Explore how technology and security works within hospitals, and come try to hack various medical devices!
Medical Village at HITB conference is place where infosecurity researchers can come in the contact with vendors of medical devices and their products. Not just learn more about the device self, but also to can test them.
Our goal is to bring all sides together at one place: security researchers, infosecurity, professionals, vendors and medical professionals, start the conversation that should lead and open the possibility to make the most safe and secure environment at all healthcare institutions together.
Philips is hosting a DICOM challenge at the medical hacking village booth at this year’s Haxpo event. The Digital Imaging and Communications in Medicine (DICOM) standard is used for the exchange of medical images was originally released in 1985, and remains one of the most common communication and file standards. A DICOM file does not only hold the image but also other sensitive information including patient name, age, ID, date of birth, weight, and among other identifiable information. Recently a number of new vulnerabilities in the standard have been uncovered by both manufacturers and researchers. Philips welcomes security researchers to visit the booth to try their skills on a Philips DICOM implementation, under Philips Coordinated Vulnerability Disclosure (CVD) rules (www.philips.com/security).
For detailed information about the DICOM standard visit https://dicomstandard.org, additional information and tools can be found at https://www.ncbi.nlm.nih.gov/pmc/articles/PMC61235/ and https://www.dvtk.org.
Other Things to do:
- Share knowledge and Network.
- Exchange thoughts and ideas with infosecurity professionals in healthcare institutions, medical professionals and infosecurity professionals at vendors
- Talking about the position and state of infosecurity and privacy in the healthcare and possible solutions
Please note, since these are actual medical devices, the medical village feels a strong need for balance between the needs of security researchers, device makers, hospitals, patients, and other stakeholders.
This will mean that attendees are expected to deal with normal responsible disclosure policies, including not disclosing issues to press/to the public, until vendors have had 90 days, or an agreed upon amount of time, to fix these issues. More details will be provided at haxpo.
Medical Village would like to thank:
I Am The Cavalry, for advising
Philips for the hosting a DICOM challenge and bringing medical devices
GDI Foundation for assisting in Coordinated Vulnerability Disclosure of medical devices in collaborations with the researchers
Our Medical Village is now also on twitter: https://twitter.com/MHV_HITB/