PestilentialProtocol
how unsecure HL-7 messagesthreaten patient lives
maxwell blandchristian ‘quaddi’ dameff, MDJeff ‘r3plicant’ tully, MD
Christian Dameff, MDEmergency Physician
UC San Diego
Jeff Tully, MDPediatrician & Anesthesiologist
UC Davis
Maxwell BlandSecurity Researcher
UC San Diego
Disclaimerthe following presentation describes potential consequences arising from the exploitation of unsecure protocols in order to advocate for the implementation of improved security measures.
its creators do not advocate or condone the application of this material in real world environments.
the presentation includes a live Demo involving the useof needles to draw blood.
CaseLAS VEGAS GENERAL EMERGENCY DEPARTMENT
TIME: 04:00--------------------------------------------
The NIGHT SO FAR...1 stroke2 heart attacks1 gunshot to the abdomen--------------------------------------------
NEW PATIENT BED 731 year old male comes in vomitingTemp:37.3C Heart Rate:119 Resp:22 BP:97/70
CaseNEW PATIENT BED 7
--------------------------------------------HPI: Abd pain, N/V x1 dayNo PO since buffet day priorExcessive EtOH, decreased H20PMH: UnknownAllergies: NoneB
Differential
GallstonesCholecystitisCholangitisHepatitis
Liver abscessBudd-Chiari syndromePortal vein thrombosis
Acute myocardial infarctionPancreatitis
Peptic ulcer diseaseFunctional dyspepsia
Gastroparesis
PoP
Splenic infarctionSplenomegaly
Splenic abscessSplenic ruptureAppendicitisDiverticulitisNephrolithiasisPyelonephritis
Acute urinary retentionInfectious colitisBowel obstructionGastric perforation
PoP
CystitisUlcerative colitis
Crohn diseaseViral gastroenteritisBacterial peritonitis
DiverticulitisCeliac disease
Adrenal insufficiencyMalignancyKetoacidosis
Abdominal migraineConstipation
PoP
Health Level 7 Standard
International and ubiquitous
Transmits data regarding• Orders• Lab results• Imaging results• Clinical documents• End-user management of
applications
Health Level 7
A. V2 (1989) – Most commonA. Plain textB. Pipe delimitedC. Non XML Bases
B. V3 (2005) - Slow AdoptionA. Plain textB. Pipe delimitedC. XML Based
HL7- vulnsNo encryption at standard levelNo verification of message sourceNo authentication of message transmission
Yep...
Seriously.
[DEMO]RoleplayH+PEMR Orders -> Simple diffBlood drawLab -> Rehash data flowResults real -> Max showsEMR results -> (split screen?)TreatmentDeath-> What happened?
Solutions
1.Secure network deployment
2.Proper configuration
3.Security conscious protocols and ecosystems
Themes• HIPAA Vs. Patient Safety
• Confidentiality vs Integrity vs Availability
• Legacy is Hard in Healthcare• Patching critical devices -> HARM
• Physicians don't know security and can harm
Top Related