This research results from our assessment of numerous healthcare related facilities and several medical devices and health applications that remote or local adversaries could target in an attempt to compromise patient health. Through extensive analysis of these facilities, devices, and applications, we identified dozens of critical security pitfalls that endangered the integrity of hospital networks, patient medical records, and most importantly, patient health.
Our technical research efforts focused on the identification and exploitation of fundamental security misconfigurations and implementation flaws (i.e., zero-day software vulnerabilities) that could ultimately result in the harm or death of hospital patients. Our research demonstrated that a variety of deadly remote attacks were possible within a hospital, and is substantiated through successful execution of these attacks and the cooperation of 12 healthcare facilities.
The predominant focus of this presentation is the technical "know how". In other words, we will be defining and dissecting various technical attack anatomies that real world threat actors could execute in order to compromise patient health. During the dissection of each unique attack anatomy, we will be discussing and demonstrating the exploitation of numerous security pitfalls (i.e., software vulnerabilities, infrastructure misconfigurations, and human factors).
By the end of this briefing, the weaknesses of hospitals will be made abundantly clear, and attendees will understand how malicious threat actors can exploit them to induce harm to patients.
Jacob Holcomb works as a Security Analyst for Independent Security Evaluators. At ISE, Jacob works on projects that involve penetration testing, application security, network security, and exploit research and development. Jacob has been the principal researcher on several pieces of ISE research, including the landmark publication SOHOpelessly Broken, which discovered over 50 new 0-day vulnerabilities in network routers and served as the foundation for the first-ever router hacking contest at DEFCON. Jacob is a highly regarded speaker, presenting at security conferences such as BlackHat USA, BlackHat Europe, DEFCON, DerbyCon, BSidesDC, and many others. In addition to projects at work, coding, and his favorite pastime of EIP hunting, Jacob loves to hack his way through the interwebz and has responsibly disclosed dozens of 0-day vulnerabilities in commercial products and services.