Explore the state of security in the medical industry through this 46-minute conference talk from CircleCityCon 2017. Delve into critical issues such as HIPAA compliance, health privacy, and infrastructure vulnerabilities. Learn about the challenges faced by healthcare organizations, including outdated equipment, network segmentation problems, and FDA validation concerns. Discover insights on social engineering risks, malpractice concerns, and the potential for opportunistic crimes in medical settings. Examine the role of regulatory bodies like HHS and The Joint Commission, and understand why HIPAA enforcement may be lacking. Gain valuable knowledge about vendor-supplied medical equipment, embedded devices, and the budgetary constraints affecting cybersecurity in healthcare.
Overview
Syllabus
Intro
What I did in the medical industry
Phobos Group
PowerShell Empire
The Original Purpose
Critical Things
HHS Breach Report
HIPAA Wall of Shame
HIPAA has no fangs
OCR has no criteria
The Joint Commission
HIPAA Omnibus Rule
Who Here Has Been to a Doctor
Health Privacy
Motivation
Social Engineering
Malpractice
Crime of Opportunity
Bold Infrastructure
Old Equipment
Network Segmentation
FDA Validation
Not Patch IT
Firewall
Chainlink
Open Ports
Vendor Medical Equipment
Embedded Devices
Budget
