Healthscare – An Insider's Biopsy of Healthcare Application Security

The presentation discusses the vulnerabilities and design issues within healthcare solutions and the need for increased scrutiny on all healthcare solutions to ensure data safety.

• Healthcare security teams are at the mercy of software vendors who provide critical data delivery, processing, and storage solutions for patient care and data security.
• The presentation focuses on vulnerabilities and design issues within healthcare solutions, including radiology reading, EMR downtime, patient entertainment, pharmacy distribution, nurse communication, M&A EMR, clinical documentation, and temperature monitoring systems.
• The healthcare security community needs help increasing the pressure to ensure all healthcare data is safe from poorly designed and developed vendor solutions.
• The presentation aims to bring awareness to healthcare security professionals on methods to look for security issues in their own environment, bring attention to vendors on what not to include in their software, and provide insight to the security community on what to look for in healthcare application security.
• The healthcare security team encourages the use of tactics and methods to look through their own security software and share vulnerabilities with organizations like HISAC.
• The healthcare application issue makes it challenging to keep things secure and maintain patient data and privacy security.

The speaker, Seth Fogie, has spent over 10 years in the healthcare industry and has seen the good, bad, and ugly of what is being provided to healthcare providers. He has experienced the unique tension healthcare security teams face as they work to securely implement these solutions. The presentation highlights the need for increased scrutiny on all healthcare solutions to ensure data safety and patient privacy.

Healthcare security teams are in a tough spot. While the provider industry is taking security seriously, they are at the mercy of the software vendors who provide the healthcare organizations with the data delivery, processing and storage solutions that are critical to delivering patient care and keeping patient data secure. Given the reliance on these systems, it begs the question – how secure are these solutions?Seth Fogie has spent the last 10+ years in the trenches of the healthcare industry and has seen the good, bad and ugly of what is being provided to your providers. As an insider, Seth has experienced the unique tension healthcare security teams face as they work to securely implement these solutions, and will share some of what has been found.The core of this presentation will focus on vulnerabilities and design issues within healthcare solutions. As we will illustrate through the dissection of numerous clinical focused systems, including radiology reading, EMR downtime, patient entertainment, pharmacy distribution, nurse communication, M&A EMR, clinical documentation and temperature monitoring systems, the prognosis doesn’t look good. Unfortunately, it is our experience that there are few solutions within the hospital enterprise that do not have issues.The goal for this public 'biopsy'? The healthcare security community needs help increasing the pressure to ensure all of our data is safe from poorly designed and developed vendor solutions. While we can't play the name and shame game for a number of reasons, we want to increase awareness through numerous technical illustrations and ask for your help in increasing scrutiny on all healthcare solutions. This isn't just an application security problem – it is all our healthcare data at risk and this audience is positioned in a unique spot to help.