Due to the overwhelming support these last few weeks on my
research regarding medical device security from healthcare organizations,
medical device manufacturers and government, I have decided that it is time to
step up and be a part of the solution. I have decided the time is now to
publicly release SecMedic to the world. As long as I have been in Information
Technology & Security, I have always pushed my intellectual limits to find
my higher calling. When I ventured into the healthcare industry, I continually
challenged myself to figure out how I personally could affect patient safety
and human life. Although it was rewarding, I always felt emptiness, in
only being able to indirectly affect most healthcare organizations missions and
values surrounding patient safety and quality care. I felt that there had
to be more I could do, without simply assisting the physicians and clinicians
in support of patient care.
I have been hard at work the last two and
a half years, continually pushing my limits, in order to ensure I can help
protect individuals before a cyber-attack on medical devices causes loss of
human life. I want to thank all the doubters along the way that truly inspired
me to prove them wrong. Please know that you may actually be the reason I
have continued to push my limits the last few years. So once our final
research is released publicly to the world, please give yourself a giant pat on
the back for helping support me and continually driving my passion to further
my research!!
Our next two phases of research will be
presented over the summer. Phase 2 allowed me to team up with Shawn Merdinger,
and I decided we had to prove that an attacker could gain access to medical
devices and their supporting technology systems and applications from anywhere
in the world. The results of this research will be presented for the
first time publicly at Shakacon in Honolulu, HI on June24th-25th. You can
find the abstract for my talk here. http://shakacon.org/speakers. html#scott_erven
Phase 3 of our "Just What The Doctor
Ordered?" series will be announced in the near future. It will occur
sometime within the next three months. This will paint the final picture
on the current risk of medical devices inside today's healthcare landscape.
I guarantee it!! I will have accomplished what I initially set out
to do and prove that the risk of a cyber-attack against medical devices is
severe. I promise the "good stuff" is yet to come!!
Of course the results of our research
these past few years has personally disturbed me, and I have also been hard at
work focusing on how I can bring together healthcare organizations, medical
device manufacturers and government to step up and work together to address
medical device security before it is too late. There have been many
colleagues in the InfoSec community whose spouse or children have a medical
condition that requires the use of a medical device. This has further
inspired me to ensure security is embedded in the engineering phase of these
devices, in order to prevent "patch-work" and other ineffective
solutions long-term. It would be ignorant of anyone to say that all risk
can be eliminated. I am however confident, that the solutions and strategic
direction that SecMedic will provide, will immediately reduce the current and
severe risk of cyber-attacks against medical devices. I have brought together a
rock star team of the most talented and respected medical device security
experts in the world. Keep checking back
for further public release of my team!!
In closing thoughts, I would like to thank
the world’s best wife and my two sons for their continued support and
encouragement these last few years. The excessive and long nights of me
researching and ignoring my family have undoubtedly proven tough. They have
been my foundation and they have believed in me and my vision to ensure the
world is a safer place. I am thankful that I will soon be able to
complete my research and passion in my "day-job", and get back to
giving my family the well-deserved attention that has been neglected these past
few years. It is now time to help the industry address the issues so
please reach out to SecMedic if your organization needs a world class team to
help provide strategic direction in resolving the current risks.
Otherwise I may be homeless and my wonderful wife and family will kick me
to the curb!!
Thanks again to everyone, especially I Am The
Cavalry members (@iamthecavalry), for their continued support. You all are
the best!! I look forward to further industry leading research from this
group and encourage those who have not reached out to do so. Know that the work
being done is just starting and I encourage security researchers everywhere to
focus their incredible skills on issues affecting public safety and human
life. Believe me there are much smarter
folks out there than I, and you need to step up!!
I look forward to sharing the rest of our research soon and
developing effective solutions quickly to solve the current issues of security
inside medical devices.
Scott Erven
Founder
SecMedic, Inc
I got too much interesting stuff on your blog. I guess I am not the only one having all the enjoyment here! Keep up the good work. Best light therapy glass
ReplyDeleteThis is my first time i visit here. I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, device security
ReplyDelete