Where connected medical systems, clinical AI, and athlete biometric technology actually fail — not in theory, but in the moment when the decision still has to be made. Built from 28 years of clinical reality and lived device dependency.
Hospitals and homes are full of connected devices that keep people alive. What happens when those devices fail — or get hacked? Explore real scenarios and make real decisions.
At 2am in the ER, I'm not waiting on a dashboard. Healthcare doesn't pause for data validation. Our security frameworks need to stop assuming it does.
Imagine you're a nurse at 2am. A patient needs help right now. You don't have time to wait for a computer to tell you what to do. You have to make a decision in seconds. That's why health technology security matters — people's lives depend on it working correctly.
Most healthcare cybersecurity focuses on protecting data. This lab focuses on what happens when the technology keeping a person alive fails — in real time, under real conditions, with real consequences that no framework fully accounts for.
I never left healthcare. I learned to defend it. I teach it, I live it, I build it, and I'm learning how attackers see it — so I can protect patients better than anyone who only knows one side.
Battery indicator reports full charge. Device loses power within minutes. No backup source. Power infrastructure unstable.
A machine that helps someone breathe says its battery is full — but it's not. When the power goes out, the machine stops working after less than 3 minutes. What went wrong?
A portable oxygen concentrator pulls oxygen from the air and delivers it through a tube to someone who needs help breathing. People with pulmonary hypertension (PAH) depend on these 24/7. The device this scenario is based on is real — it belongs to the person who built this lab.
If this were a smartphone, we'd expect a low battery warning at 20%, 10%, and 5%. Why don't life-critical medical devices have the same protections?
Real-time battery health telemetry with verified discharge testing. Mandatory backup protocols for single-source oxygen-dependent patients. Infrastructure dependency mapping for high-risk home medical devices. Emergency registry enrollment at local utility and fire department level.
The device should send a real warning when battery health is low. Patients who depend on oxygen 24/7 should always have a backup plan. Local fire departments should know which homes have oxygen-dependent patients.
AI triage scores patient low acuity. Clinician overrides based on observation. System flags the override as anomalous.
A computer program says a patient isn't very sick. But the nurse can see something is wrong. She overrides the computer — and turns out to be right. But then the computer marks her decision as a mistake. Who was actually wrong?
Hospitals use AI programs to help decide which patients need care the fastest. The AI reads structured data — like test results and typed symptoms. But it can't see what a trained nurse sees: skin color, work of breathing, whether a patient looks scared. That's called clinical intuition — and it takes years to develop.
Should a computer ever be able to overrule a trained medical professional? What should the relationship between AI and human experts look like in healthcare?
Override logging that distinguishes expert judgment from error. Model retraining governance requiring human review. Mandatory human-in-the-loop thresholds for high-acuity clinical AI. Regular red-team exercises against experienced clinician baseline.
The computer should recognize when an experienced nurse overrides its decision and treat that as valuable information — not a mistake. AI in healthcare should always support human experts, never replace them.
Networked pump receives unauthorized parameter update during active medication delivery. Nurse managing four other patients simultaneously.
A hacker gets into the hospital's network and changes the settings on a machine giving a patient medicine. The nurse is too busy to notice right away.
An infusion pump delivers medicine directly into a patient's bloodstream at a precise rate. Getting the rate wrong by even a small amount can be dangerous. Modern pumps connect to hospital networks so nurses can update settings centrally. That convenience also creates a security risk.
This is why healthcare cybersecurity isn't just about protecting data — it's about protecting people's lives. A hacker in a hospital network could change how medicine is delivered to patients.
Mutual TLS authentication for all pump updates. Real-time anomaly detection on rate changes. Clinical workflow-aware alerting. Mandatory FDA MedWatch reporting integration.
The pump should require a verified key before anyone — or any computer — can change its settings. Any change should immediately alert the nurse at the bedside.
Before attackers touch a network, they watch it. What they find in 30 minutes would surprise most security teams.
Your Apple Watch says you're fine. The clinical system believes it. The coach clears you to play. You are not fine. Two perspectives — same failure, different stakes.
Smartwatches and fitness trackers measure your heart rate, oxygen levels, and activity. But what if someone could fake that data? What decisions would get made based on wrong information?
This is the scenario that bridges healthcare and sports technology. Same device. Same biometric data. Two entirely different contexts — both with life-threatening stakes. The gap between consumer wearable and clinical medical device is where attackers operate, and where no current framework draws a clear line. See the full Sports Tech lane →
Consumer wearables like the Apple Watch now include medical-grade sensors — ECG, blood oxygen (SpO2), heart rate variability, fall detection, and irregular rhythm notifications. These devices are increasingly used in clinical decision-making and athlete performance monitoring. The data they generate is trusted. That trust is the attack surface.
Data integrity verification at every point in the wearable-to-EHR pipeline — not just transmission encryption, but authenticity verification of the data itself. Clear regulatory boundaries on when consumer wearable data can be used for clinical decision-making. Anomaly detection that compares wearable data against in-person vitals. Sports medicine protocols that require human clinical confirmation before automated clearance decisions. The gap between consumer wellness device and clinical medical device is where attackers live — and no current framework addresses it adequately.
Any data used to make medical decisions needs to be verified as real — not just transmitted securely, but confirmed as authentic. A doctor or athletic trainer should never rely solely on wearable data without a human check. This is a career opportunity for the next generation of health technology professionals.
The EHR is locked. The patient is crashing. 90 seconds. No medication history. This is not a drill.
Connected to the internet. Receives automatic firmware updates via the myAir remote monitoring platform. Documented CVEs exist on this exact device. The patient depending on it is also the analyst who built this lab.
A CPAP machine that helps someone breathe at night connects to the internet to send sleep data to doctors. But that same connection can also receive software updates — and if an attacker gets in, they could change how the device works while the patient is asleep.
The ResMed AirSense 11 AutoSet is a CPAP machine that connects to ResMed's myAir cloud platform via cellular or WiFi. It transmits nightly sleep therapy data and can receive remote configuration changes from clinicians. It also receives automatic firmware updates. This scenario is built from the actual device used by the person who created this lab.
The person who built this lab uses a ResMed AirSense 11 every night. She also has pulmonary hypertension that makes breathing more difficult. This scenario isn't theoretical — it's personal. That's what makes healthcare cybersecurity different from any other security work.
Mandatory patient notification and consent before any remote firmware update on a home medical device. Cryptographic code signing with independent verification before update acceptance. Anomaly detection on therapy parameter changes post-update. FDA-mandated Software Bill of Materials (SBOM) for all connected home medical devices. Patient-accessible audit log of all remote device interactions.
Before any medical device gets a software update while a patient is using it, the patient should be notified and agree — just like how your phone asks before installing updates. The update should be verified as coming from the real manufacturer.
A cognitively impaired patient living at home relies on a connected ecosystem of smart sensors, GPS tracking, automated medication dispensers, and telehealth platforms. Each device is a lifeline. Each connection is a potential failure point. The patient cannot self-advocate when the system fails.
More people with memory conditions like Alzheimer's can live at home with connected devices. But what happens when those devices fail, get hacked, or stop working? The patient often can't tell anyone something is wrong.
According to the 2025 WHO report on dementia and digital health, AI-powered diagnostic tools, smart home monitoring sensors, GPS tracking devices, telehealth platforms, automated medication dispensers, and robotic companion devices are now core components of modern dementia home care. These technologies are almost entirely unsecured from a cybersecurity standpoint.
According to the WHO, over 55 million people worldwide live with dementia. This is one of the most important unsolved problems in healthcare cybersecurity today — and almost nobody is working on it.
A dedicated security framework for connected home care ecosystems serving cognitively impaired patients — distinct from hospital IoMT frameworks because the patient cannot self-advocate. Mandatory network segmentation between home care devices and general household WiFi. Caregiver alert integrity verification. The 2025 WHO report on digital dementia care identified connected monitoring as transformative — but makes no mention of cybersecurity. That gap is the problem.
Home care devices for people with dementia need their own security rules — because the patient can't tell anyone when something goes wrong. Right now, very few people are working on this problem. That could be you.
A compromised continuous glucose monitor transmits falsely normal readings. An endocrinologist makes an insulin dosing decision on manipulated data. The patient never knew the signal was wrong.
Select a scenario — read the situation — make the call.
Read the situation carefully. Pick the best response. Learn from every answer.
Real incidents. Real patient impact. Real framework gaps. Ransomware attacks on hospitals are attacks on human life — not just data.
| Organization | Date | Attack Vector | Patient Impact | Recovery | Framework Gap | Severity |
|---|
Healthcare cybersecurity is one of the fastest-growing and most underpopulated fields in security. These are the roles that sit at the intersection of clinical knowledge and technical skill — where the real work happens.
Did you know you can have a career that combines healthcare, technology, and protecting people — all at the same time? Which one sounds like you?
Take health classes seriously. Learn basic coding (Scratch, Python). Explore biology and computer science. Ask questions about how technology works.
AP Computer Science. Biology and health science courses. Cybersecurity clubs and competitions (CyberPatriot). Volunteer at hospitals or clinics to understand the environment.
Health Informatics, Cybersecurity, or Biomedical Engineering degrees. Internships at hospitals or health tech companies. Certifications like CompTIA Security+ and HCISPP.
This lab was created by Chaunda C. Dallas, MSIT — healthcare professional and cybersecurity strategist specializing in IoMT risk, medical device security, and clinical AI. She never left healthcare. She learned to defend it.
The scenarios here are not theoretical. They are built from the intersection of clinical expertise and daily device dependency — managing pulmonary hypertension on a portable oxygen concentrator, with a CPAP connected to the internet, and no insurance safety net.
The expansion into sports technology security follows the same logic: wearables worn by athletes carry the same biometric intimacy as medical devices — and face none of the same regulatory scrutiny. That gap is the next frontier. See the full Sports Tech lane →
Featured Defender in the Semperis documentary 'Midnight in the War Room' — premiering at Black Hat USA 2026.
Ms. Chaunda is a healthcare cybersecurity consultant who mentors 200+ women in cybersecurity through WiCyS, and will be featured in a documentary about hospital ransomware attacks at Black Hat USA 2026.