HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Hippocratic Oath for Connected Medical Devices Required, says Cybersecurity Association

A cybersecurity volunteer association has written an open letter to healthcare industry stakeholders calling for the adoption of a Hippocratic Oath for connected medical devices. I am the Cavalry says the move would better protect the privacy of patients and ensure their safety.

The growing risk of cyberattack coupled with the inherent security vulnerabilities present in many medical devices prompted I am the Cavalry to pen the letter. It is believed that while medical devices allow life-saving therapies to be provided to patients, greater efforts must be made to ensure the data they record are kept secure. Additional safeguards must also be incorporated to ensure the devices cannot be hacked. It is believed that a Hippocratic Oath for connected medical devices would help in this regard. The group also claims that such a measure would serve to preserve trust in the healthcare industry and would help to improve the safety of the devices.

The aim is to encourage developers of medical devices to implement a host of safeguards to ensure their devices are resilient to attack and, as far as is possible, are incapable of being manipulated by cybercriminals and adversaries of a connected environment.

The group says that connected medical devices contain inherent security vulnerabilities which could potentially allow the devices to be manipulated by attackers. This could have catastrophic consequences for patients. A cyberattack on one of those devices could see ransomware installed, software changed to harm a patient, or confidential medical data obtained by criminals and used to harm patients.

Please see the HIPAA Journal Privacy Policy

Since the devices are used as instruments to deliver care to patients, the group feels that “the design, development, production, deployment, use, and maintenance of medical devices should follow the symbolic spirit of the Hippocratic Oath.”

The group has proposed that all entities in the chain of care from the design and manufacture of the devices to their use to provide care to patients should do all in their power to ensure patients are not placed at unnecessary risk. The letter suggests those entities and individuals should publish an attestation of commitment to this effect.

I am the Cavalry proposes that the Hippocratic Oath for connected medical devices must include the following core cybersecurity capabilities:

Essential Elements of a Hippocratic Oath for Connected Medical Devices


According to the association, patients may choose not to have the best possible care out of fear that medical devices would place them at risk. It is believed that a Hippocratic Oath for connected medical devices would help to allay those fears and give patients greater confidence in healthcare technology.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.