Happy New Year! While it took me a few days to get around to this, I did want to mark the beginning of the new year with at least one blog post here on Cobbsblog. In fact, I have been doing quite a bit of blogging around the turn of the year.
Over on WeLiveSecurity.com I was privielged to present some of the 2014 security predictions from my fellow researchers at ESET. My colleagues in Latin America shone again this year, producing a 30+ page review of malware trends and predictions.
That report very rightly fingered privacy as a hot topic for 2014 and I am heading for Washington, D.C. in a few weeks to be on a panel about data privacy at a Data Privacy Day event at the Pew Charitable Trusts (January 28 is Data Privacy Day).
Predictions are one thing, but what practical good are they? What advice can they generate for IT security managers? I will try to answer that question in a free webinar happening January 15 on ESET's Brighttalk channel.
I made some information security predictions of my own, over on my security blog: scobb's information security blog. That blog was in fact my first, and lately I have been reviving it. My idea for 2014 is to use Cobbsblog for more personal posts, and put my security related posts on scobb's. Of course, in 2014 I will be writing about security on WeLiveSecurity.com as well, but sometimes I have things to say on the topic that don't quite fit there.
And sometimes my thoughts will migrate to other blogs. For example, Graham Cluley liked my prediction about the persistent misrepresentation of antivirus software, and reprinted it (with my permission) on his very information blog.
I wish you a safe and happy 2014 and pledge to do my best to provide you with informative and thought-provoking content all year long.
Bands to watch in 2014: NO doubt about NO
Warning! The link I am about to lay on you starts to autoplay some great music. It's by a band out of Los Angeles called NO and I think they are very good. Of course, this is an old guy talking, but an old guy who had enough love of good music to spend four days in the cold and rain to catch artists like Santana, Led Zeppelin, Frank Zappa, Pink Floyd, Pentangle, and Fairport Convention at the Bath Festival in 1971.
That said, here is the link to NO. And here is a photo of the band I snapped as they were performing "There's a glow" on the rooftop of the Rio in Las Vegas last summer.
The significance of the setting, high above the Vegas strip, comes partly from the opening of the song that goes:
And I have to admit this was not my first time seeing the band live. They played an ESET party in 2012 as well. None of which would matter if the band was just okay. But in fact they are awesome when they play live, managing to create a huge sound without it becoming noise, and often generating powerful emotional tension by restraining that big sound until just the right moment.
In February of 2014 the band releases its first LP, with 7 new tracks on top of the 6 you can hear live on the website. Stay tuned to their site for fresh tour dates and try to catch them live. You won't be disappointed.
That said, here is the link to NO. And here is a photo of the band I snapped as they were performing "There's a glow" on the rooftop of the Rio in Las Vegas last summer.
The significance of the setting, high above the Vegas strip, comes partly from the opening of the song that goes:
There's a glow up over the city the city.The other aspect of significance, apart from the amazing view and the electrified atmosphere of the up-close performance, is that the band is playing at a party thrown by my employer, ESET.
There's a glow up over us all.
And I have to admit this was not my first time seeing the band live. They played an ESET party in 2012 as well. None of which would matter if the band was just okay. But in fact they are awesome when they play live, managing to create a huge sound without it becoming noise, and often generating powerful emotional tension by restraining that big sound until just the right moment.
In February of 2014 the band releases its first LP, with 7 new tracks on top of the 6 you can hear live on the website. Stay tuned to their site for fresh tour dates and try to catch them live. You won't be disappointed.
Free professional security advice for Palestinian hackers
First of all, welcome. I am glad you found this page. Please don't hack it.
Who am I? I am one of many people in the computer security world who have great sympathy for the Palestinian people. We agree with you that the Palestinian people deserve to live in peace. We let our politicians know what we think. We use social media to spread news and awareness of the injustices suffered by the Palestinian people at the hands of Western governments and their allies in the region.
