AppSec Europe 2018

Hospitals are attractive places for criminal hackers. With access to critical medical records and personally identifiable information, there is great opportunity to exploit the patients and the employee. I see vulnerabilities on all levels and in all roles and locations in the hospital – in site of the hospital, software, devices, and with humans. The consequences of bad security are huge and can cause harm, both to the patient and to employees. Criminal behaviour can go unnoticed for long periods. Without proper security controls, patient records can be manipulated. You can imagine the consequences that could happen. The site of the hospitals is used not just for sharing the informations about the hospitals but also for sharing the medical documents and communication between the patients self and the medics, but also for private, professional or educative talka, between medics from the inside, but also outside of the hospitals. Enough reasons to understand that we need a really good secured site. Sadly the situation isn't as good as we hope and want it to be. In this presentation we will like to present
1.The research of site of 97 hospitals in The Netherlands and 100 hospitals in USA, The research was on HTTP/HTTPS SSL certificate using Observatory by mozilla Ipv4/Ipv6
2. Re-research year later/the results In this research nmap was used too.
3. The tech info about what and how the infromation at the site can be manipulated, by Xavier Mertens and John Opdenakker. They will also show the demo
4. The organisation and communication problem Communication from outside (reports) with IT department trying to reach the people from infosec Organisation at the hospitals that should also care about security of the site
5. The consequences, for the patient and for the employee.
6. Connecting research to OWASP 10
 Security needs to be built from the ground up, starting with making the sites of the hospital secure and by that safe online environment in the healthcare