Presented at
Black Hat USA 2020 Virtual,
Aug. 5, 2020, 1:30 p.m.
(40 minutes)
<p>Healthcare security teams are in a tough spot. While the provider industry is taking security seriously, they are at the mercy of the software vendors who provide the healthcare organizations with the data delivery, processing and storage solutions that are critical to delivering patient care and keeping patient data secure. Given the reliance on these systems, it begs the question – how secure are these solutions?</p><p>Seth Fogie has spent the last 10+ years in the trenches of the healthcare industry and has seen the good, bad and ugly of what is being provided to your providers. As an insider, Seth has experienced the unique tension healthcare security teams face as they work to securely implement these solutions, and will share some of what has been found.</p><p>The core of this presentation will focus on vulnerabilities and design issues within healthcare solutions. As we will illustrate through the dissection of numerous clinical focused systems, including radiology reading, EMR downtime, patient entertainment, pharmacy distribution, nurse communication, M&A EMR, clinical documentation and temperature monitoring systems, the prognosis doesn’t look good. Unfortunately, it is our experience that there are few solutions within the hospital enterprise that do not have issues.</p><p>The goal for this public 'biopsy'? The healthcare security community needs help increasing the pressure to ensure all of our data is safe from poorly designed and developed vendor solutions. While we can't play the name and shame game for a number of reasons, we want to increase awareness through numerous technical illustrations and ask for your help in increasing scrutiny on all healthcare solutions. This isn't just an application security problem – it is all our healthcare data at risk and this audience is positioned in a unique spot to help.</p>
Presenters:
-
Seth Fogie
- Information Security Director, Penn Medicine
<span>Seth Fogie serves as the Information Security Director at Penn Medicine where he is a member of the leadership team helping to build and maintain a world class security program for the enterprise. In Seth's 20 + years of experience in the field of security, he has also led a security software development company, served as CTO for a development firm focused on the creation of educational environments for hands-on security exercises, and has authored numerous books/articles on information security related subjects. In addition to Seth's current role at Penn Medicine, he also enjoys opportunities to perform security research and testing, helping numerous healthcare vendors remediate and correct security deficiencies, making the healthcare industry safer for all!</span>
Links:
Similar Presentations: