GlobalEdgeTalk
GlobalEdgeTalk is a podcast about Global entrepreneurs, executives, and innovators. In our episodes, we will be combining the best of storytelling with the richness of our guests' experiences in business, market-entry, entrepreneurship, and lifestyle. We strive to inspire, empower and transform entrepreneurs, businessmen, business owners, and all involved and determined around the world. Our episodes feature guests with global experiences, from CEOs of Fortune 500 companies to software developers, from healthcare workers to published authors!
GlobalEdgeTalk
Your Insulin Pump Wants A Cybersecurity Update
Healthcare breaches aren’t news anymore—they’re routine. I sat down with IEEE’s Maria Palombini to unpack how connected devices multiply risk, where vulnerabilities hide, and how “security by design” can harden medical tech without slowing innovation. From pharma operations to launching a blockchain media venture to leading healthcare and life sciences at the IEEE Standards Association, Maria brings a rare 360° view of how to build safe, interoperable digital health.
We trace the data journey from a wearable on your wrist through networks and the cloud into hospital systems. Along the way, the usual culprits appear: unpatched software, weak passwords, and products that add security too late. Maria explains how consensus-based standards give manufacturers a blueprint to embed cybersecurity at design, smooth regulatory approval, and cut rework—just as Wi-Fi’s 802.11 standard once unlocked smartphones, telehealth, and remote monitoring.
We also explore how IEEE standards are built: market-driven, inclusive of engineers, clinicians, regulators, and patients. That collaboration strengthens rigor and adoption. Looking toward 2030, Maria sees a more inquisitive, patient-driven system—one that expects connected care to be secure by default and interoperable by design.
If you work on medical devices, compliance, or digital health strategy, this conversation delivers clear, usable insights.
Hi, this is Alex Romanovich and welcome to Global Edge Talk. Today we have a wonderful guest, Maria Palambini of IEEE. Maria, welcome to our studio.
Maria Palombini:Oh, I'm really delighted to be with you. Thank you.
Alex Romanovich:Absolutely. Uh let me make some uh quick introductions first. You're global practice leader for healthcare and life sciences at IEEE, which is a uh famous global standards association, but you're also a disruptive RX Media Founder, which is your startup, and it's been, you know, it's been with you for the past 10 years. So you're in a wonderful intersection of digital health innovations uh standards and interoperability. Also sit on the board, you're a board member of the European Standards for Health Interoperability Alliance, which is a very interesting organization, I guess tying global um and European standards um as well. So welcome to our studio. And uh we would like to ask you some questions if you don't mind.
Maria Palombini:We're very much looking forward to it.
Alex Romanovich:Wonderful, wonderful. So it's a pleasure to have you join us. And the Global Edge Markets is in the partnership with Con V2X, which is a uh a media company and a conference company, and you spend years and years at the uh intersection of healthcare, sciences, and tech standards. How did you come to that? How did you come about to that?
Maria Palombini:So, as anything in life, you kind of just stumble across one thing and lead to another, and that's pretty much how it worked. You know, earlier in my career I did quite a bit of work in the area of pharmaceutical marketing and pharmaceutical operations, more research and that area. And then I took a little tangent away from pharmaceuticals and I started my my own company, Disruptive Arvex Media, which at the time I was really looking at blockchain or distributed ledger technologies. And Disruptive Rvex was like the first media uh information line to really talk about the integration of blockchain into the pharmaceutical value chain pragmatically. And I, because we all know there's hype cycles, right? So we were talking about where it could be best used in there. And then obviously, with the new technologies rapidly following after that, such as artificial intelligence and integration of the Internet of Things and sensors and all that thing, the information started to continue to grow. And then I landed here at the IEEE Standards Association, where it was taking these actually two ideas, right? The merging technologies and obviously the work I had done pharmaceutical research and trying to understand where the world of global technical standards can fit. And I'll be honest with you, I was never a technical standard before person, but now that I have been immersed in this now for a few years, I really understand better how the standards can really accelerate innovation and really give birth to some of the challenges that we're seeing uh with the integration of technologies.
Alex Romanovich:Uh fascinating. But actually, that's not the topic you will be talking about at uh CONV2X. You will be talking about regulatory cybersecurity compliance for medical devices, of all things. So tell us more about that.
Maria Palombini:Okay, so we all know that cybersecurity is a major challenge in our healthcare system. I mean, no matter where you get your statistics from, and you know, like reading the HIPAA journal, there were like there was an average of 1.992 healthcare data breaches reported each day. You know, that's an average of 360,000 plus health records, right? And that and 79% of them were due to hacking incidents. That's just one clip of the statistics. I'm sure you can just do some research and find millions more. But the reality is that healthcare data is very appetizing to breachers. And so this is a life we live in. The integration of a connected healthcare system just really exploited and made that even more appetizing. So the more connected devices we have, the more likely we are to get breached. So this is sort of where we are. And every now everybody's crying, wow, we have a cybersecurity problem. Well, we've had a cybersecurity problem for a long time. But now it's just because it's so explosive, the problem in itself. People want people to react, meaning we want more policy, we need standards, we need manufacturers to this. But it's sort of now we're playing catch up at an unbelievable pace that it's not that easy. And so this is what we're going to be talking about. It's really the session is more about how we integrate technical standards to support the manufacturers and the regulators to sort of streamline the process, right? If we do security by design. So that's what the whole session's about.
Alex Romanovich:Yeah, yeah, absolutely. It is fascinating. And where would you say the greatest vulnerabilities are in this entire ecosystem, if you will, of wearables and IoT devices and medical devices and so forth, and of course, data itself.
Maria Palombini:I mean, there's so many, right? Just think about the data, the data journey, right? Of going from a connected device on or around your body, goes through an aggregator, goes through the internet, goes to a cloud, goes in. I mean, it's just hitting so many points. And every point in that journey is a potential vulnerability. It's a breach. But when we really look at it, there's different places for it, right? So obviously we know that unpatched devices, unpatched software vulnerabilities, and outdated operating systems are the biggest flag, right? Say we have older systems, they're not obviously secured that well, but we still continue to use them. When I say we, I mean as an industry, right? Then we have obviously human error, right? Password. Um you still can't believe it. Weak credentials are a real issue, weak passwords, people leaving them on their desk can be hacked no matter what. We still see this in the healthcare system. And then we have this group area where is lack of security by design. And what I mean by that is essentially how it sounds. When devices are designed, security is not a top priority. What happens is they're trying to retrofit security later, but that's not a perfect fit, right? We're trying to sometimes put a circle in a square or vice versa. And then the reality is that because there's more connected devices, the it's an increased attack surface area. So we're battling many things at once. It's not just, you know, if we could just find the one main source of the problem, we could fix it. So this is sort of the challenge we face as an industry.
Alex Romanovich:How can IEEE as a standards body tackle something like this? And furthermore, uh, how do you balance innovation with regulation? How do you balance innovation with standards? Is there such a thing as a balance between the two?
Maria Palombini:Yeah. So when I mentioned the last two vulnerabilities, the lack of security by design and the increased attack surfaces, this is where global technical standards can have a really positive impact. Uh, and I'm gonna explain one of them, which I am gonna showcase at the um Come2X conference. But it really basically, if you follow the technical standard into the design, right, at that point, you're eliminating one, you're streamlining your potential FDA or wherever regulatory approval you're going. And two, you're actually doing it at the point of design rather than later on. It's very hard to retrofit a product later. It's gonna cost more money, lose more time. If, you know, obviously you're not following cybersecurity requirements and compliance, you're gonna get rejected. I mean, it just has a whole load of things. But from a point of view of, you know, standards, you know, you would think, oh, think about it, standards could take away the problem, right? No longer as a device maker, I have to invest my time, my RD time, my engineers' time to figure out how are we going to best secure this or how are we gonna do enough so that we can achieve compliance. If the standard is designed to pretty much harden the device, you just implement the standard. The code is written for you. So this is an example, right? But I give everybody this example because I also hear this comment all the time that sometimes standards can block innovation. All of us have a smart device, correct? And when we go anywhere in the world, we connect to the Wi-Fi. How do we do that? Like as a consumer, do you do anything other than, you know, go from airplane mode off and on on your phone? That device is following the IEEE 802.11 Wi-Fi standard, which allows any smart device to connect to Wi-Fi anywhere in the world. The code is embedded in the device. So, what I'm saying is that it's seamless to us as users, right? We go ahead and we use a device. Think about it. When we 802.11 was released more than 20 years ago. Look at the amount of innovation that has come after that, right? Think about your smartphones, your iPads, the amount of apps, the ability for us to do connected health care or connected anything, connected vehicles, all these other things. Standards pretty much mitigate the barriers to innovation, right? It's not designed to hold it back. You're supposed to build off of it. And that's really the opportunity here. And if we bring it into healthcare, cybersecurity is one example. If we take out the challenge of cybersecurity, which impacts everybody globally through standards, where can innovation go more? Where can we put that RD more towards the product that can better help patients? Right. And that's the way we have to really embrace standards differently.
Alex Romanovich:Yeah, and it's amazing because IEEE embraces engineers, clinicians, policymakers. How can you educate and train and collaborate with those entities, if you will, or those roles so that, you know, innovators build products with the IEEE standards in mind, or clinicians use it, or at least educate themselves on how they can do, they conduct themselves safely. And policymakers also build that into the laws, into the policies as well.