As computer security professionals, we also work hard to protect the privacy and cybersecurity of hundreds millions of individuals around the world. Some of those people are Palestinians. For example, I work at ESET, a company which protects the computers and smartphones of many millions of people in more than 180 different countries. I'm guessing some of them are Palestinian sympathizers.
Recently, some of you have been busy redirecting website traffic AWAY from sites that many people, including some Palestinian sympathizers, rely on for help in protecting their privacy and their data, and TO a page that calls for Palestinian rights. I have to say, I don't think this strategy is helping you, or the Palestinian cause; it hurts law-abiding human beings who use computers and smartphones to make an honest living, to connect with their families, and in some cases, to campaign for peace and justice.
[Note: When I say sympathy with the plight of the Palestinian people, or sympathy with the Palestinian cause, I mean that I think the people of Palestine have been, and are being, treated inhumanely, and that they deserve a secure homeland in which they are free to enjoy the rights and liberties that Americans take for granted. I do not mean that violence against civilians in pursuit of political aspirations is justified: it is not, ever, no matter what side you are on. Yet complacency and apathy in the face of inhumanity and injustice are equally objectionable.]
So, what is my professional advice? Use your computer skills to advance the cause in ways that don't impact innocent digital bystanders. Let me give you an example. This website you are reading right now is hosted on a web server that was hacked a few months ago in the name of freedom for Palestinians. The same web server hosts information about a potentially fatal genetic condition that doctors often fail to diagnose. That website helps a lot of people but it went down because someone thought hacking it would help the Palestinian cause. Did it help? I don't see any evidence that it did. Several kind and generous people had to give up their time to fix the website. Some innocent people in need of helpful information could not get to that information for days.
Did the hack provide any benefit to anyone? Not really. Security experts already know that websites can be hacked, and it is well known that the DNS servers which direct traffic to websites can be messed with. But the more protection that is applied to protect sites and infrastructure, the more expensive and cumbersome the Internet becomes. And I'm guessing you use the Internet for more things than hacking. How about use of the Internet to organize humanitarian aid for Palestine? How about use of the Internet to raise awareness of, and sympathy for, the Palestinian cause? Why not apply your skills and energy to those efforts? Help the people who are trying, or may be persuaded to try, to help you.
No quest for peace and freedom can prosper without a critical mass of support that comes from many quarters. Annoying people who might otherwise be persuaded to support you just seems counter-productive.
Respectfully...Stephen Cobb, CISSP
Who am I? I am one of many people in the computer security world who have great sympathy for the Palestinian people. We agree with you that the Palestinian people deserve to live in peace. We let our politicians know what we think. We use social media to spread news and awareness of the injustices suffered by the Palestinian people at the hands of Western governments and their allies in the region.
As computer security professionals, we also work hard to protect the privacy and cybersecurity of hundreds millions of individuals around the world. Some of those people are Palestinians. For example, I work at ESET, a company which protects the computers and smartphones of many millions of people in more than 180 different countries. I'm guessing some of them are Palestinian sympathizers.
Recently, some of you have been busy redirecting website traffic AWAY from sites that many people, including some Palestinian sympathizers, rely on for help in protecting their privacy and their data, and TO a page that calls for Palestinian rights. I have to say, I don't think this strategy is helping you, or the Palestinian cause; it hurts law-abiding human beings who use computers and smartphones to make an honest living, to connect with their families, and in some cases, to campaign for peace and justice.
[Note: When I say sympathy with the plight of the Palestinian people, or sympathy with the Palestinian cause, I mean that I think the people of Palestine have been, and are being, treated inhumanely, and that they deserve a secure homeland in which they are free to enjoy the rights and liberties that Americans take for granted. I do not mean that violence against civilians in pursuit of political aspirations is justified: it is not, ever, no matter what side you are on. Yet complacency and apathy in the face of inhumanity and injustice are equally objectionable.]
