đď¸ Nina Alli & Dr. Jorge Acevedo Canabal
Talk Title: Cybersecurity Incidents as Secondary Causes of Death: Advocating for Standardized Medical Coding and Training
Abstract
As the adoption of digital technologies in healthcare continues to accelerate, cybersecurity incidents increasingly threaten patient safety by causing direct disruptions to clinical care. Common types of incidents include ransomware attacks, electronic health record (EHR) outages, diagnostic imaging disruptions, and medical device failures. Despite their potential to contribute to patient harm or death, these cybersecurity events are rarely documented as contributing medical factors, limiting our understanding of their true clinical impact.
Accurate characterization and comprehensive reporting of cybersecurity incidents are critical to improving patient outcomes, guiding clinical decision-making, and enhancing healthcare system resilience. Without proper documentation, we lack the data needed to identify at-risk populations, refine emergency responses, and shape policy. This talk explores how frameworks already used in disaster documentationâsuch as ICD-10 coding for natural eventsâcan be adapted for cybersecurity events.
The presenters propose integrating dedicated cybersecurity categories into medical documentation and death certificates, modeled after natural disaster classification systems. This would support more consistent epidemiological tracking, increase transparency, and enable more effective policymaking. They also advocate for targeted training programs for healthcare professionals and international policy action to close the current visibility gap.
Key recommendations include:
- Leveraging emergency response protocols like “Code D.A.R.K” for cyber containment
- Expanding ICD-10 codes to reflect cybersecurity-related patient harm
- Mandating continuing professional education (CPE) for clinicians on cyber incident documentation
- Promoting regulatory protections and international standards for cyber incident reporting
Addressing this gap through coding, training, and policy will improve patient safety, enhance system resilience, and help public health systems adapt to the growing reality of cyber threats in healthcare.
đŠââď¸ Nina Alli
Nina Alli is a cybersecurity and regulatory strategist whose work bridges medical technology, public policy, and grassroots security research. She has been the Executive Director of the Biohacking Village for the past decadeâa pioneering community that explores the intersection of healthcare and cybersecurity through hands-on engagement, open collaboration, and public education.
With over 16 years of experience across biotechnology, biomedical engineering, and security, Nina has focused on modernizing legacy systems in healthcare, enhancing infrastructure, and improving the integration of electronic health records. Her work brings a systems-thinking approach to regulatory cybersecurity, particularly in high-stakes environments where patient care, clinical workflows, and connected devices intersect.
She emphasizes cross-sector collaboration, the advancement of responsible innovation, and building public trust in medical technologiesâespecially where vulnerabilities in connected systems can have human consequences. Through years of involvement in hacker spaces such as DEF CON, she has worked to bridge the cultural and technical gaps between healthcare institutions and security researchers.
đ¨ââď¸ Dr. Jorge Acevedo Canabal
Dr. Jorge Acevedo Canabal is a physician and cybersecurity researcher with a unique background at the intersection of healthcare, public health leadership, and information security. He previously served as Chief Medical Director of the Puerto Rico Public Health Trust, where he led pandemic response programs, telemedicine strategy, and initiatives to protect vulnerable populations.
Dr. Acevedo has contributed to multiple national and regional initiatives in cybersecurity, disaster response, and clinical crisis management. His work across emergent healthcare scenariosâranging from novel pathogens to long-term recovery effortsâhas emphasized the importance of trusted, resilient data systems that protect both patient safety and dignity. His research spans topics such as aging and cognitive decline, social determinants of health, womenâs health, rare genetic conditions, and public health communicationâblended with practical cybersecurity frameworks to secure digital health infrastructure.
He brings a provocative and timely perspective: proposing a framework for attributing cyberattacks as a cause of death. Inspired by the lessons of Hurricane Maria, where systemic failures led to underreported fatalities, Dr. Acevedo explores how cyberattacks that disrupt care, prevent accurate documentation, or degrade critical systems may have fatalâbut unacknowledgedâconsequences. His experience contributed to the development of disaster death certification training, and he now advocates for similar efforts to recognize the real human impact of cybersecurity failures in clinical settings.