HL7Magic: Medical Data Hacking Made Easy
Katie Inns
44CON 2024 · Day 2 · Main
This talk, "HL7Magic: Medical Data Hacking Made Easy," presented by Katie Inns, Head of Attack Surface Management at WISecure, delves into the critical and often overlooked vulnerabilities within the healthcare industry's digital infrastructure, specifically focusing on the **Health Level 7 (HL7)** protocol. Inns highlights the alarming increase in cyberattacks targeting healthcare, emphasizing that this sector has become one of the most targeted, on par with the financial industry, yet remains severely underfunded in terms of security. The presentation serves as a "call to arms" for the cybersecurity community to contribute to securing healthcare systems, which historically have been reluctant to openly discuss their vulnerabilities.
AI review
Inns does real work here — she built a tool, connected herself to a patient monitor, and demoed live data manipulation. That takes commitment. But the underlying vulnerabilities (unauthenticated cleartext legacy protocol, MITM trivial on LAN) are not novel findings; they're well-documented problems that predate this talk by years. The contribution is the tooling and the healthcare-sector framing, not the research itself.