MCH2022 Curated content

“You give me fever, fever all through the night": Hack attacks against wireless medical devices and the virtual patient

DNA 🧬
Isabel Straw
Protect our patients from healthcare hacks! The increasing availability of telemetric medical devices has great potential to improve patient care. Yet, smart medical devices are hackable and previous case studies have described the life threatening implications of healthcare hacks. We invite you to a workshop run by doctors who are looking for your input on a series of commonly used telemetric medical technologies. Help us improve patient care by exploring potential vulnerabilities and solutions.
Telemetric medical devices can enhance patient care by improving symptom detection and disease treatment through the delivery of timely and responsive interventions (e.g., wireless glucose monitoring devices for diabetic patients). Yet, the increasing adoption of wireless medical devices in healthcare settings and the consumer environment puts patients at risk of ‘healthcare hacks’. We present a number of wireless medical devices currently in use and ask you to consider the vulnerabilities of these technologies to hack attacks: 1. Diabetes glucose sensors 2. Hearing aids 3. Cardiac Monitors 4. Pain relief voltage devices 5. Virtual Patient Beds Each of these devices connect remotely to a monitoring device, exposing them to malicious digital manipulation. So far, two case studies have described the vulnerabilities of these systems. One report described the remote hijacking of an insulin pump and another described the manipulation of an implanted cardiac device [1-3]. Increasingly, research is describing the security and privacy risks of telemetric and implanted medical devices to patients. In particular, ‘closed loop’ systems that alter device settings based on real-time physiological signals do not require clinician or patient input, and are therefore particularly vulnerable to unnoticed manipulation. Without proper security, smart medical devices are breachable and can have life-threatening consequences for the patient. We invite you to our workshop to discuss, in short groups, the listed devices and their vulnerability to manipulation. As medical doctors, we will highlight the range of clinical syndromes which may arise from these hacks and will discuss how they may be recognised in clinical settings. Lastly, we will consider the vulnerability of the healthcare concept of ‘The Virtual Patient’. Due to high hospital occupancy following the COVID19 pandemic, ‘Virtual Beds’ - which allow physicians to monitor patients in the community - have been suggested as an alternative policy for relieving pressure from healthcare services. The management of the ‘virtual patient’ relies heavily on telemetry devices and medical database systems. We will discuss the vulnerability of the specific devices listed above, in addition to the wider concept of ‘virtual patient care’. Questions for workshop participants would include: (i) Vulnerabilities: How would you hack a smart medical device or what attacks is it likely to encounter? (ii) Defense: What are device vulnerabilities and what options could improve the security of these devices? (iii) Ethics: What are the arguments for and against these devices being used in healthcare? [1] Denning, Tamara, et al. ‘Neurosecurity: Security and Privacy for Neural Devices’. Neurosurgical Focus, vol. 27, no. 1, July 2009, p. E7. thejns.org, https://doi.org/10.3171/2009.4.FOCUS0985. [2] Camara, Carmen, et al. ‘Security and Privacy Issues in Implantable Medical Devices: A Comprehensive Survey’. Journal of Biomedical Informatics, vol. 55, June 2015, pp. 272–89. PubMed, https://doi.org/10.1016/j.jbi.2015.04.007 [3] Li, Chunxiao, et al. ‘Hijacking an Insulin Pump: Security Attacks and Defenses for a Diabetes Therapy System’. 2011 IEEE 13th International Conference on E-Health Networking, Applications and Services, 2011, pp. 150–56. IEEE Xplore, https://doi.org/10.1109/HEALTH.2011.6026732.

Additional information

Type Workshop
Language English

More sessions

7/22/22
MCH2022 Curated content
Elger "Stitch" Jonker
Abacus 🧮
⚠️ Warning! This talk may contain hackers. There may be hackers in the room. There may be hackers surrounding the room. There may be hackers recording this. There may be hackers listening in. There may be hackers that exfiltrate data. There may be hackers wearing shirts. There may be hackers carrying spying devices. OH NO! There are hackers EVERYWHERE! What can we do now, except having a party?
7/22/22
MCH2022 Curated content
Jelle vd ster
Abacus 🧮
What do big tech, synthesizers, the crucifixion and Matthäus Passion have in common? Find the answer in the tech performance The Silicon Passion. We’ve all embraced big tech —but is it a warm hug or a strangulation? Bear witness to a debate of biblical proportions between tech nerds, technology and its users. In The Silicon Passion SETUP, in collaboration with de Transmissie (David Schwarz en Derk Stenvers) and Rodrigo Ferreira, is looking for a way out of the pit that technology has ...
7/22/22
MCH2022 Curated content
Clairvoyance 🔮
Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.
7/22/22
MCH2022 Curated content
Mikko Hypponen
Abacus 🧮
This is a submission for a keynote talk at MCH2022. The Internet is both a familiar, comfortable place as well as a bottomless rabbit hole you can lose yourself in. The Internet has always been like this from its inception, the difference now is the scale and consequences are almost immeasurable - and it tests the limits of human imagination. When you look into the mirror of the Internet what you see reflected back depends on what you are looking for. It has become largely a reflection of ...
7/22/22
MCH2022 Curated content
Battery 🔋
Thanks to DNSSEC and DANE, it is possible to automatically verify user@domain.name identities by checking with domain.name servers. The real problem however, is integration with existing protocols, instead of inventing something completely new and perhaps web-only. The purpose of our work on Realm Crossover mechanisms has been to design generic solutions that extend many different application protocols, without changing their protocol specs.
7/22/22
MCH2022 Curated content
Klaus Agnoletti
Clairvoyance 🔮
Utilizing collaborative security to collect data on attacks we were able to detect Log4J in a quite unusual but effective manner. We'll show you how CrowdSec enables the entire infosec community to stand together by detecting attempts to exploit a critical 0day, reporting them centrally thereby enabling anyone to protect themselves shortly after the vulnerability was made public. The unusual part is that this is done using FOSS software and by analyzing logs of real production systems but in a ...
7/22/22
MCH2022 Curated content
bert hubert
Abacus 🧮
Building on the very well attended DNA presentations ("DNA: The Code Of Life") at SHA2017, this talk will cover: * A brief recap what DNA is and how it works * It is surprisingly digital! * How reading DNA is within 'pro-sumer' reach now * (I might bring a live demo for after the talk) * An overview of DNA editing technologies (offline, and online: on living organisms) * Including the famous CRISPR-CAS, but also newer variants * How does such editing actually work in a lab? * The surprising lack ...