D0 N0 H4RM: A Healthcare Security Conversation

Presented at DEF CON 29 (2021), Aug. 6, 2021, 5 p.m. (105 minutes)

Mired in the hell of a global pandemic, hospital capacity stressed to its limit, doctors and nurses overworked and exhausted... surely the baddies would cut us a little slack and leave little 'ol healthcare alone for a bit, right? Well, raise your hand if you saw this one coming. Another year of rampaging ransomware, of pwned patient care- only this time backdropped by the raging dumpster fire that is COVID. Can we once and for all dispel with the Pollyannas telling us that nobody would knowingly seek to harm patients? And if we can't convince the powers that be- whether in the hospital C-suite or in DC- that we need to take this $%& seriously now, then what hope do we have for pushing patient safety to the forefront when things return to some semblance of normal? With a heavily curated panel including policy badasses, elite hackers, and seasoned clinicians - D0 N0 H4RM remains the preeminent forum where insight from experts collide with the ingenuity and imagination of the DEF CON grassroots to inspire activism and collaboration stretching far beyond closing ceremonies. Moderated by physician hackers quaddi and r3plicant, this perennially packed event always fills up fast - so make sure you join us. As always- the most important voice is yours.

Presenters:

• Jeff Tully MD / r3plicant - Anesthesiologist at The University of California San Diego   as Jeff "r3plicant" Tully MD
• Christian Dameff MD MS / quaddi - Physician & Medical Director of Cyber Security at The University of California San Diego   as Christian "quaddi" Dameff MD
• Stephanie Domas - Director of Cybersecurity Strategy and Communications at Intel
  Stephanie Domas is the Director of Cybersecurity Strategy and Communications at Intel. Here, she leads development of complex security strategies for the critical role that hardware and firmware security play in the digital ecosystem. Prior to Intel, Stephanie was spent 8 years focused on medical device cybersecurity, consulting with a broad range of manufacturers from the newest startups to the industry giants. She is the founder and lead trainer for cybersecurity training company DazzleCatDuo. Her past experience includes 10 years of reverse engineering and vulnerability analysis research as a defense contractor. Stephanie is a recognized expert on embedded systems, healthcare and medical device security, a seasoned executive, a prominent consultant, a passionate educator, and x86 enthusiast.
• Gabrielle Hempel - Cloud Security Engineer/Medical Security Researcher
  I am a graduate of the University of Cincinnati, where I studied Neuroscience and Psychology with a minor in Criminal Justice. I started out at an institutional review board in regulatory pharmaceutical and medical device compliance, and led specialized committees targeting Phase I research and emergency research. I moved to IT consulting in 2018, and currently work as a Security Engineer in healthcare while pursuing an MS in Global Security, Conflict, and Cybercrime at NYU. I continue to serve as a genetic scientist for NIH-regulated recombinant genetic studies, and sit on multiple advisory boards. My continued areas of focus include medical device security, connected healthcare security, and the intersections of the healthcare and information security industries. @gabsmashh
• Joshua Corman - Chief Strategist for CISA, Founder of I am The Cavalry   as Josh Corman
  Joshua Corman is a Founder of I am The Cavalry (dot org), and serves as Chief Strategist for CISA regarding COVID, healthcare, and public safety. He previously served as CSO for PTC, Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, and other senior roles. He co-founded RuggedSoftware and IamTheCavalry to encourage new security approaches in response to the world's increasing dependence on digital infrastructure. His unique approach to security in the context of human factors, adversary motivations, and social impact has helped position him as one of the most trusted names in security. He also serves as an Adjunct Faculty for Carnegie Mellon's Heinz College, and was a member of the Congressional Task Force for Healthcare Industry Cybersecurity.NOTE: My CISA Emergency CARES Act Service may extend/change after July 15. @joshcorman
• Jessica Wilkerson - Cyber Policy Advisor at the US Food and Drug Administration FDA
  Jessica Wilkerson is a Cyber Policy Advisor with the All Hazards Readiness, Response, and Cybersecurity (ARC) team in the Center for Devices and Radiological Health (CDRH) within the Food and Drug Administration (FDA). As part of ARC, she examines issues and develops policy related to the safety and effectiveness of connected medical devices. She received a B.A. in Policy Studies and minors in Computer Science and Mathematics from Syracuse University, and is currently pursuing a J.D. from the Catholic University of America's Columbus School of Law.

Links:

• https://defcon.org/html/defcon-29/dc-29-speakers.html#policy-donoharm
• https://infocon.org/cons/DEF CON/DEF CON 29/DEF CON 29 video and slides/DEF CON 29 - Christian Dameff, Jeff Tully, Panel - Do No Harm A Healthcare Security Conversation - Live.mp4
• https://infocon.org/cons/DEF CON/DEF CON 29/DEF CON 29 video and slides/DEF CON 29 - Christian quaddi Dameff MD, Jeff r3plicant Tully MD, Jessica Wilkerson, Josh Corman - Do No harm - Health Panel.mp4

Similar Presentations:

• DEF CON 30 (2022) / D0 N0 H4RM: A Healthcare Security Conversation (Lounge)
• DEF CON 25 (2017) / D0 No H4RM: A Healthcare Security Conversation
• DEF CON 28 (2020) Virtual / D0 N0 H4RM: A Healthcare Security Conversation