GUEST COLUMN:
Gethin Roberts
Managing Director
Iterate
When it comes to product development, particularly in health technology, cybersecurity is often an afterthought.
But this oversight can lead to vulnerabilities which prove very costly and challenging to address later on.
At Iterate, we emphasise the importance of incorporating cybersecurity considerations from the very beginning of the product development process.
This proactive approach not only protects patient data but also enhances the overall reliability and trustworthiness of the healthcare technology.
A recent project we undertook highlights the critical importance of early cybersecurity integration. We were developing a device for rapid sepsis diagnosis, a tool that could potentially save lives by providing quick and accurate results. However, the device needed to handle sensitive patient data, which necessitated a robust cybersecurity framework.
From the initial stages of creating the product specification and design concepts, we worked closely with our client to address potential security threats. We needed to understand the electronic architecture and how it could be exploited by malicious actors. This early focus on security ensured that the device was designed with data protection in mind, minimising the risk of any data breaches.
In the case of our sepsis diagnosis device, we aimed to minimise the amount of patient data handled directly by the device. Instead, we focused on securely transmitting data from the device to a central storage unit within the NHS. This approach reduced the potential points of vulnerability and ensured that sensitive data was managed within a controlled environment.
Understanding the electronic architecture of the product is crucial.
This involves specifying the electronic hardware and determining what data needs to be captured and how it will be communicated. By carefully planning the data flow and incorporating encryption and other security measures, we can protect the data throughout its lifecycle.
Often, our clients may not initially consider the security implications of their product. It is our responsibility to guide them through this process, ensuring that cybersecurity is a fundamental part of the product design. This collaboration helps create a more secure product that meets both functional and security requirements.
One of the primary challenges we face is the client's initial lack of focus on cybersecurity. Many healthcare companies come from a medical background rather than a technological one, and their expertise lies in clinical practice rather than IT security. To address this, we provide education and support, helping clients understand the importance of cybersecurity and how it can be integrated into their product development processes.
By considering cybersecurity at the outset of product development, we can “bake in” security features that protect patient data and enhance the product's overall safety and efficacy. This proactive approach reduces the risk of costly security breaches and ensures that new health technologies can be trusted by both healthcare providers and patients.
If you’d like to know more about getting your team skilled in cyber, take a look at Cyber Innovation Hub’s short, hands on upskilling courses
