Anatomy of a Medical Device Hack- Doctors vs. Hackers in a Clinical Simulation Cage Match

Presented at DerbyCon 7.0 Legacy (2017), Sept. 23, 2017, 6 p.m. (50 minutes)

"In the near future, a crisis unfolds at a hospital: patients on automated drug infusion machines overdose, hacked insulin pumps lead to car crashes, and internal defibrillators flatline weakened hearts. Clinical staff are unprepared and ill equipped to treat these complications, as they are all unaware of the true culprits behind the crisis. A state of emergency is declared, the public demands answers, and policymakers scramble to preserve national trust. This was the scenario that played out in first-of-their-kind clinical simulations carried out in June, and the results were scary yet unsurprising: health care cybersecurity is in critical condition. It’s been a long four years since the guiding ideals and message of The Cavalry was tempered from the forge that was the first Hacker Constitutional Congress (hosted in these very halls at DerbyCon 3). The battle continues to ensure that technologies capable of impacting public safety and human life remain worthy of our trust, and no battlefield looms larger than the healthcare space. Despite important steps toward change- from the Hippocratic Oath for Connected Medical Devices to the just-published Health Care Industry Cybersecurity Task Force Report- recent events remind us that the dual pillars of healthcare technology- patient facing medical devices and the infrastructure that supports clinical practice- remain as vulnerable and exposed as ever. Join Josh Corman and Beau Woods of I am The Cavalry as they team up with Christian Dameff, MD, and Jeff Tully, MD- two “white coat hackers” working to save patient lives at the bedside- to share lessons learned from the world’s first ever clinical simulations of patients threatened by hacked medical devices. By bringing the technical work done by security researchers you know and love to life and demonstrating the profound impact to patient physiology from compromised devices, these life-like simulations provide a powerful avenue to engage with stakeholder groups including clinicians and policymakers, and may represent the new standard for hackers looking to demonstrate the true impact and importance of their biomedical work." Joshua Corman is the director of the Cyber Statecraft Initiative at the Atlantic Council’s Brent Scowcroft Center and a founder of I am The Cavalry (dot org). Corman previously served as CTO for Sonatype, director of security intelligence for Akamai, and in senior research and strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Josh’s unique approach to security in the context of human factors, adversary motivations, and social impact has helped position him as one of the most trusted names in security. He recently served on the 2016 HHS Cybersecurity Task Force and is a co-founder of the CyberMed Summit, a first of its kind event featuring the world’s first ever clinical simulations of patients threatened by hacked medical devices. Christian Dameff MD, MS is an emergency medicine physician, hacker, and researcher. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization. Security research topics include hacking critical healthcare infrastructure and medical devices. Together with his research partner Dr. Jeff Tully, Christian developed the world’s first ever clinical simulations of patients threatened by hacked medical devices. Jeff Tully MD is an anesthesiologist, pediatrician, and researcher with an interest in understanding the ever-growing intersections between health care and technology. Prior to medical school he worked on “hacking” the genetic code of Salmonella bacteria to create anti-cancer tools, and throughout medical training has remained involved in the conversations and projects that will secure healthcare and protect patients as we face a brave new world of remote care, implantable medical devices, and biohacking. Together with his research partner Dr. Christian Dameff, Jeff developed the world’s first ever clinical simulations of patients threatened by hacked medical devices. Beau Woods is the deputy director of the Cyber Statecraft Initiative at the Atlantic Council’s Brent Scowcroft Center, as well as a key member of the I Am the Cavalry initiative. He is also a co-founder of the CyberMed Summit, a first of its kind event featuring the world’s first ever clinical simulations of patients threatened by hacked medical devices. Beau started his career working at a regional health provider, protecting patients by defending medical data and devices. His focus is on the intersection of cybersecurity and the human condition, primarily around Cyber Safety. Joshua Corman- @joshcorman Christian Dameff- @cdameffmd Jeff Tully- @jefftullymd Beau Woods- @beauwoods

Presenters:

Links:

Similar Presentations: