Network accessible medical devices are ubiquitous in today’s clinical environment. These devices can be of great aid to healthcare professionals in assessing, treating and monitoring a patient’s condition. However, they can also fall victim to a number of systemic vulnerabilities that can expose personal health information or PHI, compromise the integrity of patient data in transit, and affect the availability of the devices themselves. This talk looks at the methodology and approach to penetration testing of modern medical devices. It will provide an overview of the various stages of a medical device assessment, including discovery and analysis of a device’s remote and local attack surface, reverse engineering and exploitation of proprietary network protocols, vulnerability discovery in network services, compromising supporting systems, attacking common wireless protocols, exploitation of hardware debug interfaces and bus protocols and assessing proprietary wireless technologies. It will also cover a number of real world vulnerabilities that the speaker has discovered during medical device penetration testing assessments. These include weak cryptographic implementations, device impersonation and data manipulation vulnerabilities in proprietary protocols, unauthenticated database interfaces, hardcoded credentials/keys and other sensitive information stored in firmware/binaries and the susceptibility of medical devices to remote denial of service attacks. The talk will conclude with some suggestions on how some of the most common classes of medical device vulnerabilities might be remediated by vendors and also how hospitals and other healthcare providers can defend their medical devices in the meantime.