PestilentialProtocol

how unsecure HL-7 messagesthreaten patient lives

maxwell blandchristian ‘quaddi’ dameff, MDJeff ‘r3plicant’ tully, MD

Christian Dameff, MDEmergency Physician

UC San Diego

Jeff Tully, MDPediatrician & Anesthesiologist

UC Davis

Maxwell BlandSecurity Researcher

UC San Diego

Disclaimerthe following presentation describes potential consequences arising from the exploitation of unsecure protocols in order to advocate for the implementation of improved security measures.

its creators do not advocate or condone the application of this material in real world environments.

the presentation includes a live Demo involving the useof needles to draw blood.

CaseLAS VEGAS GENERAL EMERGENCY DEPARTMENT

TIME: 04:00--------------------------------------------

The NIGHT SO FAR...1 stroke2 heart attacks1 gunshot to the abdomen--------------------------------------------

NEW PATIENT BED 731 year old male comes in vomitingTemp:37.3C Heart Rate:119 Resp:22 BP:97/70

CaseNEW PATIENT BED 7

--------------------------------------------HPI: Abd pain, N/V x1 dayNo PO since buffet day priorExcessive EtOH, decreased H20PMH: UnknownAllergies: NoneB

Differential

GallstonesCholecystitisCholangitisHepatitis

Liver abscessBudd-Chiari syndromePortal vein thrombosis

Acute myocardial infarctionPancreatitis

Peptic ulcer diseaseFunctional dyspepsia

Gastroparesis

PoP

Splenic infarctionSplenomegaly

Splenic abscessSplenic ruptureAppendicitisDiverticulitisNephrolithiasisPyelonephritis

Acute urinary retentionInfectious colitisBowel obstructionGastric perforation

PoP

CystitisUlcerative colitis

Crohn diseaseViral gastroenteritisBacterial peritonitis

DiverticulitisCeliac disease

Adrenal insufficiencyMalignancyKetoacidosis

Abdominal migraineConstipation

PoP

Health Level 7 Standard

International and ubiquitous

Transmits data regarding• Orders• Lab results• Imaging results• Clinical documents• End-user management of

applications

Health Level 7

A. V2 (1989) – Most commonA. Plain textB. Pipe delimitedC. Non XML Bases

B. V3 (2005) - Slow AdoptionA. Plain textB. Pipe delimitedC. XML Based

HL7- vulnsNo encryption at standard levelNo verification of message sourceNo authentication of message transmission

Yep...

Seriously.

Test Bed

[DEMO]RoleplayH+PEMR Orders -> Simple diffBlood drawLab -> Rehash data flowResults real -> Max showsEMR results -> (split screen?)TreatmentDeath-> What happened?

MiTM

Solutions

1.Secure network deployment

2.Proper configuration

3.Security conscious protocols and ecosystems

Themes• HIPAA Vs. Patient Safety

• Confidentiality vs Integrity vs Availability

• Legacy is Hard in Healthcare• Patching critical devices -> HARM

• Physicians don't know security and can harm

Confidentiality Integrity

Availability

Q+A