cybersecurity and biomedical technology research for healthcare
Hippocratic Oath for Hackers
Overview
As a professional hacker dedicated to the advancement of cybersecurity and the protection of human life, I solemnly pledge to uphold the highest standards of ethical conduct and legal compliance in all my actions. This oath is guided by internationally recognized principles, legal frameworks, and industry best practices to ensure the protection of privacy, security, and the public good. I commit to fostering a collaborative environment that prioritizes patient safety, trustworthiness of medical devices, and the integrity of personal health and wellness technologies.
​
1. Protection of Privacy and Personal Data
I commit to safeguarding privacy and personal data in strict accordance with the highest ethical and legal standards, recognizing and respecting the dignity and rights of individuals.
-
Compliance with Local Privacy Laws: I shall adhere rigorously to the relevant privacy laws of the jurisdictions in which I operate, such as the Act on the Protection of Personal Information (APPI) in Japan, the General Data Protection Regulation (GDPR) in the European Union, and other applicable national data protection laws, ensuring the ethical handling, processing, and storage of all personal and health-related data.
-
Adherence to Global Data Protection Standards: I will comply with international data protection frameworks and best practices, maintaining the security and confidentiality of personal information across global borders.
​
2. Upholding System Security and Integrity
I pledge to maintain the security and integrity of information systems, particularly those impacting healthcare and critical infrastructure, ensuring their resilience and safety.
-
Compliance with Cybersecurity Legislation: I will follow the cybersecurity laws and regulations of the countries in which I operate, such as the Basic Act on Cybersecurity (Japan, 2015), the Cybersecurity Information Sharing Act (CISA) (US), and other relevant national cybersecurity laws, supporting the robustness and reliability of critical systems.
-
Aligning with International Standards: My actions shall align with international cybersecurity standards, including ISO/IEC 27001 for information security management, to responsibly mitigate risks to the confidentiality, integrity, and availability of information.
​
3. Responsible Disclosure of Vulnerabilities
I vow to respect and adhere to responsible disclosure protocols when identifying system vulnerabilities, in compliance with both local and international regulations.
-
Mandate to Report Vulnerabilities: I am committed to reporting identified vulnerabilities to the appropriate manufacturers or stakeholders in an open and timely fashion, following the legal requirements of the respective jurisdictions.
-
Compliance with Ethical Norms: I will ensure that all disclosures comply with the ethical norms and legal requirements stipulated by relevant laws, promoting societal harmony and collaborating effectively with authorities and manufacturers.
-
Adhering to International Frameworks: In my international endeavors, I will adhere to frameworks such as the Budapest Convention on Cybercrime, ensuring my actions conform to global legal standards designed to combat cybercrime.
​
4. Safety and Security of Medical Devices and Healthcare IT Systems
I commit to ensuring the safety and security of medical devices and IT systems within healthcare environments, prioritizing patient safety and national security.
-
Compliance with Medical IT Standards: I will comply with ISO/IEC 80001 standards for risk management in medical IT networks, ensuring that vulnerabilities in medical devices are responsibly disclosed and resolved to protect patients and healthcare infrastructure.
-
Collaborative Risk Management: I will engage constructively with manufacturers, healthcare institutions, and collaborative environments such as the Biohacking Village: Device Lab, to manage risks effectively and safeguard all connected medical systems.
5. Protection of Sensitive Data
I prioritize the protection of sensitive data in all my actions, upholding globally recognized privacy standards and legal requirements.
-
Implementing Privacy Information Management: I will follow the guidelines of ISO/IEC 27701 for privacy information management, ensuring that all personal and sensitive data handled during cybersecurity activities are treated with utmost respect for privacy and confidentiality.
-
Ensuring Transparency and Security: I will ensure that my work meets international standards for personal data protection, providing transparency and security in all my professional actions.
​
6. Advancement of Global Cybersecurity and Public Welfare
I dedicate myself to the advancement of global cybersecurity, contributing to the protection of public health, national security, and societal stability.
-
Collaborative Efforts for a Safer Digital World: I will collaborate with other professionals and organizations in accordance with international best practices and the pursuit of a safer digital world, adhering to the principles outlined in frameworks like the Budapest Convention, ISO/IEC standards, and relevant national cybersecurity regulations.
-
Engagement with Biohacking Village: Device Lab: I will actively participate in initiatives like the Biohacking Village: Device Lab, fostering a high-trust, high-collaboration environment among medical device makers, security researchers, caregivers, and other stakeholders committed to the best interests of patients.
​
Conclusion
By taking this oath, I affirm my commitment to ethical hacking practices, legal compliance across jurisdictions, and the continual protection of privacy, security, and the public good. I pledge to act in the best interest of patients, ensuring that vulnerabilities are disclosed responsibly and in good faith to preserve human life, patient safety, and the trustworthiness of medical and personal health devices.
References
-
Act on the Protection of Personal Information (APPI):
-
Government of Japan, Ministry of Internal Affairs and Communications. Act on the Protection of Personal Information (APPI). 2003, amended 2020. https://www.ppc.go.jp/en/legal/acts/
-
-
General Data Protection Regulation (GDPR):
-
European Union. Regulation (EU) 2016/679 - General Data Protection Regulation (GDPR). 2016. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679
-
-
Basic Act on Cybersecurity (Japan, 2015):
-
Government of Japan, Ministry of Internal Affairs and Communications. Basic Act on Cybersecurity. 2015. https://www.soumu.go.jp/main_sosiki/joho_tsusin/eng/laws/eng/cybersecurity.html
-
-
Cybersecurity Information Sharing Act (CISA) (US):
-
U.S. Congress. Cybersecurity Information Sharing Act of 2015. 2015. https://www.congress.gov/bill/114th-congress/senate-bill/754
-
-
Cybersecurity Management Guidelines (METI):
-
Ministry of Economy, Trade, and Industry (METI). Cybersecurity Management Guidelines. 2017. https://www.meti.go.jp/policy/netsecurity/
-
-
ISO/IEC 27001 - Information Security Management:
-
International Organization for Standardization. ISO/IEC 27001:2013 - Information Security Management. 2013. https://www.iso.org/standard/54534.html
-
-
Budapest Convention on Cybercrime:
-
Council of Europe. Convention on Cybercrime (Budapest Convention). 2001. https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185
-
-
ISO/IEC 80001 - Risk Management for Medical IT Networks:
-
International Organization for Standardization. ISO/IEC 80001-1:2010 - Application of Risk Management for IT Networks Incorporating Medical Devices. 2010. https://www.iso.org/standard/44863.html
-
-
ISO/IEC 27701 - Privacy Information Management:
-
International Organization for Standardization. ISO/IEC 27701:2019 - Privacy Information Management. 2019. https://www.iso.org/standard/71670.html
-
-
Biohacking Village: Device Lab:
-
Biohacking Village: Device Lab. https://biohackvillage.com/device-lab
-