Presentation – HL7 Insecurities
HL7 Data Interfaces in Medical Environments – Attacking & Defending the Achilles’ Heel of Healthcare
This security research served as a 2-part SANS gold paper examining the insecurities of the HL7 messaging standard. This presentation is a combination of those two papers. HL7 is arguably the most fundamental flaw in healthcare IT. It is used extensively for system-to-system communications and is in nearly every healthcare facility worldwide. The first paper is an overview of what can be done with stolen medical data, what HL7 is, as well as potential dangers inherent to HL7. The second paper moves beyond theory and is an in-depth, technical discussion on ways to attack and defend HL7.
If this topic interests you, both papers are available at the links below.
HL7 Data Interfaces in Medical Environments: Understanding the Fundamental Flaw in Healthcare
HL7 Data Interfaces in Medical Environments: Attacking and Defending the Achille’s Heel of Healthcare
You can also download the papers from the SANS reading room. The SANS reading room has loads of free infosec research on a wide-range of other topics as well!
SANS reading room
Dallas Haselhorst has worked as an IT and information security consultant for over 20 years. During that time, he has owned his own businesses and worked with companies in numerous industries. Dallas holds several industry certifications and when not working or tinkering in tech, he may be found attempting to mold his daughters into card carrying nerds and organizing BSidesKC.