Patients at Risk, Ransomwares Infecting Healthcare

Presented at ToorCon San Diego 18 (2016), Oct. 15, 2016, 2 p.m. (50 minutes)

On one good side, the advanced encryption algorithms are getting utilized to protect sensitive healthcare information and on the other dark side, they are also being used by malicious attackers to conduct pernicious activities on healthcare systems. In the last 5 years, cyber-crime has gone wiser. Rather stealing sensitive healthcare data or robbing a bank, why not get the hospitals or banks to send their funds to access their own data? This paper will talk about the ransomware attacks mainly with regards to hospitals infrastructure. It will start with medical systems internals, communication protocols in hospital infrastructure and will provide analysis on why hospitals are soft target for ransomwares? How hospital infrastructure easily allow to infect by ransomware? And the ways to protect Hospital infrastructure. This paper will enlighten the patients’ safety considering ransomwares attacks.

Presenters:

• Swaroop Yermalkar
  Swaroop Yermalkar is a cybersecurity enthusiast who works as Senior Security Engineer at Philips Healthcare on securing medical devices, mobile apps, hardened systems, web services, and healthcare infrastructure. He is the author of popular iOS security book ‘Learning iOS Penetration Testing’, Packt Publishing and also one of the top mobile security researchers worldwide, working with Synack, Inc. He also gives talks and training on wireless pentesting and mobile app pentesting at various security conferences such as Hacks in Taiwan (HITCON), EuropeanSec, GroundZero, c0c0n, 0×90, DefconLucknow, and GNUnify. He has been acknowledged by Microsoft, Amazon, eBay, Etsy, Dropbox, Evernote, Simple banking, iFixit, and many more for reporting high-severity security issues in their mobile apps. He is an active member of NULL, an open security community in India, and is a contributor to the regular meetups and Humla sessions at the Pune chapter. He holds various information security certifications, such as OSCP, SLAE, SMFE, SWSE, CEH, and CHFI. He has written articles for clubHACK magazine and also authored a book, An Ethical Guide to Wi-Fi Hacking and Security.

Similar Presentations:

• Black Hat USA 2020 Virtual / Healthscare – An Insider's Biopsy of Healthcare Application Security
• Black Hat USA 2021 / A Hole in the Tube: Uncovering Vulnerabilities in Critical Infrastructure of Healthcare Facilities
• BSidesLV 2019 / Real World Security in a Clinical Healthcare Environment: Hacking a Hospital