A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Hacking Humans: Addressing Vulnerabilities in the Advancing Medical Device Landscape - Gabrielle Hempel (Circle City Con 2019 Videos) (Hacking Illustrated Series InfoSec Tutorial Videos)

Hacking Humans: Addressing Vulnerabilities in the Advancing Medical Device Landscape
Gabrielle Hempel

Circle City Con 2019

As technology advances, the health care critical infrastructure sector comprises much of the potential attack surface of the national security landscape. Medical devices are being fitted with “smart” technology in order to better serve patients and stay at the forefront of health technology. However, medical devices that enable connectivity, like all other computer systems, incorporate software that is vulnerable to threats. Medical device recalls increased 126% in the first quarter of 2018, mostly due to software issues and vulnerabilities. Abbott and Bayer, among other medical device companies, had recalls on devices based on weaknesses discovered by both government security entities and academic institutions. These devices, which included pacemakers, infusion pumps, and MRI machines, were found to have vulnerabilities ranging from buffer overflow bugs to the presence of hard-coded credentials that easily lent to unauthorized access of proprietary information. A breach of any one of these devices could compromise data confidentiality, integrity, and availability, as well as patient safety. In order to mitigate these types of vulnerabilities, the FDA has issued a guidance, as well as a vulnerability scoring system, in order to assess impact. This system assesses the attack vector, the complexity, risk and severity of both patient harm and information compromise, and the remediation level. By utilizing a more rigid system along these guidelines, there is hope that the threat of a medical device attack will be diminished. This talk will explore some of the past and current vulnerabilities facing the medical device industry, and the steps that the FDA is taking to mitigate these risks.

Gabrielle E. Hempel, B.A., B.S. Gabrielle is a graduate of the University of Cincinnati, where she studied Neuroscience and Psychology. She worked for Advarra Institutional Review Board in regulatory pharmaceutical and medical device compliance, and led specialized committees targeting Phase I research and emergency research. She moved to IT consulting in 2018, and currently works as an Information Security Analyst with Accenture while pursuing a certificate in Advanced Computer Security at Stanford. She serves as a mentor for a student cohort of cybersecurity analysts, and volunteers with various community organizations that encourage youth and minorities to pursue careers in STEM and information security.

Back to Circle City Con 2019 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast