Upload
anirudh-duggal
View
296
Download
0
Embed Size (px)
Citation preview
Breaking into Hospitals
Disclaimer: All the views / data presented are my own and do not reflect the opinions of my employer.
-- Anirudh Duggal
About me • Senior software engineer with Royal Philips• Speaker at Cocon, HITCON, Ground Zero, Nullcon• Hack anything• Sustainability enthusiast• Play guitar in free time
Menu!• Hospitals• Why attack hospitals?• Infrastructure inside a hospital• A reality check• Indian perspective • Changing threat scenario
Hospital• A hospital is a health care institution providing patient treatment with
specialized staff and equipment.-- wiki
Why Hospitals?• Cyber war / Terrorism?• Privacy • Financial – a medical record fetches 8x of a credit card record • Physical?
Infrastructure inside a hospital
Range of devices
Cost: Rs 250 115 (50% off)Fits in pocket
Cost: can reach up to 3 million $Size: about the size of a truck (don’t ask the weight ;) )
And the memory
A hospital data center…
A simple DIY device
And……….• Patient monitors• Insulin monitors• Pacemakers• Heart rate devices• “smart bands”• Home monitoring solutions
And……….
Healthcare centers and hospitals
HVAC system
Lighting system
Hospital servers
Waste management
systemsMedical devices
Hospital computers
Monitoring devices
Tablets / phones
Water controls
NAT / Bridged network
Other hospitals Vendor servers
“service portals”
Vendor servers
Intranet
Internet
Security systems
Really?
HVAC system
Lighting system
Hospital servers
Waste management
systemsMedical devices
Hospital computers
Monitoring devices
Tablets / phones
Water controls “service
portals”Security systems
guests
Internet
So where’s the problem?• The infrastructure is not supposed to be “public”• Most of this infrastructure is not prepared to be Public
Attack Scenario• Outsider attacks -> fingerprinting and attacking hospitals• Name, medical equipment, EMR systems, HVAC systems, control systems,
routers, security systems
• Insider attacks – network and medical devices• Public vs private networks, finding HL7 implementations, • Finding obsolete hardware / software
A reality check• As an attacker i
Found 2000+ vulnerable hospital serversFound 200+ hospitals from major hospital chainsFound HVAC controls Discovered many entry points in each of themAm updating the number of live EMR systems I foundStill findings lots of hospitals and healthcare devices and solutions…
Indian perspective as an attacker • Found many major hospitals (40+)• Was able to fingerprint major hospital chains• Found FTP, Telnet, IIS instances (unprotected)• Found suspicious activity• Found hospital networks have open Wi-Fi Connections e.g. Hospital admin and hospital networks• Need security now!
Outsider attacks• Recon using shodan
On the basis of EMR solutions
Fingerprinting chains of hospitals
Infrastructure – besides medical devices
Unknown hospitals
Insider attacks• WiFi networks – guests• Stealing information from employees– privacy • Evil staff – using existing infrastructure to launch attacks• HL7 and FHIR
Medical devices
Potential entry points• Wifi / Lan• Serial ports • USB - Firmware • The sensors • Keyboard / mouse • Firewire• Protocols
Demo Time!
New threat landscape• BYOD• Cloud Based attacks• Targeted attacks
Thank you Minatee Mishra Michael Mc NeilBen Kokx Jiggyasu SharmaSanjog Panda Pardhiv ReddyAjay Pratap Singh Neelesh SwamiGeethu Aravind Archita AparichitaSagar Popat
Questions?
Thank you