Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives

Black Hat USA 2018

Presented by: Maxwell Bland, Christian Dameff (Quaddi), Jeff Tully (R3plicant)
Date: Thursday August 09, 2018
Time: 11:00 - 11:50
Location: Tradewinds EF

Healthcare infosec is in critical condition- too few bodies, underfunded to a fault, and limping along on legacy systems stuffed with vulnerabilities. From exploited insulin/medication pumps to broken pacemakers, no implantable or medical device is safe. But there's an even bigger risk on the horizon.

WannaCry was a wake-up- when you knock out systems that enable a hospital to care for patients, you start knocking out patients. Hospitals are no longer secure by virtue of being obscure- connected infrastructure means vulnerable infrastructure.

The HL7 standards comprises the backbone of clinical data transfer used in every hospital around the globe. Frequently implemented as plain text messages sent across flat networks with no authentication or verification, HL7 is both critically ubiquitous and massively unsecured- and thus every lab sample, every medical image, every doctor's order becomes a potential time bomb.

Join Quaddi and r3plicant, hackers who moonlight as physicians, and Maxwell Bland as they explore the myriad of ways in which HL7 attacks can be used to subvert the implicit trust doctors place in this infrastructure- and just how catastrophic that broken trust can be. Come for the sobering premise, stay for the live HL7 attack demo- but be warned: there will be blood.

Jeff Tully

Jeff (r3plicant) Tully, MD is an anesthesiologist, pediatrician, and researcher with an interest in understanding the ever-growing intersections between healthcare and technology. Prior to medical school he worked on "hacking" the genetic code of Salmonella bacteria to create anti-cancer tools, and throughout medical training has remained involved in the conversations and projects that will secure healthcare and protect our patients as we face a brave new world of remote care, implantable medical devices, and biohacking.

Christian Dameff

Dr. Christian "quaddi" Dameff is an Emergency Medicine physician and researcher. He is currently a Clinical Informatics fellow at the University of California, San Diego. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization. Dr. Dameff is also a hacker and security researcher interested in the intersection of healthcare, patient safety, and security. He has spoken at some of the world's most prominent hacker forums including DEF CON, Derbycon, BSides: Las Vegas, RSA, and is one of the co-founders of the CyberMed Summit, a novel multidisciplinary conference with emphasis on medical device and infrastructure cyber security. Published security topics include hacking 911 systems, clinical simulations involving vulnerable medical devices, and malware's effects on patient care.

Maxwell Bland

Maxwell Bland is a graduate student and researcher in the Systems and Networking group at the University of California, San Diego. His work focuses on the detection of anomalous devices in noisy environments, firmware analysis/reverse engineering of embedded devices, and the use of network protocols in the security of distributed systems.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats