Hacking Medical Devices and Healthcare Infrastructure

Explore the vulnerabilities in healthcare infrastructure and medical devices in this 42-minute conference talk from the Hack In The Box Security Conference. Dive into the HL7 2.x protocol, its significance in healthcare systems, and the potential security risks associated with its implementation. Learn about various attack vectors, including gaining unauthorized access to patient information, altering diagnoses, and manipulating medication orders. Discover techniques for pentesting medical systems running HL7 interfaces, such as EMR software, patient monitors, and X-ray machines. Gain insights into developing effective security test cases for the HL7 2.X protocol and understand the precautions necessary when assessing healthcare infrastructure. Benefit from the speaker's experience in healthcare security and previous presentations at major cybersecurity conferences.

SPEAKER BIO
#whoami
Agenda
Securing hospitals
Understanding medical devices
HL7 - Health Level 7
In a nutshell
HL 72.x crash course
ADT - Admit Discharge and Transfer
ADT - Potential Entry Points
ORM - Order message
ORM - Potential Entry points
ORU - Observation Result
RDE - Pharmacy order message
MDM - Medical Document Management
DFT - Detail Financial Transaction
Recon
Message source not validated
Unvalidated size
Bad server attacks
Denial of service
Abusing file upload / download functionality