Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Erven-Merdinger/DEFCON-22-Scott-Erven-and-Shawn-Merdinger-Just-What-The-DR-Ordered-UPDATED.pdf

Just What The Doctor Ordered?
Scott Erven FOUNDER & PRESIDENT SECMEDIC, INC
Shawn Merdinger HEALTHCARE SECURITY RESEARCHER
You have already heard the stories of security researchers delivering lethal doses of insulin to a pump, or delivering a lethal shock to a vulnerable defibrillator. But what is the reality of medical device security across the enterprise? Join us for an in-depth presentation about a three-year independent research project, encompassing medical devices across all modalities inside today’s healthcare landscape. Think they are firewalled off? Well think again. Scarier yet, many remain Internet facing and are vulnerable to strategic attack with the potential loss for human life. And yes you will be amazed at what we found in just 1 hour! We will prove that an attacker can access medical devices at thousands of healthcare facilities from anywhere in the world with the potential loss of human life.

This discussion will also highlight the fallout from security standards not being a requirement for medical device manufacturers, and our experience in identifying and reporting vulnerabilities. We will provide our insight into what needs to be done for healthcare organizations to respond to the new threat of cyber-attack against medical devices. We are working towards a future where cyber security issues in medical devices are a thing of the past. We will discuss the recent success and traction we have gained with healthcare organizations, federal agencies and device manufacturers in addressing these security issues. The train is now moving, so please join us to find out how you can get involved and make a difference by ensuring patient safety.

Scott Erven is a healthcare security visionary and thought leader; with over 15 years’ experience in Information Technology & Security. He is also the Founder and President of SecMedic, Inc. His research on medical device security has been featured in Wired and numerous media outlets worldwide. Mr. Erven has presented his research and expertise in the field internationally. He has been involved in numerous IT certification development efforts as a subject matter expert in Information Security. His current focus is research affecting human life and public safety issues inside today’s healthcare landscape.

Shawn Merdinger is a security researcher with 15 years' information security and IT experience. He is founder of MedSec, a LinkedIn group focused on medical device security risks with over 500 members and has worked with Cisco Systems, TippingPoint, an academic medical center, and as a independent security researcher and consultant. He's served as technical editor for 12 security books from Cisco Press, Pearson, Syngress and Wiley. Shawn has presented original security research at DEFCON, DerbyCon, Educause, ShmooCon, CONfidence, NoConName, O’Reilly, IT Underground, InfraGard, ISSA, CarolinaCon and SecurityOpus. He holds a master's from the University of Texas at Austin and two bachelor's from the University of Connecticut.