HACKING MEDICAL DEVICES BY JENNIFER GROSS. GROWTH OF MEDICAL TECHNOLOGIES Medical technologies and computer science continue to mesh Pacemakers Insulin.

Slides:

Advertisements

Similar presentations

Health Care Policy An Overview Andrew Holtz

Advertisements

Federal Interagency Committee on Emergency Medical Services An Overview April 24, 2008.

David A. Brown Chief Information Security Officer State of Ohio

False or Fraudulent Update on “False Certification” Doctrine.

Sixth Annual Meeting March 12, :00am to 4:00pm Crowne Plaza National Airport Arlington, VA INTERMACS Annual Meeting March 2012.

HIPAA Security Standards What’s happening in your office?

Introduction to Regulation

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

“Scientists Work to Keep Hackers Out of Implanted Medical Devices” Justin Fisher.

Sixth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.

A Very Big Branch You’ve ran across some acronyms in the reading. See if you can remember these:

Fifth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.

Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.

The Effect of Fictional Media on Future Cybercrime. Presented by Jessica Eastell and Peter Lowery 15/05/2015Jessica Eastell and Peter Lowery2.

Zhihao Jiang, Rahul Mangharam PRECISE Center University of Pennsylvania.

Chapter 3 Ethics, Privacy & Security

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Are you safe? Alyssa Caputo & Niki Labella Itech 1101 Dr. Nagel.

1 The National Response Plan (NRP): HHS, CDC, and DHS Coordination CDC Public Health Preparedness Conference February 24, 2005 By: Brian Kamoie, JD, MPH.

2009 RWJF Synergy Workshop Institute of Medicine Washington DC June

CIVICS IN PRACTICE HOLT HOLT, RINEHART AND WINSTON1 Qualifications for the presidency: Native-born U.S. citizen At least 35 years of age A resident of.

The Federal Bureaucracy Chapter 15. What is a bureaucracy?

Introduction to US Health Care

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

Food and Agriculture Security: Are They on the Radar Screens of Our State Homeland Security Directors?

Security Chapter 8 Objectives Societal impact of information and information technology –Explain the meaning of terms related to computer security and.

What Difference Will It Make for People with Disabilities? Michael Dalto Maryland Department of Disabilities December 8,

April 1, 2009 Pricing Transparency The Role of Supply Chain Leadership.

Ideal Jobs FBI. Field Criminal Justice Criminal Justice is study of the law and is mostly of thinking of the Criminal mind. Jobs: Local law Enforcement:

Uses, Benefits and Challenges of Broadband Technologies in Large-Scale Events.

Security and Privacy for Implantable Medical Devices Presented by : Dilip Simha.C.R.

“History is a set of lies agreed upon.” Napoleon Bonaparte.

A PowerPoint Presentation by Helen Chelan Johnson.

Nellcor Puritan Bennett 980 Ventilator System

K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.

Veterans Health Administration Shared Training Partnerships June 4, 2009.

By: Gregory Swinson ACM TechNews: (3/27/12) Source: "Hacking IT Systems to Become a Criminal Offence." European Parliament. Web. 11 Apr

“The act of gaining unauthorized access to computer systems (cracking) should not be criminalized assuming that there is no damage.” Dan Garrison Megan.

Evidence, HTA and Comparative Effectiveness in the U.S. Presentation at AMCP March 28, 2007 Peter J. Neumann Tufts-New England Medical Center.

Department of Agriculture Department of Commerce Department of Defense Department of Education Department of Energy Department of Health and Human Services.

Cyber Security in HealthIT Mark Longworth Independent Security Consultant

FDA Workshop-External Defibrillators Quality Systems Practices and Adverse Reporting John Collins AHA/ASHE.

Small Business Security Keith Slagle April 24, 2007.

Managing Hospital Safety: Common Safety Concerns Part 1 of 4.

Component 1: Introduction to Health Care and Public Health in the U.S. 1.1: Unit 2: Health Care Settings 1.2 a: Overview and the Organization of Federal.

Chunk 6 - Implementation Definition: Implement – put into effect.

E NGINEERING STUDIES IN T ELECOMMUNICATIONS S ECURITY School of Communication Engineering.

Xiali Hei, Xiaojiang Du, Shan Lin Temple University

Stimulating Medical Innovation HHS Task Force Larry Kessler, Sc.D. Task Force Executive Director Director, Office of Science and Engineering Laboratories,

THE CABINET. Cabinet History In 1789, George Washington asked Congress to make 4 specific departments (State, War, Treasury, Attorney General) Today,

Web Security Introduction to Ethical Hacking, Ethics, and Legality.