So, what is my professional advice? Use your computer skills to advance the cause in ways that don't impact innocent digital bystanders. Let me give you an example. This website you are reading right now is hosted on a web server that was hacked a few months ago in the name of freedom for Palestinians. The same web server hosts information about a potentially fatal genetic condition that doctors often fail to diagnose. That website helps a lot of people but it went down because someone thought hacking it would help the Palestinian cause. Did it help? I don't see any evidence that it did. Several kind and generous people had to give up their time to fix the website. Some innocent people in need of helpful information could not get to that information for days.
Did the hack provide any benefit to anyone? Not really. Security experts already know that websites can be hacked, and it is well known that the DNS servers which direct traffic to websites can be messed with. But the more protection that is applied to protect sites and infrastructure, the more expensive and cumbersome the Internet becomes. And I'm guessing you use the Internet for more things than hacking. How about use of the Internet to organize humanitarian aid for Palestine? How about use of the Internet to raise awareness of, and sympathy for, the Palestinian cause? Why not apply your skills and energy to those efforts? Help the people who are trying, or may be persuaded to try, to help you.No quest for peace and freedom can prosper without a critical mass of support that comes from many quarters. Annoying people who might otherwise be persuaded to support you just seems counter-productive.
Respectfully...Stephen Cobb, CISSP
Thank you Layla, for all that you gave to us, 2004-2013
A photo snapped in August: Layla Cobb, 2004-2013
This is just a short note to all who knew and loved our Layla.
Earlier this week she ended her journey here in San Diego,
peacefully and with loving hands upon her.
Layla was not only a joy to us and those who met her, she was an enormous comfort to us through some very tough times. She steadfastly refused to leave Chey's side whenever Chey was feeling ill, and faithfully presented me with a retrieved object whenever I came through the front door.
Only recently did we discover that Layla had stoically endured many years of arthritis so severe that the vets, when they got the X-rays, said they were amazed that she was able to walk at all. But Layla has always soldiered on stoically, despite everything, from Florida to New York, and then the long journey out to San Diego. Living out here, Dog Beach became her favorite place. When she stopped wanting to go onto the beach we both knew that we would not have her much longer.
So here's to you Princess Layla, Super Trooper, Snow Dog,
indefatigable source of comfort and joy.
Layla's first snow, New York, 2007
Do I really have to go back inside dad?
Hello world, my first portrait, 2004
Electric Car2Go is a Gas!
The all-electrtic Car2Go fleet in San Diego is not why we moved here, but we did sign up for the service as soon as we got here. Now, with nearly two years of experience, what do we think? It's a gas! Just take a look, and then read on...
Not all of these electric Smart Cars come with a highly-skilled driver like the one you see here, but they are all fun, whether you drive or are driven. Okay, we do have some quibbles that I will address in a moment, but basically this is a great service and the car is very impressive.
If I have to run errands involving more miles than I feel like walking then I often choose a Car2Go over our trusty old BMW 323. The iPhone app makes it very easy to locate nearby cars and reserve them.
At first, I tended to avoid Car2Go trips involving freeway miles, then my wife (the highly-skilled driver behind the wheel in the photo above) found the boost switch. You activate it with an extra push on the gas pedal when accelerating and it really helps with highway on-ramps and overtaking.
Of course, like all electric vehicles, the Car2Go can tap maximum torque at zero rpm, so it is always ready to leap off the line at the lights (great way to elicit gob-smacked looks from drivers of big sedans and hot hatches).
As for handling, the word is nimble. You can turn corners and cut U-turns where no other car would dare. I should point out that the ride is a little on the rough side over city streets, but most of the trips that I take in a Car2Go are too short for this to matter. The highway ride is acceptable. I did chat recently with someone who had ridden in her daughter's regular, bought-from-a-dealer, gasoline-powered Smart Car. She reported that it also had a somewhat rough ride on city streets (maybe someone should tell Mercedes Benz that America's city streets are not as well-paved as they used to be, and adjust suspension accordingly).
So far the electric-ness of the Car2Go has not been a problem. I have never run out of power. If the San Diego Car2Go fleet is short of anything it is cars-to-go. We can't always rely on there being one handy, and we live in the densely-populated Little Italy part of town. That would be one niggle. Another would be the length of time it takes to get the support folks on the line in the evenings.
Why would you need to call the support line? Well, it is possible to lock things inside these rentals. Yes, members have an RFID card that opens cars, but cars don't open to you if they are reserved by someone else or if they are out of service. So here's a scenario I encountered: Drove back from the supermarket in a Car2Go. Exited the vehicle with my groceries. Ended the rental. Then noticed that there was one more bag of groceries in the rear storage area. Tapped my card on the card reader but was told car out of service due to low battery. It took about 15 minutes to get through to an agent who could unlock the car.
Another problem I have encountered is missing cars. You see a car on the app, walk to its location, but it is not there. This may not be the fault of the system. Cars left in parking structures can give rise to this issue.
There are some restrictions on Car2Go, like not transporting our dog. I understand this policy: not all dog owners can be relied upon to keep the cars clean of dog hair, etc. And of course, only two people will fit in the car. However, they fit very well. I have a friend who is nearly seven feet tall and he owns a SmartCar. Not only that, his SmartCar was hit by another driver and protected him so well he got another.
So, bottom line: 9.5 times out of 10, my Car2Go experiences are 100% positive. So much so that they have allowed us to give our second vehicle to our daughter. So she likes Car2Go -- without ever driving one.
If I have to run errands involving more miles than I feel like walking then I often choose a Car2Go over our trusty old BMW 323. The iPhone app makes it very easy to locate nearby cars and reserve them.
At first, I tended to avoid Car2Go trips involving freeway miles, then my wife (the highly-skilled driver behind the wheel in the photo above) found the boost switch. You activate it with an extra push on the gas pedal when accelerating and it really helps with highway on-ramps and overtaking.
Of course, like all electric vehicles, the Car2Go can tap maximum torque at zero rpm, so it is always ready to leap off the line at the lights (great way to elicit gob-smacked looks from drivers of big sedans and hot hatches).
As for handling, the word is nimble. You can turn corners and cut U-turns where no other car would dare. I should point out that the ride is a little on the rough side over city streets, but most of the trips that I take in a Car2Go are too short for this to matter. The highway ride is acceptable. I did chat recently with someone who had ridden in her daughter's regular, bought-from-a-dealer, gasoline-powered Smart Car. She reported that it also had a somewhat rough ride on city streets (maybe someone should tell Mercedes Benz that America's city streets are not as well-paved as they used to be, and adjust suspension accordingly).
So far the electric-ness of the Car2Go has not been a problem. I have never run out of power. If the San Diego Car2Go fleet is short of anything it is cars-to-go. We can't always rely on there being one handy, and we live in the densely-populated Little Italy part of town. That would be one niggle. Another would be the length of time it takes to get the support folks on the line in the evenings.
Why would you need to call the support line? Well, it is possible to lock things inside these rentals. Yes, members have an RFID card that opens cars, but cars don't open to you if they are reserved by someone else or if they are out of service. So here's a scenario I encountered: Drove back from the supermarket in a Car2Go. Exited the vehicle with my groceries. Ended the rental. Then noticed that there was one more bag of groceries in the rear storage area. Tapped my card on the card reader but was told car out of service due to low battery. It took about 15 minutes to get through to an agent who could unlock the car.
Another problem I have encountered is missing cars. You see a car on the app, walk to its location, but it is not there. This may not be the fault of the system. Cars left in parking structures can give rise to this issue.
There are some restrictions on Car2Go, like not transporting our dog. I understand this policy: not all dog owners can be relied upon to keep the cars clean of dog hair, etc. And of course, only two people will fit in the car. However, they fit very well. I have a friend who is nearly seven feet tall and he owns a SmartCar. Not only that, his SmartCar was hit by another driver and protected him so well he got another.
So, bottom line: 9.5 times out of 10, my Car2Go experiences are 100% positive. So much so that they have allowed us to give our second vehicle to our daughter. So she likes Car2Go -- without ever driving one.
Sad Car2Go Postscript
At the end of 2016, Car2Go ceased operations in San Diego. Earlier that year it had converted the entire fleet from electric power to gasoline engines but it seems like Uber and Lyft killed it off. So, if you're visiting san Diego and wonder why you aren't see these cute little transport pods, that's why. Somehow this photo of our dog looking for something in the snow seems appropriate.Adrenalectomy, from pain to promising signs of progress
This is a short note to record the successful execution of a laproscopic adrenalectomy by Dr. Allan Gamagami at Sharp Memorial Hospital on August 16, namely my left adrenalectomy. I talked about the need for this procedure in Cobb's Got Conn's, but not because I enjoy talking about myself. Okay, I do enjoy talking about myself, but the point of my writing about Conn's and primary aldosteronism is to help the many millions of people who might have this condition.
That's right, recent studies suggest that as many as 10% of people with high blood pressure could be cured by adrenal surgery. In the U.S. alone, where the number of people with high blood pressure is estimated to be 71 million, there could be over 7 million candidates for this procedure. And that's the funny thing about primary aldosteronism: you may be happy to find you've got it. Why? Because treating primary aldosteronism can lower the risk of heart attack and stroke. It can also mean lower blood pressure, or even an end to blood pressure medication.
If your doctor successfully treats your primary aldosteronism, then you may enjoy lower blood pressure with fewer or no medications, plus return to a regular heartbeat, and freedom from muscle cramps. You could well feel more energetic, given the reversal of your hypokalemia (low potassium).
The culprit was my left adrenal and this was confirmed by some fancy testing, reinforced by my body's positive reaction to a drug called spironolactone, an "aldosterone receptor antagonist that causes the kidneys to eliminate unneeded water and sodium from the body into the urine, but reduces the loss of potassium from the body." (NIH)
Because the spironolactone was effective at lowering my blood pressure by several points, it seemed likely that removing the cause of the excess aldosterone would be beneficial. Surgery was scheduled.
Nine days after the surgery I can sense numerous positive changes in my body. For a start, I have not experienced any muscle cramps since the operation, despite not taking any potassium supplements.
Second, I feel either more relaxed or less stressed. (I'm not sure which term best describes my state of mind, and that state of mind might just be a temporary state, but so far I am enjoying it.)
My blood pressure seems to be better controlled, with fewer medications, although it is early days yet. Whether I can be weaned off HBP meds altogether remains to be seen. I am pretty sure that the trauma and lingering pain of the surgery elevates BP readings for days afterwards. I will report back at 15 and 30 days.
And guess what? For years I had been attributing most of physical ills to an inverse trifecta of advancing age, plus the stress of the financial crash -- in which we lost our home and our life savings, plus my wife's illness and disability. Only when I was back on my feet and settled into a job that I really enjoyed did it occur to me to dig deeper into why I was continuing to have these symptoms. Now, despite the lingering pain of abdominal surgery, I am very glad that I did dig.
Now I need to write up my surgical experience to help folks who discover that they need one of their adrenals removed. A recent study suggests that five percent of high blood pressure cases could be like mine, curable through surgery. The operation is no walk in the park, but in my case it is proving to have been a positive step forward.
That's right, recent studies suggest that as many as 10% of people with high blood pressure could be cured by adrenal surgery. In the U.S. alone, where the number of people with high blood pressure is estimated to be 71 million, there could be over 7 million candidates for this procedure. And that's the funny thing about primary aldosteronism: you may be happy to find you've got it. Why? Because treating primary aldosteronism can lower the risk of heart attack and stroke. It can also mean lower blood pressure, or even an end to blood pressure medication.
A Gland Called Adrenal
When either or both of your adrenal glands pump out too much aldosterone your body:- retains sodium (we all know too much sodium is not good for blood pressure), and
- leaches out too much potassium (while excess potassium can be deadly, too little can also have fatal consequences, like a stroke or heart failure due to atrial fibrillation).
If your doctor successfully treats your primary aldosteronism, then you may enjoy lower blood pressure with fewer or no medications, plus return to a regular heartbeat, and freedom from muscle cramps. You could well feel more energetic, given the reversal of your hypokalemia (low potassium).
Farewell My Left Adrenal
Thanks to some good old-fashioned medical work by my primary care physician (Dr. Adam Pacal) and gifted nephrologist (Dr. Jadwiga Alexiewicz) it was determined that I was a classic case of primary aldosteronism in which a growth on one adrenal gland is responsible for the over-production of aldosterone.The culprit was my left adrenal and this was confirmed by some fancy testing, reinforced by my body's positive reaction to a drug called spironolactone, an "aldosterone receptor antagonist that causes the kidneys to eliminate unneeded water and sodium from the body into the urine, but reduces the loss of potassium from the body." (NIH)
Because the spironolactone was effective at lowering my blood pressure by several points, it seemed likely that removing the cause of the excess aldosterone would be beneficial. Surgery was scheduled.
Nine days after the surgery I can sense numerous positive changes in my body. For a start, I have not experienced any muscle cramps since the operation, despite not taking any potassium supplements.
Second, I feel either more relaxed or less stressed. (I'm not sure which term best describes my state of mind, and that state of mind might just be a temporary state, but so far I am enjoying it.)
My blood pressure seems to be better controlled, with fewer medications, although it is early days yet. Whether I can be weaned off HBP meds altogether remains to be seen. I am pretty sure that the trauma and lingering pain of the surgery elevates BP readings for days afterwards. I will report back at 15 and 30 days.
What Was Going On?
In the years prior to my operation I was dealing with all of these symptoms of chronic lack of potassium, despite a potassium-rich diet and supplements:- Palpitations, which are sensations of a racing, uncomfortable, irregular heartbeat or a flopping in your chest (that's language from the Mayo Clinic)
- Atrial fibrillation
- Weakness and fatigue
- Leg and foot cramps
And guess what? For years I had been attributing most of physical ills to an inverse trifecta of advancing age, plus the stress of the financial crash -- in which we lost our home and our life savings, plus my wife's illness and disability. Only when I was back on my feet and settled into a job that I really enjoyed did it occur to me to dig deeper into why I was continuing to have these symptoms. Now, despite the lingering pain of abdominal surgery, I am very glad that I did dig.
Now I need to write up my surgical experience to help folks who discover that they need one of their adrenals removed. A recent study suggests that five percent of high blood pressure cases could be like mine, curable through surgery. The operation is no walk in the park, but in my case it is proving to have been a positive step forward.
Robot or not? Robotic surgery and risk, part one
A security geek goes to see a surgeon about having an operation. The surgeon says, "We may use the robot."
The geek thinks: "Robot! Cool. What OS does it use? Is it on the network? Has anyone hacked this type of robot yet?"
I am that geek and I will get to those questions in a moment, but here's a question you need to be thinking about: Is it okay for a machine to slice into people and perform surgery, such as removing organs they no longer need? I'm thinking about this for several reasons, including my upcoming adrenalectomy and my job as a security researcher at ESET. But why do you need to think about this? Because robotic surgery is no longer science fiction: nearly half a million surgical procedures were performed robotically in North America in 2012.
So, there's a good chance that, if you need any one of a number of types of surgery in America today, your healthcare provider will want to use a robot. Are you okay with that? Clearly, most people will want to ask themselves: Does the surgeon's use of a robot increase or decrease the risks to me, the patient? In this post and others that I am planning to write, I hope to shed light on this question.
Note that I am not a doctor, nor am I a medical researcher, but I have some experience with risks related to digital technology. I work for a company that works to improve the safety of digital technology. A surgical robot is digital technology. Here's a simplified diagram of a robotic surgery setup:
The surgeon guides the robot tools from a 3D imaging console using hand and foot controls communicating over wires to the device. Note that the surgeon's console can be some distance from the patient (in telesurgery it could be miles away).
Unfortunately, and I mean this sincerely as a fan of technology and a believer in the potential of robotics to improve our world, some things have not gone well. For example, according to one law firm:
Then came a bunch of studies examining the cost and efficacy of these million dollar marvels (yes, a da Vinci robot can cost over $1.5 million). Together with the lawsuits and media scrutiny, these have depressed share prices for ISRG, which is now trading around $430 with some analysts predicting values of $300 within the year.
Somewhat ironically, given my initial security geek reaction to the idea of a robot slicing into my flesh--fear of hacking--none of the problems with this particular technology cited so far have anything to do with malware, coding errors, comms failures, or hacking. The greatest risk factor right now, in my opinion? The impact of market forces on safety.
Here are some of the figures that ACOG quotes:
Those questions are currently more pressing than the need to analyze the da Vinci system's coding and connectivity. So far, I have found no indications that the system has been hacked and it does not appear to be connected to any networks. But that may change as the pressure to perform remote robotic surgery grows, powered by the perception that this can expand healthcare delivery at lower costs than training more surgeons. Already we see FDA approval for passive telemedicine robots. The term telesurgery has been coined and tests of procedures performed over the Internet are under way.
I leave you now with a link to the AJOG report "The commercialization of robotic surgery: unsubstantiated marketing of gynecologic surgery by hospitals," and a link to a report that really rips into Intuitive. The author quotes a lot of sources that appear to check out. After reading it you are likely to question whether or not robotic surgery is right for you. As of now, I am going to ask my surgeon to take a more hands on approach.
The geek thinks: "Robot! Cool. What OS does it use? Is it on the network? Has anyone hacked this type of robot yet?"
I am that geek and I will get to those questions in a moment, but here's a question you need to be thinking about: Is it okay for a machine to slice into people and perform surgery, such as removing organs they no longer need? I'm thinking about this for several reasons, including my upcoming adrenalectomy and my job as a security researcher at ESET. But why do you need to think about this? Because robotic surgery is no longer science fiction: nearly half a million surgical procedures were performed robotically in North America in 2012.
So, there's a good chance that, if you need any one of a number of types of surgery in America today, your healthcare provider will want to use a robot. Are you okay with that? Clearly, most people will want to ask themselves: Does the surgeon's use of a robot increase or decrease the risks to me, the patient? In this post and others that I am planning to write, I hope to shed light on this question.
Note that I am not a doctor, nor am I a medical researcher, but I have some experience with risks related to digital technology. I work for a company that works to improve the safety of digital technology. A surgical robot is digital technology. Here's a simplified diagram of a robotic surgery setup:
The surgeon guides the robot tools from a 3D imaging console using hand and foot controls communicating over wires to the device. Note that the surgeon's console can be some distance from the patient (in telesurgery it could be miles away).
Slicing and dicing with da Vinci
If your healthcare provider does want to deploy a robot as part of your surgery there are a couple of data points we know already. First, the procedure is likely to take a bit longer. Second, the procedure will cost more. Third, the robot they will use is most likely to be the da Vinci Robotic Surgical System. The da Vinci is made by Intuitive Surgical, a company that went public 13 years ago at $9 a share [ISRG]. This was the same year the FDA approved the system for general laparoscopic surgery. Intuitive has since traded as high as $585.67, which might lead you to think that things are going well in robo-surgery land.Unfortunately, and I mean this sincerely as a fan of technology and a believer in the potential of robotics to improve our world, some things have not gone well. For example, according to one law firm:
there are now more than 4,500 complaints about the da Vinci surgical robot in the FDA’s MAUDE (“Manufacturer and User Facility Device Experience”) Database—50 or so of them involving the death of the patient—and 30 lawsuits against the manufacturer, Intuitive Surgical, Inc.You don't have to take a lawyer's word for this because MAUDE is on the Internet. and you can look up reports yourself (I count 500 reports involving Intuitive surgical so far this year). Bear in mind that reporting medical device problems to MAUDE is not mandatory, so there is no way to tell the actual number of problems with the da Vinci system.
