? How do you access information about the patient, and the medical records? And then how do you keep everything secure and protect the patient? So that’s one of the key areas we’re focused on. In the Northeast Hub, we partner with the other three NSF Big Data Innovation Hubs around the country, and through IEEE and other activities like our COVID Information Commons and partners to extend our reach around the world.

And I’m very fortunate to be the chair for the IEEE UL, which is IEEE and Underwriters Laboratories working together. Our P2933 Standards Working Group on Clinical Internet of Things Data and Device Interoperability with TIPPSS.

Maria Palombini
And for those of you who don’t know what TIPPSS means, it’s trust, identity, privacy, protection, safety, and security.

Florence Hudson
And TIPPSS is a framework that we envisioned with IEEE, actually in February 2016, at an end to end Trust and Security for the Internet of Things workshop at George Washington University in Washington, DC. And we’ve made tremendous progress since then, on better understanding the challenges and risks and connected healthcare and clinical IoT related to TIPPSS. And what we’re doing as a standards working group is envisioning the technical and process standards that we can recommend to improve the trust identity, privacy, protection, safety and security, with the purpose to enable secure data sharing, and connected healthcare that improves healthcare outcomes while protecting patient privacy and security, and mitigating risks in data and patient protection and safety. Everything is hackable. So all this great technology we’re using also creates risks. So anyone who wants to join us, they can. You can look up IEEE P2933. You don’t have to be an IEEE member. And it’s free to join.

Maria Palombini
Well, thank you very much for it. So when I first met Florence, and we were sitting I believe in a car in a taxi together, Florence happened to share with me that she was an aeronautics engineer. And I’m looking at her, I’m like, do you know how the planes work kind of thing? And she was like yeah. But now you’ve gone into health care. So maybe you could share a little bit what motivates your passion to be involved on the healthcare side of things?

Florence Hudson
I’m really trying to protect the humans very honestly. My mother died the day I was born. And of course, I couldn’t protect her then. So I’m always trying to keep humans alive. It’s just a general need that I had. And I know being a technologist that the connected healthcare devices are hackable, the data is hackable, the sensors are hackable, the actuators are hackable, there’s way too much bad stuff that can happen. I feel like it’s our responsibility as the technologists and the providers and people who care for patients to work together to keep the patient safe, as well as to leverage technology and data to improve healthcare outcomes.

Maria Palombini
We are collaborating on a five part virtual workshop series focused on cybersecurity for a connected global healthcare system. And IEEE SA Healthcare and Life Sciences Practice, the P2933 group, and the Northeast Big Data Innovation Hub are all collaborating to present the series. So what do you envision as the objectives and goals of this five part premier series that we’re doing in 2021?

Florence Hudson
So at the Northeast Big Data hub, we actually have a cybersecurity risk initiative. And we have an award. Some funding that goes along with that. And we did an initial workshop about a year and a half ago. And we talked about Internet of Things. we talked about clinical IoT, and then some other aspects. I decided that because I’m leading the P2933 Working Group and working so closely with you and IEEE Standards Association, that this is a great opportunity to go deeper. It ties in so well with the health focus area at the hub with a responsible data science focus area at the Hub. Before I took this role at Columbia, and the Northeast Hub, I was actually working for the NSF Cybersecurity Center of Excellence, Indiana University. So this is like my zone.

What I want to do is to help us work together to increase awareness about these challenges, these TIPPSS, challenges and trust, identities, security, and privacy and safety, and then help us work together to address these challenges. So through these workshops, we want to invite everyone who can to participate. Then what we want to do is funnel our work from workshop to workshop and then into the standards efforts.

So as an example, the first workshop, which is the global connected healthcare, cybersecurity risks and roadmap workshop, will have us talking about the specifics of security. And then what are the other elements, what’s going on with privacy and ethics? What about interoperability? We actually lay the groundwork. What are the challenges? What could a potential roadmap look like? What could we possibly do in the future?