Departments More Departments Lots of Departments Executive.

1 Healthcare and Cyber Security 2015: Is India Ready? Nitish Chandan Int. B.Tech CSE + LL.B Hons. Cyber Law (UPES, Dehradun) Founder & Technical Writer.

The President President’s Purpose What did you put on your job description?

Date of download: 6/8/2016 Copyright © 2016 American Medical Association. All rights reserved. From: Pacemaker and ICD Generator Malfunctions: Analysis.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 2 Clinical Information Standards – Unit 3 seminar Electronic.

The Politics of Tort: Legal Fairness vs. Health Access Unit 8- Tort Reform Kaplan University Dr. Thomason.

Karen M. Sandler General Counsel July 23, 2010 OSCON Free Software on Medical Devices: Unchain My Heart!

Cybersecurity of Medical Devices

Advanced Services Cyber Security 101 © ABB February, | Slide 1.

Hacking the Human Body? Cyber-Bio Crossover: Implantable Medical Device (IMD) Hacking Rebecca Earnhardt, Researcher / Project Manager UMD START-Unconventional.

Penetration Testing Computer Science and Software Engineering

The President. The President What did you put on your job description? President’s Purpose What did you put on your job description?

What is computer hacking?

Tobey Clark, Director*, Burlington USA

Cybersecurity Simplified: Ransomware

Presentation transcript:

HACKING MEDICAL DEVICES BY JENNIFER GROSS

GROWTH OF MEDICAL TECHNOLOGIES Medical technologies and computer science continue to mesh Pacemakers Insulin Pumps Defibrillators Just as susceptible to hacks and bugs as any other form of technology.

BARNABY JACK Renowned white hat hacker for McAfee Hacked an insulin pump delivering 300 units of insulin to a mannequin in a matter of seconds. Figured out how to hack pacemakers from up to 500 feet away RwweA

FDA’S ROLE Responsible for evaluating all new medical devices and risks associated with them Seldom will examine new devices prior to them being surgically implanted unless: Repeated malfunctions Recalled

OTHER ORGANIZATIONS INVOLVED Center for Medicare and Medicaid Services (CMS) Food and Drug Administration (FDA) Department of Health and Human Services (HHS) Department of Defense (DoD) Department of Veterans Affairs (VA) Department of Homeland Security (DHS)

POLITICS…. Economics behind reporting devices with defects If a hospital were to file a report of an incident with one of the medical devices, the hospital is liable Disincentive for notification False sense of security Lack of preparedness for any cyber security issues

ENCRYPTION AND OTHER PROTECTIONS All models of the various medical devices have the capability to use Advance Encryption Standard (AES) Numerous backdoors to these devices Backdoor could “at least have it been embedded deep inside the ICD core”

LEGAL HELP? Product Liability Riegel v. Medtronic, Inc.

PROPOSED SOLUTION Software Freedom Law Center (SFLC) Publicly auditable source-code

OPTIONS Use with risks of what can happen Don’t use it at all

REFERENCES Fu, Kevin and James Blum. "Inside Risks: Controlling for Cybersecurity Risks of Medical Device Software." n.d. Computer Science Laboratory - SRI International. 20 April Goodin, Dan. Insulin pump hack delivers fatal dosage over the air. 27 October April Goodman, Marc. Hacking the Human Heart. 23 August April Kirk, Jeremy. Pacemaker hack can deliver deadly 830-volt jolt. 17 October April Peters, Jeff. Medical Devices: Death by Hacking and Barnaby Jack. July April

REFERENCES Radcliffe, Jerome. "Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System." n.d. Black Hat. 20 April "Riegel VS. Medtronic." n.d. American Association for Justice. Web. 23 April Sandler, Karen, et al. "Killed By Code: Software Transparency in Implantable Medical Devices." 21 July Software Freedom Law Center. Web. 23 April Storm, Darlene. Pacemaker hacker says worm could possibly 'commit mass murder'. 17 October April

REFERENCES Talbot, David. Computer Viruses Are "Rampant" on Medical Devices in Hospitals. 17 October April Tobias, Marc Weber. What's to Stop Hackers From Infecting Medical Devices. 20 April April Ungerleider, Neal. Medical Cybercrime: The Next Frontier. n.d. 20 April Zetter, Kim. Board Urges Feds to Prevent Medical Device Hacking. 10 April April