Maria Palombini:Yeah, it's pretty much, you know, first of all, IEEE's mission is advancing technology for humanity. This is our global mission. This is everything that we do here, whether it's standard development or look into new technologies, it's always at that is at the forefront for us. When we look at the development of standards, first of all, standards are market-driven here at IEEE, which means volunteers come to us and say, look, we think we can address this problem through the development of a technical standard. It's not driven by staff like me and say, oh, this would be a good idea for a standard today. And they come together, but it must be consensus-based. And what I mean by that is it has to reflect the voices of the individuals or the entities that are going to be impacted by the implementation of the standard. So the people you mentioned, clinicians, regulators, patients, hospital systems, you know, the telecom telecommunication networks, whatever it might be as the code of the standard, but those groups have to work together in order for that standard to one, be passed, because we want it to be consensus developed, but two, to also be adopted. If a core group is not included in the development of that standard, they're not informed about it. They don't know about it. So it's less likely for them to adopt it. And then what's the point of the standard if it's not adopted? So the idea is for these groups to work together. And we do have regulators working in our standards working groups for two reasons. One is they're obviously bringing their expertise, whether it's from a regulatory policy perspective, but as well as they get educated in the development of the standard so that when it gets published, they can make the decision on whether they want to require it to be written into policy or they might just recommend it. So, as you know, or they might say we accept it, but again, it's not required into written policy. So regulators can have different ways in which they say how they want to recognize the standard, but they're not required to do so, right? And IEESA is not, we're not in the policy business. We are in the standards development business. And really what we do is educate once the standards are developed, we educate what the standards are about, how they can be adopted, and how it's going to improve the outcome of what the standard was trying to address from the beginning.
Alex Romanovich:Excellent. One of the final questions. Let's fast forward to 2030 or 2035. Let's let's assume that you're a futurist at the moment. What does a secure, interoperable, and standards-based intelligence healthcare environment look like? Tell us.
Maria Palombini:I would like to say first that we don't have a healthcare breach every day, but I don't know, that might be a little too idealistic. I actually believe that it's going to be a little different. I think we're going to go to a more inquisitive healthcare system, right? We are at the dawn of healthcare consumerism, right? For all of us, that means patients are more demanding how they want their healthcare delivered, how they want to access it. We want more hospital at home. And the more we start educating patients about these challenges, like today, patients don't really worry about is my system cybersecure? Is my data going to my electronic health record? Like that's not the norm in patients today, right? We also have generation gaps that also dictate that. But in the next five years, I think it's going to become more and more where patients are going to be demanding these questions. And we might have some more solutions, whether in the form of standards or actually industry develops these solutions, where it's more cybersecurity or maybe more policy requires interoperability between devices and electronic health records and whatever it might be. But I think we're going to move to a system where patients are going to be asking these questions when they being asked to use a device, an insulin pump at home for diabetes. Is it secure? Is the data going back to my electronic? Can I access that data? Like I think we're going to see that trend move forward, which is a good thing, right? Because asking those questions, an empowered patient has more chance of addressing their healthcare challenge than a less empowered patient, meaning having access to the data, having the ability to use it and go and go visit the specialist they need and transact with that data the way they need to do so. So I find that 2030 might be a more inquisitive, patient-driven, inquisitive healthcare system, in my opinion.
Alex Romanovich:Potentially helpful in the sense that, you know, for example, I spent a lot of time in elder care and the mental health, but also helpful to those who are not necessarily able to navigate uh this fairly complex environment or something that could be automated. Uh, maybe it's part of a wearable device, maybe it's part of something that's local and protected. Wouldn't you think, say so?
Maria Palombini:Absolutely. And you know, you hit on a very important point because the aging is the fastest growing population globally. It's outpacing right now, already in 2018, the amount of older people outpaced children under the age of five. So we are going towards a rapidly growing aging population, again, with varying levels of digital literacy, right? Like they some are really digital literature, some are not. And so we're dealing with this connected digital future healthcare system. But the reality is that they're gonna start to ask the right questions too, right? They don't wanna be, they want to have the right to age with dignity at home and not be, you know, constrained to live in an assisted living facility. But that's gonna require them using some of these connected devices in order to like maintain some, you know, quality of life at home. And they're gonna be asking all these questions. Again, this is sort of like we're in a transition, right? We went from a transition of a paper-driven healthcare system, right, to a digital healthcare system. And we still haven't really gotten completely out of the paper healthcare system, right? There's still some doctors who love paper, right? And so they have a transcriber. So we're on that sort of, you know, like sort of that transition. And I think in the next those five years from now, we're gonna see that other transition from the patient being more inquisitive, more demanding, more when it comes to these critical things. And the aging is gonna be at the forefront because the reality is that we have a rapidly growing aging population that we as a healthcare system and as a society, we have to get ready for.
Alex Romanovich:And on that note, Maria, thank you so much for being with us. We're looking forward to seeing you at Conv2X and tuning in into your talk on cybersecurity and healthcare. Thank you so much.
Maria Palombini:Thank you. This has been really fun.