2020 - Don't be a HIPAACrite - Qasim Ijaz

I’ve seen patient data in medical devices that lacked authentication, portrayed a medical doctor to dupe help desk into handing over credentials (and vice versa), gained domain admin in 10 minutes (thank you defaults), and took down an EHR with a percentage sign (Sorry!). Healthcare IT Overview The issues: HL7 - MITM'ers Heaven Healthcare Defaults and Other Security Issues OCR Breach Portal and HIPAA Breach Notification Rule My HIPAA Pentest Methodology What can we do about it? HIPAA & HITRUST FHIR (HL7 replacement) InfoSec Best Practices This talk will be full of stories, memes, and screenshots portraying cybersecurity issues affecting healthcare environments. I will discuss what I see as root causes and talk about attempts to mitigate these issues. The attendees will leave the talk with a better understanding of healthcare security issues and ideas to combat these issues head-on.