AppSec Europe 2018 has ended
                                                                                    ***Content is subject to change.***
Back To Schedule
Friday, July 6 • 1:30pm - 2:15pm
The Consequences of Poor Security of the Hospital Sites LIMITED

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Limited Capacity seats available

Hospitals are attractive places for criminal hackers. With access to critical medical records and personally identifiable information, there is great opportunity to exploit the patients and the employee. I see vulnerabilities on all levels and in all roles and locations in the hospital – in site of the hospital, software, devices, and with humans. The consequences of bad security are huge and can cause harm, both to the patient and to employees. Criminal behaviour can go unnoticed for long periods. Without proper security controls, patient records can be manipulated. You can imagine the consequences that could happen. The site of the hospitals is used not just for sharing the informations about the hospitals but also for sharing the medical documents and communication between the patients self and the medics, but also for private, professional or educative talka, between medics from the inside, but also outside of the hospitals. Enough reasons to understand that we need a really good secured site. Sadly the situation isn't as good as we hope and want it to be. In this presentation we will like to present
1.The research of site of 97 hospitals in The Netherlands and 100 hospitals in USA, The research was on HTTP/HTTPS SSL certificate using Observatory by mozilla Ipv4/Ipv6
2. Re-research year later/the results In this research nmap was used too.
3. The tech info about what and how the infromation at the site can be manipulated, by Xavier Mertens and John Opdenakker. They will also show the demo
4. The organisation and communication problem Communication from outside (reports) with IT department trying to reach the people from infosec Organisation at the hospitals that should also care about security of the site
5. The consequences, for the patient and for the employee.
6. Connecting research to OWASP 10
 Security needs to be built from the ground up, starting with making the sites of the hospital secure and by that safe online environment in the healthcare

avatar for Xavier Mertens

Xavier Mertens

Freelance Cyber Security Consultant, Xavier Mertens Consulting
Xavier Mertens, is a freelance cyber security consultant based in Belgium. His daily job focuses on protecting his customer’s assets by applying “offensive” (pentesting) as well as “defensive” security (incident handling, forensics, log management, SIEM, security visualisation... Read More →
avatar for Jelena Milosevic

Jelena Milosevic

Paediatrician and ICU nurse
Jelena Milosevic is a paediatrician and ICU nurse with a lot of experience, having worked at many different hospitals in the Netherlands since 1995, and before that having spent 10 years working in the ICU at the University Children's Hospital in Belgrade.Over the past three years... Read More →

Friday July 6, 2018 1:30pm - 2:15pm BST
Abbey - 4th Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE