Fighting malware, cybercrime, and hemochromatosis = I've been busy

I enjoy reading a wide range of blogs. Recently, I was shocked to visit one of my own blogs -- this one -- and see that I had not posted anything since February. Surely I had written more than that? In fact, I have been doing a lot of writing, but on other blogs. So I decided to post a roundup of recent writings and presentations, for my own edification, and to show that I have not been slacking. Enjoy!

Living Security


A lot of my writing these days appears on We Live Security, the website that grew out of the Threat Blog at blog.eset.com. Here are some highlights:

Being Security


I have also been writing some posts about security and privacy on my first blog, Scobbs Blogspot. The idea is to put security pieces there when they are not a good fit for We Live Security, for example, a strong personal opinion, or a speculative piece. (In general, I want to keep this blog here, Cobbsblog, for non-security stuff.) Recent posts on Scobbs Blogspot include:

Security Slides and Webinars and Podcasts


You can find some of the slides from my security presentations at SlideShare under the zcobb account. These include slides that ESET graciously makes available for anyone who is working to increase security awareness in their organization. Here is a recent example from a webinar on cybercrime:



Some of my security education presentations are done as webinars and you can find these in the ESET channel on a service called BrightTalk. The channel requires a one-time registration process but is free and there are dozens of recorded webinars available from myself and my colleagues.

I have also recorded a lot of podcasts on security and privacy. These are available on this page but they are not marked as to author. All of the podcasts are worth a listen and feature my fellow researchers at ESET.

Earlier this year I answered several questions for a reporter while visiting the Latin America headquarters of ESET. Topics covered in the resulting video include the effects of Snowden's revelations about the NSA, the relationship between privacy and security, and social media issues for young people. Spanish subtitles are provided.



Fighting Hemochromatosis


My writings on hemochromatosis started here on this blog in 2008, with "dsgds". Then, in 2010, I created CelticCurse.org and post there when I have something substantial. Here are some recent posts.

In addition to Celtic Curse, I created another channel of communication about hemochromatosis, the Hemochromatosis page on Facebook. This has reached over 100,000 people so far this year and led to the publication of the first ever "Hemo Doc Stars" list of recommended hemochromatosis doctors from around the world.

So, the next time I am wondering to myself "what have I accomplished this year?" I can look at this page and refresh my memory. And the above is not everything. I also got accepted into a postgraduate degree program in security and risk management in the Criminology Department of the University of Leicester, in England. I hope to have time to share some instructive tales of distance learning here as the program progresses.

Alpha woman and the days of sail

Chey at the helm of Alpha, a Bristol Pilot Cutter built 110 years ago.
Although we live just 5 blocks from the Star of India and other fine sailing vessels in San Diego Bay, we do not get out on the water much because of Chey's health. However, 20 years ago Chey was an active sailor, studying for her Yachtmaster on the Isle of Wight and sailing historic wooden sailing ships around Scotland.

Chey's favorite was Alpha, a 52 foot Bristol Pilot Cutter. On one trip she sailed Alpha from Scotland to Portugal and back, straight up through the North Atlantic and around the western side of Ireland. Bear in mind that pilot cutters were the "built for speed" boats of their day, sleak, stripped of deck rails and any other impediments to pace. Why? Because pilots made their money guiding large cargo ships through coastal waters and into port. The pilot who was first to reach an incoming ship got the job!

How to find $168 billion in annual spending cuts while saving the world

Allow me to explain where the U.S. federal government can find $168 billion. That could be a $168 billion cut in annual spending from the current budget, or $168 billion of spending shifted to more worthwhile endeavors. It could even end world hunger while giving us all tax rebates.

Lately, I've been looking at a lot of numbers related to safety and security, like how much money we spend on fighting wars and cyber crime, how many people die from different causes, and so on. I was inspired to research such things by a comment made to the press by my friend and boss, Andrew Lee, CEO of ESET North America, who was asked what he thought of General Keith Alexander's keynote at Blackhat last year. (The General spoke about mass surveillance by the National Security Agency (NSA) as revealed by former federal contractor Edward Snowden.) Andrew said that we should be asking ourselves if the levels of surveillance now being revealed constitute a proportionate response.

Personally, and I stress that this is my personal opinion, I think that the $50 billion my country spends annually on spying is way too much (BTW, for new readers, "my country" = the United States of America, the country of which I have been a citizen for more than 30 years).

To put that $50 billion spend on spying in perspective, it dwarfs the total spend on life-saving health research by the federal government is $30 billion (that's funding for over 300,000 researchers at more than 2,500 institutions). I'm pretty sure that $50 billion is about the same as the operating expenses of Google and Microsoft combined. Aside from the sheer amount, the challenge of oversight and efficiency across multiple agencies is huge, leading to some terrible decision-making, as revealed by some of the Snowden papers.

But let's leave the spy budget aside and consider what we spend to defend our country. Suppose we were to decide that the appropriate annual budget for defending America is twice the total annual military spend of our two closest rivals, China and Russia. Those two countries spend $166 billion and $90 billion respectively, or $256 billion combined; double that is $512 billion, which is $168 billion less than the $680 billion that the U.S. spends.

military-spendingSurely we can adequately defend America by allocating twice what China and Russia spend combined. Still nervous? Want a comfort zone greater than 2X?

Consider the $272 billion annual military spending by our six strongest allies (UK, Japan, France, Germany, Australia, Canada). Figures are from SIPRI Yearbook 2013.

Want more perspective? With our $168 billion savings we could drastically reduce the deficit, lower taxes, and still have enough left over to END WORLD HUNGER (estimated cost of that is $30 billion).

So, let's recap, the Cobb budget plan for America would:

  • Spend more on defense than China and Russia combined

  • End world hunger

  • Reduce the deficit

  • Enable lower tax rates


What's not to love about that?

Happy Blogging New Year 2014!

Happy New Year! While it took me a few days to get around to this, I did want to mark the beginning of the new year with at least one blog post here on Cobbsblog. In fact, I have been doing quite a bit of blogging around the turn of the year.

Over on WeLiveSecurity.com I was privielged to present some of the 2014 security predictions from my fellow researchers at ESET. My colleagues in Latin America shone again this year, producing a 30+ page review of malware trends and predictions.

That report very rightly fingered privacy as a hot topic for 2014 and I am heading for Washington, D.C. in a few weeks to be on a panel about data privacy at a Data Privacy Day event at the Pew Charitable Trusts (January 28 is Data Privacy Day).

Predictions are one thing, but what practical good are they? What advice can they generate for IT security managers? I will try to answer that question in a free webinar happening January 15 on ESET's Brighttalk channel.

I made some information security predictions of my own, over on my security blog: scobb's information security blog. That blog was in fact my first, and lately I have been reviving it. My idea for 2014 is to use Cobbsblog for more personal posts, and put my security related posts on scobb's. Of course, in 2014 I will be writing about security on WeLiveSecurity.com as well, but sometimes I have things to say on the topic that don't quite fit there.

And sometimes my thoughts will migrate to other blogs. For example, Graham Cluley liked my prediction about the persistent misrepresentation of antivirus software, and reprinted it (with my permission) on his very information blog.

I wish you a safe and happy 2014 and pledge to do my best to provide you with informative and thought-provoking content all year long.

Bands to watch in 2014: NO doubt about NO

Warning! The link I am about to lay on you starts to autoplay some great music. It's by a band out of Los Angeles called NO and I think they are very good. Of course, this is an old guy talking, but an old guy who had enough love of good music to spend four days in the cold and rain to catch artists like Santana, Led Zeppelin, Frank Zappa, Pink Floyd, Pentangle, and Fairport Convention at the Bath Festival in 1971.

That said, here is the link to NO. And here is a photo of the band I snapped as they were performing "There's a glow" on the rooftop of the Rio in Las Vegas last summer.


The significance of the setting, high above the Vegas strip, comes partly from the opening of the song that goes:
There's a glow up over the city the city.
There's a glow up over us all.
The other aspect of significance, apart from the amazing view and the electrified atmosphere of the up-close performance, is that the band is playing at a party thrown by my employer, ESET.

And I have to admit this was not my first time seeing the band live. They played an ESET party in 2012 as well. None of which would matter if the band was just okay. But in fact they are awesome when they play live, managing to create a huge sound without it becoming noise, and often generating powerful emotional tension by restraining that big sound until just the right moment.

In February of 2014 the band releases its first LP, with 7 new tracks on top of the 6 you can hear live on the website. Stay tuned to their site for fresh tour dates and try to catch them live. You won't be disappointed.

Free professional security advice for Palestinian hackers

First of all, welcome. I am glad you found this page. Please don't hack it.

Who am I? I am one of many people in the computer security world who have great sympathy for the Palestinian people. We agree with you that the Palestinian people deserve to live in peace. We let our politicians know what we think. We use social media to spread news and awareness of the injustices suffered by the Palestinian people at the hands of Western governments and their allies in the region.

As computer security professionals, we also work hard to protect the privacy and cybersecurity of hundreds millions of individuals around the world. Some of those people are Palestinians. For example, I work at ESET, a company which protects the computers and smartphones of many millions of people in more than 180 different countries. I'm guessing some of them are Palestinian sympathizers.

Recently, some of you have been busy redirecting website traffic AWAY from sites that many people, including some Palestinian sympathizers, rely on for help in protecting their privacy and their data, and TO a page that calls for Palestinian rights. I have to say, I don't think this strategy is helping you, or the Palestinian cause; it hurts law-abiding human beings who use computers and smartphones to make an honest living, to connect with their families, and in some cases, to campaign for peace and justice.

[Note: When I say sympathy with the plight of the Palestinian people, or sympathy with the Palestinian cause, I mean that I think the people of Palestine have been, and are being, treated inhumanely, and that they deserve a secure homeland in which they are free to enjoy the rights and liberties that Americans take for granted. I do not mean that violence against civilians in pursuit of political aspirations is justified: it is not, ever, no matter what side you are on. Yet complacency and apathy in the face of inhumanity and injustice are equally objectionable.]

So, what is my professional advice? Use your computer skills to advance the cause in ways that don't impact innocent digital bystanders. Let me give you an example. This website you are reading right now is hosted on a web server that was hacked a few months ago in the name of freedom for Palestinians. The same web server hosts information about a potentially fatal genetic condition that doctors often fail to diagnose. That website helps a lot of people but it went down because someone thought hacking it would help the Palestinian cause. Did it help? I don't see any evidence that it did. Several kind and generous people had to give up their time to fix the website. Some innocent people in need of helpful information could not get to that information for days.

kdms-palestineDid the hack provide any benefit to anyone? Not really. Security experts already know that websites can be hacked, and it is well known that the DNS servers which direct traffic to websites can be messed with. But the more protection that is applied to protect sites and infrastructure, the more expensive and cumbersome the Internet becomes. And I'm guessing you use the Internet for more things than hacking. How about use of the Internet to organize humanitarian aid for Palestine? How about use of the Internet to raise awareness of, and sympathy for, the Palestinian cause? Why not apply your skills and energy to those efforts? Help the people who are trying, or may be persuaded to try, to help you.

No quest for peace and freedom can prosper without a critical mass of support that comes from many quarters. Annoying people who might otherwise be persuaded to support you just seems counter-productive.

Respectfully...Stephen Cobb, CISSP

Thank you Layla, for all that you gave to us, 2004-2013


A photo snapped in August: Layla Cobb, 2004-2013


This is just a short note to all who knew and loved our Layla.
Earlier this week she ended her journey here in San Diego,
peacefully and with loving hands upon her.


Layla was not only a joy to us and those who met her, she was an enormous comfort to us through some very tough times. She steadfastly refused to leave Chey's side whenever Chey was feeling ill, and faithfully presented me with a retrieved object whenever I came through the front door.

Only recently did we discover that Layla had stoically endured many years of arthritis so severe that the vets, when they got the X-rays, said they were amazed that she was able to walk at all. But Layla has always soldiered on stoically, despite everything, from Florida to New York, and then the long journey out to San Diego. Living out here, Dog Beach became her favorite place. When she stopped wanting to go onto the beach we both knew that we would not have her much longer.

So here's to you Princess Layla, Super Trooper, Snow Dog,
indefatigable source of comfort and joy.


Snow dog Layla

Layla's first snow, New York, 2007


Layla Cobb, 2004-2013

Do I really have to go back inside dad?


 

laylacc2

Hello world, my first portrait, 2004

Electric Car2Go is a Gas!

The all-electrtic Car2Go fleet in San Diego is not why we moved here, but we did sign up for the service as soon as we got here. Now, with nearly two years of experience, what do we think? It's a gas! Just take a look, and then read on...
Not all of these electric Smart Cars come with a highly-skilled driver like the one you see here, but they are all fun, whether you drive or are driven. Okay, we do have some quibbles that I will address in a moment, but basically this is a great service and the car is very impressive.

If I have to run errands involving more miles than I feel like walking then I often choose a Car2Go over our trusty old BMW 323. The iPhone app makes it very easy to locate nearby cars and reserve them.

At first, I tended to avoid Car2Go trips involving freeway miles, then my wife (the highly-skilled driver behind the wheel in the photo above) found the boost switch. You activate it with an extra push on the gas pedal when accelerating and it really helps with highway on-ramps and overtaking.

Of course, like all electric vehicles, the Car2Go can tap maximum torque at zero rpm, so it is always ready to leap off the line at the lights (great way to elicit gob-smacked looks from drivers of big sedans and hot hatches).

As for handling, the word is nimble. You can turn corners and cut U-turns where no other car would dare. I should point out that the ride is a little on the rough side over city streets, but most of the trips that I take in a Car2Go are too short for this to matter. The highway ride is acceptable. I did chat recently with someone who had ridden in her daughter's regular, bought-from-a-dealer, gasoline-powered Smart Car. She reported that it also had a somewhat rough ride on city streets (maybe someone should tell Mercedes Benz that America's city streets are not as well-paved as they used to be, and adjust suspension accordingly).

So far the electric-ness of the Car2Go has not been a problem. I have never run out of power. If the San Diego Car2Go fleet is short of anything it is cars-to-go. We can't always rely on there being one handy, and we live in the densely-populated Little Italy part of town. That would be one niggle. Another would be the length of time it takes to get the support folks on the line in the evenings.

Why would you need to call the support line? Well, it is possible to lock things inside these rentals. Yes, members have an RFID card that opens cars, but cars don't open to you if they are reserved by someone else or if they are out of service. So here's a scenario I encountered: Drove back from the supermarket in a Car2Go. Exited the vehicle with my groceries. Ended the rental. Then noticed that there was one more bag of groceries in the rear storage area. Tapped my card on the card reader but was told car out of service due to low battery. It took about 15 minutes to get through to an agent who could unlock the car.

Another problem I have encountered is missing cars. You see a car on the app, walk to its location, but it is not there. This may not be the fault of the system. Cars left in parking structures can give rise to this issue.

There are some restrictions on Car2Go, like not transporting our dog. I understand this policy: not all dog owners can be relied upon to keep the cars clean of dog hair, etc. And of course, only two people will fit in the car. However, they fit very well. I have a friend who is nearly seven feet tall and he owns a SmartCar. Not only that, his SmartCar was hit by another driver and protected him so well he got another.

So, bottom line: 9.5 times out of 10, my Car2Go experiences are 100% positive. So much so that they have allowed us to give our second vehicle to our daughter. So she likes Car2Go -- without ever driving one.

Sad Car2Go Postscript

At the end of 2016, Car2Go ceased operations in San Diego. Earlier that year it had converted the entire fleet from electric power to gasoline engines but it seems like Uber and Lyft killed it off. So, if you're visiting san Diego and wonder why you aren't see these cute little transport pods, that's why. Somehow this photo of our dog looking for something in the snow seems appropriate.


Adrenalectomy, from pain to promising signs of progress

This is a short note to record the successful execution of a laproscopic adrenalectomy by Dr. Allan Gamagami at Sharp Memorial Hospital on August 16, namely my left adrenalectomy. I talked about the need for this procedure in Cobb's Got Conn's, but not because I enjoy talking about myself. Okay, I do enjoy talking about myself, but the point of my writing about Conn's and primary aldosteronism is to help the many millions of people who might have this condition.

That's right, recent studies suggest that as many as 10% of people with high blood pressure could be cured by adrenal surgery. In the U.S. alone, where the number of people with high blood pressure is estimated to be 71 million, there could be over 7 million candidates for this procedure. And that's the funny thing about primary aldosteronism: you may be happy to find you've got it. Why? Because treating primary aldosteronism can lower the risk of heart attack and stroke. It can also mean lower blood pressure, or even an end to blood pressure medication.

A Gland Called Adrenal

When either or both of your adrenal glands pump out too much aldosterone your body:
  • retains sodium (we all know too much sodium is not good for blood pressure), and
  • leaches out too much potassium (while excess potassium can be deadly, too little can also have fatal consequences, like a stroke or heart failure due to atrial fibrillation). 
If you have primary aldosteronism you are likely to experience one of more of the health problems that I list down below.

If your doctor successfully treats your primary aldosteronism, then you may enjoy lower blood pressure with fewer or no medications, plus return to a regular heartbeat, and freedom from muscle cramps. You could well feel more energetic, given the reversal of your hypokalemia (low potassium).

Farewell My Left Adrenal

Thanks to some good old-fashioned medical work by my primary care physician (Dr. Adam Pacal) and gifted nephrologist (Dr. Jadwiga Alexiewicz) it was determined that I was a classic case of primary aldosteronism in which a growth on one adrenal gland is responsible for the over-production of aldosterone.

The culprit was my left adrenal and this was confirmed by some fancy testing, reinforced by my body's positive reaction to a drug called spironolactone, an "aldosterone receptor antagonist that causes the kidneys to eliminate unneeded water and sodium from the body into the urine, but reduces the loss of potassium from the body." (NIH)

Because the spironolactone was effective at lowering my blood pressure by several points, it seemed likely that removing the cause of the excess aldosterone would be beneficial. Surgery was scheduled.

Nine days after the surgery I can sense numerous positive changes in my body. For a start, I have not experienced any muscle cramps since the operation, despite not taking any potassium supplements.

Second, I feel either more relaxed or less stressed. (I'm not sure which term best describes my state of mind, and that state of mind might just be a temporary state, but so far I am enjoying it.)

My blood pressure seems to be better controlled, with fewer medications, although it is early days yet. Whether I can be weaned off HBP meds altogether remains to be seen. I am pretty sure that the trauma and lingering pain of the surgery elevates BP readings for days afterwards. I will report back at 15 and 30 days.

What Was Going On?

In the years prior to my operation I was dealing with all of these symptoms of chronic lack of potassium, despite a potassium-rich diet and supplements:
  • Palpitations, which are sensations of a racing, uncomfortable, irregular heartbeat or a flopping in your chest (that's language from the Mayo Clinic)
  • Atrial fibrillation
  • Weakness and fatigue
  • Leg and foot cramps
In addition, I suffered from excess sodium despite watching my salt intake. That meant high blood pressure which would sometimes spike and make me feel quite ill if I ate a particularly salty meal (something that is frankly hard to avoid when you travel a lot on business -- some restaurants simply lie about their use of salt, a phenomenon that includes some very fancy eateries). Throughout these years, my heartbeat was funky and my medication regimen included five pills a day.

And guess what? For years I had been attributing most of physical ills to an inverse trifecta of advancing age, plus the stress of the financial crash -- in which we lost our home and our life savings, plus my wife's illness and disability. Only when I was back on my feet and settled into a job that I really enjoyed did it occur to me to dig deeper into why I was continuing to have these symptoms. Now, despite the lingering pain of abdominal surgery, I am very glad that I did dig.

Now I need to write up my surgical experience to help folks who discover that they need one of their adrenals removed. A recent study suggests that five percent of high blood pressure cases could be like mine, curable through surgery. The operation is no walk in the park, but in my case it is proving to have been a positive step forward.

Robot or not? Robotic surgery and risk, part one

A security geek goes to see a surgeon about having an operation. The surgeon says, "We may use the robot."

The geek thinks: "Robot! Cool. What OS does it use? Is it on the network? Has anyone hacked this type of robot yet?"

I am that geek and I will get to those questions in a moment, but here's a question you need to be thinking about: Is it okay for a machine to slice into people and perform surgery, such as removing organs they no longer need? I'm thinking about this for several reasons, including my upcoming adrenalectomy and my job as a security researcher at ESET. But why do you need to think about this? Because robotic surgery is no longer science fiction: nearly half a million surgical procedures were performed robotically in North America in 2012.

So, there's a good chance that, if you need any one of a number of types of surgery in America today, your healthcare provider will want to use a robot. Are you okay with that? Clearly, most people will want to ask themselves:  Does the surgeon's use of a robot increase or decrease the risks to me, the patient? In this post and others that I am planning to write, I hope to shed light on this question.

Note that I am not a doctor, nor am I a medical researcher, but I have some experience with risks related to digital technology. I work for a company that works to improve the safety of digital technology. A surgical robot is digital technology. Here's a simplified diagram of a robotic surgery setup:

Sketch of 3D robotic surgery step

The surgeon guides the robot tools from a 3D imaging console using hand and foot controls communicating over wires to the device. Note that the surgeon's console can be some distance from the patient (in telesurgery it could be miles away).

Slicing and dicing with da Vinci

If your healthcare provider does want to deploy a robot as part of your surgery there are a couple of data points we know already. First, the procedure is likely to take a bit longer. Second, the procedure will cost more. Third, the robot they will use is most likely to be the da Vinci Robotic Surgical System. The da Vinci is made by Intuitive Surgical, a company that went public 13 years ago at $9 a share [ISRG]. This was the same year the FDA approved the system for general laparoscopic surgery. Intuitive has since traded as high as $585.67, which might lead you to think that things are going well in robo-surgery land.

Unfortunately, and I mean this sincerely as a fan of technology and a believer in the potential of robotics to improve our world, some things have not gone well. For example, according to one law firm:
there are now more than 4,500 complaints about the da Vinci surgical robot in the FDA’s MAUDE (“Manufacturer and User Facility Device Experience”) Database—50 or so of them involving the death of the patient—and 30 lawsuits against the manufacturer, Intuitive Surgical, Inc.
You don't have to take a lawyer's word for this because MAUDE is on the Internet. and you can look up reports yourself (I count 500 reports involving Intuitive surgical so far this year). Bear in mind that reporting medical device problems to MAUDE is not mandatory, so there is no way to tell the actual number of problems with the da Vinci system.

Then came a bunch of studies examining the cost and efficacy of these million dollar marvels (yes, a da Vinci robot can cost over $1.5 million). Together with the lawsuits and media scrutiny, these have depressed share prices for ISRG, which is now trading around $430 with some analysts predicting values of $300 within the year.

Somewhat ironically, given my initial security geek reaction to the idea of a robot slicing into my flesh--fear of hacking--none of the problems with this particular technology cited so far have anything to do with malware, coding errors, comms failures, or hacking. The greatest risk factor right now, in my opinion? The impact of market forces on safety.

Sales pressure and medical devices

Intuitive is under tremendous pressure from shareholders to sell more robots and get more robotic surgeries performed. This leads to marketing tactics that oversell benefits and downplay risks. For example, Johns Hopkins research shows hospital websites making excessive use of industry-provided content to sell robotic surgery and overstate claims of robotic success. A CNBC investigation quoted Suraj Kalia, a Northland Capital analyst, in a recent report on the company:
Our extensive field checks highlighted a story where aggressive marketing drives the message and true clinical utility seems secondary in nature.
There is a lot of pressure on Intuitive to market the heck out of their product because a lot of doctors are now expressing doubts about the value of robotic surgery. Consider the blistering Statement on Robotic Surgery by James T. Breeden, MD, president of ACOG, the American College of Obstetricians and Gynecologists (with 56,000 members, ACOG is the nation’s leading group of physicians providing health care for women). Here's the short version: "there is no good data proving that robotic hysterectomy is even as good as—let alone better—than existing, and far less costly, minimally invasive alternatives."

Here are some of the figures that ACOG quotes:
At a price of more than $1.7 million per robot, $125,000 in annual maintenance costs, and up to $2,000 per surgery for the cost of single-use instruments, robotic surgery is the most expensive approach. A recent Journal of the American Medical Association study found that the percentage of hysterectomies performed robotically has jumped from less than 0.5% to nearly 10% over the past three years. A study of over 264,000 hysterectomy patients in 441 hospitals also found that robotics added an average of $2,000 per procedure without any demonstrable benefit...an estimated $960 million to $1.9 billion will be added to the health care system if robotic surgery is used for all hysterectomies each year.
Between the medical questions and the growing number of lawsuits, Intuitive is under pressure, the kind of pressure that should, I believe, influence the way you interpret what people say about robotic surgery. Is the hospital pushing it on you? Is the hospital pushing it on the surgeon? Is the hospital skimping on robotic training, given the manufacturer's claim that surgeons are ready after two or three operations? Is the motive to achieve the best healthcare for you or is the motive a need to pay back the huge investment in hardware and supplies and maintenance contracts? Are doctors and hospital administrators being plied with luxury vacations and other perks to encourage them to use the robot more often in a wider range of procedures, including yours?

Those questions are currently more pressing than the need to analyze the da Vinci system's coding and connectivity. So far, I have found no indications that the system has been hacked and it does not appear to be connected to any networks. But that may change as the pressure to perform remote robotic surgery grows, powered by the perception that this can expand healthcare delivery at lower costs than training more surgeons. Already we see FDA approval for passive telemedicine robots. The term telesurgery has been coined and tests of procedures performed over the Internet are under way.

What's next for robotic risks?

In my next post I will break down the technical risk factors in more detail. These include analog issues, like build quality (here is a self-reported problem with da Vinci hardware that can cause burns), and also logical issues, like the security of device programming.

I leave you now with a link to the AJOG report "The commercialization of robotic surgery: unsubstantiated marketing of gynecologic surgery by hospitals," and a link to a report that really rips into Intuitive. The author quotes a lot of sources that appear to check out. After reading it you are likely to question whether or not robotic surgery is right for you. As of now, I am going to ask my surgeon to take a more hands on approach.