VB2017 preview: Consequences of bad security in health care

Posted by   Martijn Grooten on   Aug 23, 2017

Earlier this month, at the SHA2017 hacking camp, among the professional hackers and security experts, there was one speaker with a rather unconventional CV: Jelena Milosevic's day job is that of an ICU nurse at a Dutch hospital.

But despite having a different background, Jelena is just as passionate about security as professional hackers, if not more so. And through her work she is uniquely placed to see a lot of instances where security best practices aren't followed, or where security is compromised in favour of unnecessary convenience.

A journalist from the Dutch version of Vice Motherboard described how, when he spoke to her, she talked passionately about the many issues with the state of cybersecurity in hospitals. This was also my experience when I spoke to her a few months ago: she described many examples of the bad security practices she had seen in hospitals, from personal login details that are easily shared and that give people access to far more than they need, to computers on which medical data is stored being connected to the Internet because "otherwise, people wouldn't be able to use Facebook".

 

banner-wannacry-blog.jpg

 

It is people like Jelena who make a real difference in security, and I am immensely proud to have her as a speaker on the VB2017 programme, and excited to hear her talk about her experiences of security (and the lack thereof) in health care. The WannaCry outbreak from earlier this year clearly demonstrated what consequences poor security can have for hospitals, and if we want to limit the damage of similar outbreaks in the future, the security community would do well to talk to the people who see what is going on from the inside.

Register for VB2017 now to hear Jelena and more than 50 other speakers talk about real security threats, and how we can defend against them. And don't forget that the call for last-minute papers, dealing with hot security research, is open until 3 September.

VB2017-325w.jpg

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Firefox 59 to make it a lot harder to use data URIs in phishing attacks

Firefox developer Mozilla has announced that, as of version 59 of the browser, many kinds of data URIs, which provide a way to create "domainless web content", will not be rendered in the browser, thus making this trick - used in various phishing…

Standalone product test: FireEye Endpoint

Virus Bulletin ran a standalone test on FireEye's Endpoint Security solution.

VB2017 video: Consequences of bad security in health care

Jelena Milosevic, a nurse with a passion for IT security, is uniquely placed to witness poor security practices in the health care sector, and to fully understand the consequences. Today, we publish the recording of a presentation given by Jelena at…

Vulnerabilities play only a tiny role in the security risks that come with mobile phones

Both bad news (all devices were pwnd) and good news (pwning is increasingly difficult) came from the most recent mobile Pwn2Own competition. But the practical security risks that come with using mobile phones have little to do with vulnerabilities.

VB2017 paper: The (testing) world turned upside down

At VB2017 in Madrid, industry veteran and ESET Senior Research Fellow David Harley presented a paper on the state of security software testing. Today we publish David's paper in both HTML and PDF format.