Moderator: Jorge Acevedo Canabal, MD

Panel: Scott Shackleford, JD and Joseph Davis, MSFT

BIO

Professor Scott J. Shackelford is a Professor of Business Law and Ethics at the Indiana University Kelley School of Business. He serves as Executive Director of both the Center for Applied Cybersecurity Research and the Ostrom Workshop, and is an Affiliated Scholar at Harvard’s Belfer Center and Stanford’s Center for Internet and Society.

He has authored over 100 publications and his work has been featured in outlets such as Politico, NPR, CNN, Forbes, Time, The Washington Post, and LA Times. His books include The Internet of Things (OUP), Governing New Frontiers in the Information Age, and Cyber Peace (Cambridge).

Professor Shackelford’s research and teaching have earned him fellowships at Harvard, Stanford, and Notre Dame, as well as awards including IU’s Outstanding Junior Faculty Award and Poets & Quants' 40-Under-40 MBA Professors.

ABSTRACT

As cyberattacks continue to increase in the healthcare sector, the full scope of human harm they cause often remains understudied. By comparing lessons learned and guidelines developed as part of public health responses to natural disasters, to current practices in response to cyberattacks in multiple healthcare scenarios, our panel will discuss current gaps in research and practice, and propose ways forward that can improve not only scoping of a cyber-incident's effects on human lives, but by doing so, enable preventive and mitigating measures to improve patient safety, especially for patients who would be most vulnerable to care complications and poor outcomes. Using a multi-disciplinary approach, we aim to illuminate the hidden harm of ransomware-locked hospitals, corrupted labs, and tampered medical devices. This session convenes clinicians, policy scholars, and security engineers to map a practical path from lessons learned in hurricane response to a cyber-mortality tracking framework. Our panel aims to dissect the scope of human harm during downtime events, address governance, liability, and data-sharing challenges, and outline how rigorous documentation could sharpen incident-response playbooks and protect rural and other high-risk populations. Join our panel discussion to learn more about how to transform silent failures into actionable data towards a framework for reporting cyber-mediated patient harm.