We look at where we are, and we envision where we could go. The next workshop is privacy, ethics and trust and connected healthcare, which is a very important topic, a lot of new policy and regulation is coming out. And it’s very related to security, because you need the security for privacy. So it’s very connected. But we want to go deep on the privacy as well as the ethics and the trust related to that. Then the next workshop, building what we continue to build is on data and device identity, validation, interoperability, and connected healthcare, when we’ll talk about how do we maintain trust; how do we validate identities of the devices and the humans and then working with each other; should this device trust that device, should trust that human, should that human trust that device. There’s a lot to think about. That would be the third workshop. The fourth workshop is around connected healthcare Integrated Systems Design bringing this all together, what does this whole picture look like; how do we leverage artificial intelligence machine learning to potentially improve the integrated system design, identify potential risks, and then do something about it. And then the one in November is connected healthcare technology and policy considerations. In our first workshop in February 2016, where we created the TIPPSS framework, we actually had an IEEE technology workshop, a technical workshop in security for IoT. he next day, we had this Etap workshop, which is for experts in technology and policy. And so our vision here is to get more of the policy people involved, then we would have people from all around the world and regional experts as well regarding GDPR in the EU, HIPAA or new things in the US and other areas. We can talk about the technology and policy considerations from multiple perspectives, and then decide from there what would our recommendations be? Do we actually want to have deeper discussions at a regional level because the policy is so different, and those are the type of things that we can work together.

We want this to be very collaborative, where we’re identifying the problems together, and identifying potential solutions together, and then funneling that into some of the standards work if people would like to get more involved.

Maria Palombini
All of the workshops will be available on demand. If we cannot join us on the live date, we can definitely make sure you catch us on demand and all the information is available on the cybersecurity workshop series website, which is accessible from the IEEE SA Healthcare Life Sciences site, just click on cybersecurity workshop series. How do you think this workshop series can really move the issue on cybersecurity?

Florence Hudson
What we decided is that we would have the first workshop to kind of talk about the overall connected healthcare cybersecurity risks, then roadmap, but then go deep in each workshop so that we can pull it apart. Look at the problem, find the right tail and the right wing and then put it together with the fuselage and make it fly with the standards working group P2933. We welcome people to funnel into that with us. And we’re hoping we find new people to come in and add to the solution.

Maria Palombini
If people want to get involved, what would you say to them? Like, why should someone who’s an expert in any of these fields want to be a part of this particular workshop?

Florence Hudson
That’s a great question. I’ll give you an example of someone we’re very excited who is involved with us in our region in the northeast, Julian Goldman, who’s at Mass General in the Boston area, as well as at Harvard. And so he’s going to be our keynote speaker in the first workshop. He’s had the integrated clinical environment view that he’s had from a technical perspective while he’s a doctor, and we hope that as they come in, they’ll be able to leverage their expertise as a device manufacturer. One of our vice chairs of P2933 is William Harding, who is in the Technical Fellows Leadership Program at Medtronic. Another one of our vice chairs is on the provider side. He’s the chief information security officer at Indiana University Health, Mitch Parker. Our secretary is at Draeger Medical Systems, Ken Fuchs. We have people from Cerner, we have people from all sorts of organizations. So you can all be part of the solution because we all see a different part of the problem, looking at the elephant overall for the series. The learning outcomes include understanding the risks and threat vectors and connected healthcare and IoT systems, advanced technologies that can be leveraged, as we discussed to address these risks and societal challenges. And then standards efforts in related technology and policy opportunities to address the risks. So it’s really understanding the challenges, and then seeing how you could actually get involved to be part of the solution. Registration is free. We look forward to engaging our region as well as the world in this challenge and opportunity together.

Maria Palombini
Thank you so much, Florence. And I want to thank everybody for tuning in. This is obviously an area of important interest for any single person, any patient that’s interested in this area, you can access information about the global workshop series off the IEEE SA Healthcare Life Sciences Practice site, which is easily accessible at ieeesa.io/rethink. And with that again, Florence thank you for joining me and we look forward to seeing you in one of our workshop series this coming year.


In healthcare, is IoMT the Internet of Medical Things or the “Internet of Many Threats”? We are now in a whole new norm with globally connected healthcare bracing for increasing cyber data breaches.

Listen to the premiere episode of Season 2 featuring Florence Hudson, Executive Director of Northeast Big Data Innovation Hub, as she explains the need for addressing cybersecurity, together with the IEEE SA Healthcare and Life Sciences Practice, a global program encompassing open collaborative innovation, systems thinking, and trust security solutions to generate, capture, and secure value in the globally connected healthcare system.

Related Resources:

About the Guest:

Re-Think Health Podcast Guest Florence Hudson

Florence Hudson is the Executive Director of the Northeast Big Data Innovation Hub. She is also the Chair of IEEE P2933 Clinical IoT Data and Device Interoperability with the TIPPSS Working Group.

“I am passionate about protecting human life with improved TIPPSS – trust, identity, privacy, protection, safety, and security for connected healthcare,” Hudson says.

Follow Florence Hudson on LinkedIn.

Share this Article