Presentation
CANCELED - Human-Centered Cybersecurity: Balancing Usability and Security in Medical Device Design
SessionPoster Session 2
DescriptionAs medical devices become increasingly connected, the intersection of cybersecurity and human factors engineering (HFE) grows more critical. While both disciplines aim to reduce risk and improve safety, their priorities can conflict—security teams may enforce strict protocols, while product teams prioritize usability for clinicians and patients operating under pressure.
Real-world breaches highlight the stakes. The 2024 Change Healthcare attack exposed data from 190 million individuals due to weak authentication. Vulnerabilities in insulin pumps and pacemakers have shown how poor design and insecure communication can lead to life-threatening risks.
Our work investigates how cybersecurity, human factors, and product development teams can collaborate to design secure yet usable systems. Through conversations with medical device companies, we identified practical strategies like context-aware authentication—allowing faster login in clinical settings while enforcing stricter controls externally. Another example we encountered involved determining which elements users should be able to access without logging in. We learned about the processes implemented by DreaMed Diabetes, whose diabetes management platform uses a smart algorithm to analyze data and optimize insulin management. Their approach considers cybersecurity risks across their varied user types, patients, clinicians, and clinic administrators.
We also collaborated with cybersecurity professionals at Snyk, who helped us connect the dots between the risk analysis processes commonly used in cybersecurity and the ones we are familiar with in HFE. Finding common language to describe use-related mitigations and severity scores fosters more effective collaboration.
By integrating HFE into cybersecurity decisions, medical device teams can build systems that are both resilient and user-friendly. This poster offers insights into how collaboration across domains can drive safer, smarter healthcare technology.
Real-world breaches highlight the stakes. The 2024 Change Healthcare attack exposed data from 190 million individuals due to weak authentication. Vulnerabilities in insulin pumps and pacemakers have shown how poor design and insecure communication can lead to life-threatening risks.
Our work investigates how cybersecurity, human factors, and product development teams can collaborate to design secure yet usable systems. Through conversations with medical device companies, we identified practical strategies like context-aware authentication—allowing faster login in clinical settings while enforcing stricter controls externally. Another example we encountered involved determining which elements users should be able to access without logging in. We learned about the processes implemented by DreaMed Diabetes, whose diabetes management platform uses a smart algorithm to analyze data and optimize insulin management. Their approach considers cybersecurity risks across their varied user types, patients, clinicians, and clinic administrators.
We also collaborated with cybersecurity professionals at Snyk, who helped us connect the dots between the risk analysis processes commonly used in cybersecurity and the ones we are familiar with in HFE. Finding common language to describe use-related mitigations and severity scores fosters more effective collaboration.
By integrating HFE into cybersecurity decisions, medical device teams can build systems that are both resilient and user-friendly. This poster offers insights into how collaboration across domains can drive safer, smarter healthcare technology.
Event Type
Poster Presentation
TimeTuesday, March 244:45pm - 6:15pm EDT
LocationRhinelander Gallery
Digital Health