Tuesday, May 13, 2014
SecMedic Founder Scott Erven released his opinion paper yesterday titled, "The Urgent Need For Independent Validation and Verification of Security Controls in Medical Devices." Get on over to http://secmedic.com/media to check it out.
Friday, May 9, 2014
Due to the overwhelming support these last few weeks on my research regarding medical device security from healthcare organizations, medical device manufacturers and government, I have decided that it is time to step up and be a part of the solution. I have decided the time is now to publicly release SecMedic to the world. As long as I have been in Information Technology & Security, I have always pushed my intellectual limits to find my higher calling. When I ventured into the healthcare industry, I continually challenged myself to figure out how I personally could affect patient safety and human life. Although it was rewarding, I always felt emptiness, in only being able to indirectly affect most healthcare organizations missions and values surrounding patient safety and quality care. I felt that there had to be more I could do, without simply assisting the physicians and clinicians in support of patient care.
I have been hard at work the last two and a half years, continually pushing my limits, in order to ensure I can help protect individuals before a cyber-attack on medical devices causes loss of human life. I want to thank all the doubters along the way that truly inspired me to prove them wrong. Please know that you may actually be the reason I have continued to push my limits the last few years. So once our final research is released publicly to the world, please give yourself a giant pat on the back for helping support me and continually driving my passion to further my research!!
Our next two phases of research will be presented over the summer. Phase 2 allowed me to team up with Shawn Merdinger, and I decided we had to prove that an attacker could gain access to medical devices and their supporting technology systems and applications from anywhere in the world. The results of this research will be presented for the first time publicly at Shakacon in Honolulu, HI on June24th-25th. You can find the abstract for my talk here. http://shakacon.org/speakers.
Phase 3 of our "Just What The Doctor Ordered?" series will be announced in the near future. It will occur sometime within the next three months. This will paint the final picture on the current risk of medical devices inside today's healthcare landscape. I guarantee it!! I will have accomplished what I initially set out to do and prove that the risk of a cyber-attack against medical devices is severe. I promise the "good stuff" is yet to come!!
Of course the results of our research these past few years has personally disturbed me, and I have also been hard at work focusing on how I can bring together healthcare organizations, medical device manufacturers and government to step up and work together to address medical device security before it is too late. There have been many colleagues in the InfoSec community whose spouse or children have a medical condition that requires the use of a medical device. This has further inspired me to ensure security is embedded in the engineering phase of these devices, in order to prevent "patch-work" and other ineffective solutions long-term. It would be ignorant of anyone to say that all risk can be eliminated. I am however confident, that the solutions and strategic direction that SecMedic will provide, will immediately reduce the current and severe risk of cyber-attacks against medical devices. I have brought together a rock star team of the most talented and respected medical device security experts in the world. Keep checking back for further public release of my team!!
In closing thoughts, I would like to thank the world’s best wife and my two sons for their continued support and encouragement these last few years. The excessive and long nights of me researching and ignoring my family have undoubtedly proven tough. They have been my foundation and they have believed in me and my vision to ensure the world is a safer place. I am thankful that I will soon be able to complete my research and passion in my "day-job", and get back to giving my family the well-deserved attention that has been neglected these past few years. It is now time to help the industry address the issues so please reach out to SecMedic if your organization needs a world class team to help provide strategic direction in resolving the current risks. Otherwise I may be homeless and my wonderful wife and family will kick me to the curb!!
Thanks again to everyone, especially I Am The Cavalry members (@iamthecavalry), for their continued support. You all are the best!! I look forward to further industry leading research from this group and encourage those who have not reached out to do so. Know that the work being done is just starting and I encourage security researchers everywhere to focus their incredible skills on issues affecting public safety and human life. Believe me there are much smarter folks out there than I, and you need to step up!!
I look forward to sharing the rest of our research soon and developing effective solutions quickly to solve the current issues of security inside medical devices.