Hackers of India

Understanding, Attacking & Securing Medical Devices

By  Ajay Pratap Singh  on 29 Aug 2019 @ Hitb Sec Conf


Presentation Material

Abstract

DICOM (Digital Imaging and Communications in Medicine) is an international standard for retrieve, transfer, storage and communication in imaging modalities. It is used in imaging modalities like CT, MR etc.

Initially, interfaces between imaging medical devices were custom designed & posed a huge challenge as far as interoperability was concerned. DICOM standards has come to the rescue by providing interoperability to store, manage & exchange information among one or more devices, product, systems etc. DICOM is supported by majority of vendors and hospitals however secure implementation of DICOM is still a concern as security risks were given less importance.

This presentation will be primarily focused on DICOM messages, their implementation, the sensitivity of the information and how to attack these messages. The talk will cover how to pentest medical devices / systems in the hospital network and the approach that needs to be taken to pentest the medical systems. The talk will be concluded by sharing insights on the proper implementation of DICOM standard to better defend healthcare devices & systems against cyber-attacks.