Great follow up article. The open, honest discussion you bring to the table with the willingness to actually discuss and not just angrily argue is a breath of fresh air!
Wow - I love reading your articles. I worked in a clinical lab 20+ yrs (primarily microbiology) b4 moving on to a career in IT but I keep up with a lot. I may have to be a paying subscriber next time I review the paid subscriptions I have and move them around... thanks for making me think more.
When it feels weird, think lobby. The robots lobby is preparing- just my wild guess - for the worst possible event if/when human surgeons are not available.
As a Solutions Architect who spends his days performing forensic audits on systemic blunders like the Stryker wipe, your "autopilot" analogy is the most accurate thing I’ve read all week.
While the "Robotic Surgeons" on LinkedIn are busy defending their shiny hardware, they’re missing the architectural reality: Stryker didn't have a security problem; they had a God-Complex problem. The industry sold us on the "Single Pane of Glass" as a shield, but as I’ve been shouting from the rooftops (and my Substack), a shield is just a heavy weight if the guy holding it drops it on your toes. In this case, the "guy" was a compromised credential, and the "toes" were 80,000 devices—including the very phones and tablets surgeons use to coordinate care—that were factory-reset in a synchronized case of digital Alzheimer’s.
You mentioned the shift to "Autonomous" robotics and cloud-based ecosystems. In my world, we call that Centralized Fragility. We’ve traded local resilience for the convenience of a remote-controlled guillotine. When you connect a surgical robot to a cloud managed by a "Global Admin" who doesn’t even have a physical hardware security key (FIDO2) enforced, you aren't innovating; you're building a high-velocity delivery system for your own destruction.
The "Training Gap" you’re seeing in residents is the exact same thing I see in junior DevOps engineers. They can run a script, but they can't "fly the plane" when the BGP tables melt or the MDM hits the "Wipe" command.
If we don't start treating the "Wipe" command with the same two-man rule and physical key protocols we use for nuclear silos, we’re just one phishing email away from a total clinical blackout.
Keep the "Incision" sharp, Doc. Some of us are in the server room trying to install the brakes before the next "Innovation" flies off the cliff.
James, thank you so much for your reaffirming and supporting my writing. You are correct...many are not appreciating what I am saying. I suspect because they have leaned all in with tech, but are scared now because they (hopefully) realize the vulnerable state they find themselves either in or very close to. My brother and my son are in both in the field of cybersecurity, and are much more knowledgeable than me...but listening to them over the past few years has provided enlightenment on this topic. In fact, I was just with my brother and telling him about the people upset with my post and his direct words to me were, "you are exactly right about the ability to hack into an integrated network". And thank you for the work you are doing to "install the breaks"!
We could have days or weeks of dialog over this. My hope is that my message and all its satire, hits some CISO on the head and wakes them up. My articles always provide a pro tip and this recent one is no different. I only Hope a CISO will take notice to permission plan I laid out and check under the hood of their own business.
Great follow up article. The open, honest discussion you bring to the table with the willingness to actually discuss and not just angrily argue is a breath of fresh air!
Thank you, John. We have to make some changes.
Speaking up matters, especially when patient safety, cybersecurity, and the future of surgical care are at stake.
Wow - I love reading your articles. I worked in a clinical lab 20+ yrs (primarily microbiology) b4 moving on to a career in IT but I keep up with a lot. I may have to be a paying subscriber next time I review the paid subscriptions I have and move them around... thanks for making me think more.
When it feels weird, think lobby. The robots lobby is preparing- just my wild guess - for the worst possible event if/when human surgeons are not available.
Dr. Meneghini,
As a Solutions Architect who spends his days performing forensic audits on systemic blunders like the Stryker wipe, your "autopilot" analogy is the most accurate thing I’ve read all week.
While the "Robotic Surgeons" on LinkedIn are busy defending their shiny hardware, they’re missing the architectural reality: Stryker didn't have a security problem; they had a God-Complex problem. The industry sold us on the "Single Pane of Glass" as a shield, but as I’ve been shouting from the rooftops (and my Substack), a shield is just a heavy weight if the guy holding it drops it on your toes. In this case, the "guy" was a compromised credential, and the "toes" were 80,000 devices—including the very phones and tablets surgeons use to coordinate care—that were factory-reset in a synchronized case of digital Alzheimer’s.
You mentioned the shift to "Autonomous" robotics and cloud-based ecosystems. In my world, we call that Centralized Fragility. We’ve traded local resilience for the convenience of a remote-controlled guillotine. When you connect a surgical robot to a cloud managed by a "Global Admin" who doesn’t even have a physical hardware security key (FIDO2) enforced, you aren't innovating; you're building a high-velocity delivery system for your own destruction.
The "Training Gap" you’re seeing in residents is the exact same thing I see in junior DevOps engineers. They can run a script, but they can't "fly the plane" when the BGP tables melt or the MDM hits the "Wipe" command.
If we don't start treating the "Wipe" command with the same two-man rule and physical key protocols we use for nuclear silos, we’re just one phishing email away from a total clinical blackout.
Keep the "Incision" sharp, Doc. Some of us are in the server room trying to install the brakes before the next "Innovation" flies off the cliff.
James McCabe (ModernCYPH3R)
Principal, JMc Associates, LLC
James, thank you so much for your reaffirming and supporting my writing. You are correct...many are not appreciating what I am saying. I suspect because they have leaned all in with tech, but are scared now because they (hopefully) realize the vulnerable state they find themselves either in or very close to. My brother and my son are in both in the field of cybersecurity, and are much more knowledgeable than me...but listening to them over the past few years has provided enlightenment on this topic. In fact, I was just with my brother and telling him about the people upset with my post and his direct words to me were, "you are exactly right about the ability to hack into an integrated network". And thank you for the work you are doing to "install the breaks"!
We could have days or weeks of dialog over this. My hope is that my message and all its satire, hits some CISO on the head and wakes them up. My articles always provide a pro tip and this recent one is no different. I only Hope a CISO will take notice to permission plan I laid out and check under the hood of their own business.
Progress needs people willing to say the uncomfortable things.