Then came a bunch of studies examining the cost and efficacy of these million dollar marvels (yes, a da Vinci robot can cost over $1.5 million). Together with the lawsuits and media scrutiny, these have depressed share prices for ISRG, which is now trading around $430 with some analysts predicting values of $300 within the year.
Somewhat ironically, given my initial security geek reaction to the idea of a robot slicing into my flesh--fear of hacking--none of the problems with this particular technology cited so far have anything to do with malware, coding errors, comms failures, or hacking. The greatest risk factor right now, in my opinion? The impact of market forces on safety.
Sales pressure and medical devices
Intuitive is under tremendous pressure from shareholders to sell more robots and get more robotic surgeries performed. This leads to marketing tactics that oversell benefits and downplay risks. For example, Johns Hopkins research shows hospital websites making excessive use of industry-provided content to sell robotic surgery and overstate claims of robotic success. A CNBC investigation quoted Suraj Kalia, a Northland Capital analyst, in a recent report on the company:Our extensive field checks highlighted a story where aggressive marketing drives the message and true clinical utility seems secondary in nature.There is a lot of pressure on Intuitive to market the heck out of their product because a lot of doctors are now expressing doubts about the value of robotic surgery. Consider the blistering Statement on Robotic Surgery by James T. Breeden, MD, president of ACOG, the American College of Obstetricians and Gynecologists (with 56,000 members, ACOG is the nation’s leading group of physicians providing health care for women). Here's the short version: "there is no good data proving that robotic hysterectomy is even as good as—let alone better—than existing, and far less costly, minimally invasive alternatives."
Here are some of the figures that ACOG quotes:
At a price of more than $1.7 million per robot, $125,000 in annual maintenance costs, and up to $2,000 per surgery for the cost of single-use instruments, robotic surgery is the most expensive approach. A recent Journal of the American Medical Association study found that the percentage of hysterectomies performed robotically has jumped from less than 0.5% to nearly 10% over the past three years. A study of over 264,000 hysterectomy patients in 441 hospitals also found that robotics added an average of $2,000 per procedure without any demonstrable benefit...an estimated $960 million to $1.9 billion will be added to the health care system if robotic surgery is used for all hysterectomies each year.Between the medical questions and the growing number of lawsuits, Intuitive is under pressure, the kind of pressure that should, I believe, influence the way you interpret what people say about robotic surgery. Is the hospital pushing it on you? Is the hospital pushing it on the surgeon? Is the hospital skimping on robotic training, given the manufacturer's claim that surgeons are ready after two or three operations? Is the motive to achieve the best healthcare for you or is the motive a need to pay back the huge investment in hardware and supplies and maintenance contracts? Are doctors and hospital administrators being plied with luxury vacations and other perks to encourage them to use the robot more often in a wider range of procedures, including yours?
Those questions are currently more pressing than the need to analyze the da Vinci system's coding and connectivity. So far, I have found no indications that the system has been hacked and it does not appear to be connected to any networks. But that may change as the pressure to perform remote robotic surgery grows, powered by the perception that this can expand healthcare delivery at lower costs than training more surgeons. Already we see FDA approval for passive telemedicine robots. The term telesurgery has been coined and tests of procedures performed over the Internet are under way.
What's next for robotic risks?
In my next post I will break down the technical risk factors in more detail. These include analog issues, like build quality (here is a self-reported problem with da Vinci hardware that can cause burns), and also logical issues, like the security of device programming.I leave you now with a link to the AJOG report "The commercialization of robotic surgery: unsubstantiated marketing of gynecologic surgery by hospitals," and a link to a report that really rips into Intuitive. The author quotes a lot of sources that appear to check out. After reading it you are likely to question whether or not robotic surgery is right for you. As of now, I am going to ask my surgeon to take a more hands on approach.
Subscribe to:
Posts (Atom)