Author: Julian Suleder

Breaking
by Julian Suleder

Medical Device Security: HL7v2 Injections in Patient Monitors

Digital networking is already widespread in many areas of life. In the healthcare industry, a clear trend towards networked devices is noticeable, so that the number of high-tech medical devices in hospitals is steadily increasing.

In this blog post, we want to elucidate a vulnerability we identified during the security assessment of a patient monitor. The device sends HL7 v2.x messages, such as observation results to HL7 v2.x capable electronic medical record (EMR) systems. A user with malicious intent can tamper these messages. As HL7 v2.x is a common medical communication standard, we also want to present how this kind of vulnerability may be mitigated. The assessment was part of the BSI project ManiMed, which we would like to present in the following section.

Continue reading “Medical Device Security: HL7v2 Injections in Patient Monitors”

Continue reading
Misc
by Julian Suleder

Motivational Aspects and Privacy Concerns on Wearables in the German Running Community

Today I am proud to announce that another paper of my former colleagues from Heilbronn University and me was published in one of the journals with the highest impact factor for Medical Informatics research called JMIR mHealth and uHealth. There is a reason why we published in this journal besides its informatics focus. The journal is an open access journal. That means that readers are not charged on a pay-per-view basis or other business models to access the full text of the paper. In return, the authors need to pay publication fees. In my opinion restricting access to academic research is not a way to go. I think this isn’t a thing we see in the security community often anyway. But this is and was the standard in academia for years.

Continue reading “Motivational Aspects and Privacy Concerns on Wearables in the German Running Community”

Continue reading
Events
by Julian Suleder

GI Sicherheit 2018 Conference

Last week (25th – 27th April), I attended the “Sicherheit 2018” in Konstanz which is the annual meeting of the security community of the Gesellschaft für Informatik e.V. (GI) in Germany. The conference is in equal proportions attended by researchers and people of the industry working in security-related disciplines which lead to lively and pleasant discussions conversations. Continue reading “GI Sicherheit 2018 Conference”

Continue reading