Conference:  Defcon 31

Authors: Christian “quaddi” Dameff MD Physician & Medical Director of Cyber Security at The University of California San Diego, Jacqueline Burgette, DMD, PhD White House Fellow in The Office of National Cyber Director (ONCD), Jeff “r3plicant” Tully MD Anesthesiologist at The University of California San Diego, Nitin Natarajan Deputy Director for the Cybersecurity and Infrastructure Security Agency (CISA), Senator Mark Warner Virginia Senator and Chair of the US Cybersecurity Caucus, Suzanne Schwartz MD Director of the Office of Strategic Partnerships and Technology Innovation (FDA)

2023-08-01

In 2016 a bunch of hackers took a break from DEF CON festivities to gather in a hotel room with a bathtub full of beer and talk about shared interests in a brave new world of connected healthcare. Trailblazers were popping pacemakers and pharmaceutical pumps, and we worried that instead of embracing such efforts as opportunities to make tech safer for patients, folks in charge would repeat mistakes of the past and double down on the status quo. Fast forward to the 2022 passage of the Omnibus spending bill- the FDA is now locked and loaded with expanded authority to regulate cybersecurity requirements for medical devices. What changed? *Keanu voice:* “Policy. Lots of Policy.” Turns out when we get in with the right people, hackers can help get things done. This is the core of Policy @ DEF CON. Challenges persist. We now have threats from state actors and ransomware blasts delaying lifesaving medical care while costing hospitals hundreds of millions of dollars they don’t have (been in an ER lately?). So once again, come join quaddi and r3plicant, your favorite ripper docs, for another round of D0 No H4rm- this time with special guests from Congress, FDA, and the White House as we figure out what policy patches have the best chance to save lives. It starts here, in rooms like this, with hackers like you. And it ends with us changing the world.

Conference:  Defcon 31

Authors: Katie Inns Security Consultant, WithSecure

2023-08-01

In recent years, the use of internet-connected devices has become more prevalent in the healthcare sector, particularly as a means to communicate patient data. Therefore, it is essential that security testing is carried out against these devices to identify misconfigurations that could cause a severe impact, such as the prescription of incorrect drugs. Modern healthcare protocols such as FHIR (Fast Healthcare Interoperability Resources) use the HTTP protocol to communicate, making security testing relatively straightforward. However, the use of older protocols such as HL7 (Health Level Seven) is more widespread across medical devices in the industry. These protocols are bespoke and difficult to read or intercept using current commercial and open-source security tooling, making testing of these devices challenging and cumbersome. To address this challenge, I have developed a tool (HL7Magic) to provide security testers with an easier method of intercepting and changing HL7 messages sent to and from medical devices. This tool was created for the purpose of being integrated into Burp Suite as an extension, although it can exist independently. After talking about how the HL7Magic was created, I will give a short demonstration using the tool for security research purpose or to identify existing CVE’s across your estate. HL7Magic will be open sourced and collaborations to improve it further will be welcomed.

Conference:  Transform X 2022

Authors: Jason Matheny, Alexandr Wang

2022-10-19

Learn how Dr. Jason Matheny, CEO of the RAND Coporation, and his team of researchers seek to make the world safer and more secure, healthier and more prosperous providing insights on advanced technology to policymakers. Dr. Matheny will sit down with Scale CEO and Co-Founder Alexandr Wang to discuss many of the urgent challenges facing AI, healthcare, and public policy today. They discuss advances in synthetic biology and AI, including DeepMind's AlphaFold, have an enormous upside potential for medicine, but also pose a threat because it makes this technology more available for bad actors. Dr. Methany will also cover large language models and code generation tools, and how they will make developers and governments more efficient and more capable. He will also talk about whether AI’s offensive or defensive capabilities are more advantageous, and why public sector adoption of machine learning capabilities is so important. Other topics he will cover include how to ensure the US is a desirable destination for STEM talent including AI researchers, and how private sector technologists can provide value to policymakers to better understand technology and make more informed policy decisions. Dr. Matheny has served as Deputy Director of National Security, in other senior roles in the security field, and in various capacities in the healthcare industry.

Conference:  Transform X 2022

Authors: Nathan Silberman

2022-10-19

Interpretation of pathology slides is a crucial part of diagnosing disease and an increasingly important part of drug discovery and drug development pipelines. The massive and ever-growing volume of data being produced for each of these areas has led to increased interest in harnessing machine learning in order to produce new biological insights, discover novel biomarkers, steer patient selection for clinical trials, and improve diagnostic accuracy. Effectively training and deploying computer vision models to interpret pathology images must overcome a massive hurdle: pathology slides are typically 100,000 x 100,000 pixels each, many orders of magnitude larger than is typical in computer vision pipelines. However, a number of approaches have been developed over the last few years which have made automatic interpretation of pathology slides not just feasible but a valuable tool used by many healthcare companies around the world. ML Executive; Formerly, VP of AI at PathAI, Butterfly, Nathan Silberman walks attendees through a number of these novel and creative approaches.