addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramlinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

Monthly Meeting - Hacking Hospitals with Ted Harrington

In this session, we present findings from a long term security research study in healthcare, in which we discovered that adversaries can deploy cyber attacks that result in harm or fatality to patients. Over the course of 24 months, we investigated 12 hospitals, 2 healthcare data facilities, 2 medical devices and host of supporting applications and technologies. Our focus was to (a) determine the feasibility of attacks against patient health, (b) determine the contextual issues from both technical and business perspectives, and (c) articulate the solution.


We discovered that the healthcare industry is pursuing the wrong security mission, with an almost exclusive focus on protecting patient data, yet almost no consideration of protecting patient health. We identified a number of security vulnerabilities which, if exploited, would result in patient harm or fatality. We also identified a very wide range of business and industry shortcomings, which lead to the introduction of such security vulnerabilities. Notably, we also published a blueprint, which is an actionable, step-by-step guide to help a healthcare organization of any size migrate to a more robust defense posture.


This session provides a high level analysis of what we did, what we discovered, and what we recommend.

Join or login to comment.

  • Ulrich

    Hi everyone! I'm looking for people with a current/active hospital IT background to run a health IT cyber security idea past you. Shouldn't take very long and will be interesting. Please let me know ([masked]) - I can meet before/during/after the event or another time. Thanks in advance for your help.

    July 19

    • Ulrich

      By the way, is this the talk that was presented at the CISO roundtable a while back?

      July 21

  • Darin A.

    Ted looking forward to your talk both here at at BlackHat in a couple of weeks at our Securing the Internet of Things Forum http://cybertechnetwork.org/siotforum/

    July 15

  • Shane Sagui S.

    I would love to hear about this work, but unfortunately I will be out of town during this meeting. Will the materials be posted anywhere or recorded?

    July 11

Our Sponsors

  • Qualcomm

    Qualcomm provides the facilities and help for our events.

  • HP

    HP provides the funds necessary to provide quality food and beverages.

  • CyberHive/CyberTech

    CyberHive/CyberTech provides the facilities and help for our events.

  • IOActive

    CTF and Event Sponsor

  • Intuit

    Intuit provides the facilities and help for our events.

  • LP3

    CTF and Events

  • Websense

    CTF Sponsorship and hosting

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy