Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives

The presentation discusses the vulnerability of healthcare cybersecurity and the potential for integrity attacks to harm patients. The speaker emphasizes the need for secure network deployment and collaboration between hospitals, device manufacturers, and policy makers to address the issue.

• Healthcare cybersecurity is vulnerable, with hospitals experiencing breaches and patient records being leaked despite efforts to secure them
• Ransomware attacks on hospitals can act as availability attacks, impacting the care of patients with serious medical conditions
• Integrity attacks, which involve maliciously changing data, can alter clinical decision making and harm patients
• Secure network deployment and collaboration between hospitals, device manufacturers, and policy makers are necessary to address the issue

The speaker shares a story of how an integrity attack involving the injection of false laboratory results led to a misdiagnosis of diabetic ketoacidosis and the administration of insulin to a patient who did not need it, resulting in a cardiac arrest.

Healthcare infosec is in critical condition- too few bodies, underfunded to a fault, and limping along on legacy systems stuffed with vulnerabilities. From exploited insulin/medication pumps to broken pacemakers, no implantable or medical device is safe. But there’s an even bigger risk on the horizon.WannaCry was a wake-up- when you knock out systems that enable a hospital to care for patients, you start knocking out patients. Hospitals are no longer secure by virtue of being obscure- connected infrastructure means vulnerable infrastructure.The HL7 standards comprises the backbone of clinical data transfer used in every hospital around the globe. Frequently implemented as plain text messages sent across flat networks with no authentication or verification, HL7 is both critically ubiquitous and massively unsecured- and thus every lab sample, every medical image, every doctor’s order becomes a potential time bomb.Join Quaddi and r3plicant, hackers who moonlight as physicians, and Maxwell Bland as they explore the myriad of ways in which HL7 attacks can be used to subvert the implicit trust doctors place in this infrastructure- and just how catastrophic that broken trust can be. Come for the sobering premise, stay for the live HL7 attack demo- but be warned: there will be blood.