Hacking a Hospital for Fun and Profit

Explore a comprehensive security assessment of a hospital network in this eye-opening conference talk from HITB2018AMS. Follow two experienced security researchers as they map the entire hospital network, compare findings with IT staff knowledge, and conduct penetration tests on various medical devices and systems. Discover the shocking, funny, and terrifying vulnerabilities found in imaging systems, cardiac pacemakers, electromechanical technology, laboratory equipment, gas and drug delivery systems, surgical instruments, medical monitoring devices, doctor's applications, internal portals, databases, and more. Learn about potential attack surfaces, including open access points bridged to LAN, "hot" network jacks, and unhardened kiosks. Gain insights into security mechanisms, DICOM protocols, brain surgical navigation systems, portable CT scanners, programmable logic controllers, and ECG/EKG devices with default passwords. Understand the critical importance of cybersecurity in healthcare environments and the potential consequences of inadequate protection.

Intro
MY HOSPITAL
How to get in?
Potential attack surface - Open AP bridged to LAN
Potential attack surface - "Hot" network jacks bridged to LAN
Potential attack surface-unhardened kiosk connected to LAN
Security Mechanisms
We are in... What's next?
Digital Imaging and Communications (DICOM)
Brain surgical navigation system
Portable computed tomography (CT)
Programmable logic controllers (PLC's)
Electrocardiography (ECG/EKG) - default passwords
One month checkpoint, but what have we learn so far?