Device Cybersecurity: #WEHEARTHACKERS

Abbott partners with Cal Poly’s California Cybersecurity Institute to challenge hackers and cybersecurity researchers.

NO IMAGE
Strategy and Strength | Aug. 21, 2019

It’s not every day that you can walk into a room and witness large groups of hackers, manufacturers, physicians, academics and regulators working together on some of the biggest cybersecurity challenges in today’s connected healthcare ecosystem.

Recently, that’s exactly what happened.

An Important Collaboration

Ensuring the continued security of connected medical devices is a top priority at Abbott, because connected devices help patients and their doctors make better, faster, and more informed medical decisions.

As part of our commitment to securing medical devices, we joined #WeHeartHackers, an initiative led by the U.S. Food and Drug Administration to bring manufacturers and security researchers together at DEF CON 2019 to explore ways to improve the security of medical devices.

DEF CON is a leading cybersecurity conference held annually in Las Vegas, Nevada. The conference includes many immersive “villages” that allow conference attendees to work with manufacturers to investigate and responsibly disclose product cybersecurity vulnerabilities.

Creating a Space where Everyone could Work Together

This year we partnered with Cal Poly’s California Cybersecurity Institute to design and build an immersive hospital set in the Biohacking Village to give security researchers the opportunity to defend a hospital and its connected medical devices from cyberattacks. Our immersive environment, featured in the Washington Post, included a pharmacy, laboratory, surgical room, radiology facility, and neonatal unit.

defcon
The immersion environment included a pharmacy, laboratory, surgical room, radiology facility, and neonatal unit.
cybersecurity
The immersion environment included a pharmacy, laboratory, surgical room, radiology facility, and neonatal unit.
cybersecurity
The immersion environment included a pharmacy, laboratory, surgical room, radiology facility, and neonatal unit.

“Bringing together security researchers, manufacturers, physicians, and regulators is an important step in continuing to ensure the security of connected medical devices, because none of us can do our job in a bubble,” said Chris Tyberg, Division Vice President, Information Security at Abbott Medical Devices, who spearheaded Abbott’s work at DEF CON and attended the conference.

Defcon
Abbott’s Chris Tyberg (left) celebrates the Biohacking Village with Cal Poly faculty and students at DEF CON 2019.

To help further educate security researchers about clinical needs, Abbott hosted a small group of physicians, hospital security executives, and cybersecurity researchers to share their perspectives about cybersecurity and connected medical devices. Several physicians shared their experiences in a panel discussion, outlining ways they communicate cybersecurity issues to their patients and opportunities for researchers to partner with them to address challenges associated with communicating medical device cybersecurity issues to patients.

Our work at DEF CON is just one of many examples of the work we’re doing to raise awareness about the importance of medical device cybersecurity.  In 2018, Abbott conducted a survey of more than 300 physicians and hospital administrators to learn about the cyber challenges they face in the hospital environment. Abbott partnered with security and risk management advisory firm, The Chertoff Group, to release the survey findings in a white paper (you can also check out this great podcast episode where Chris Tyberg discusses the research). We’ll also be participating in AdvaMed’s MedTech Conference in September 2019.

It is only by working closely together that the healthcare industry can continue to strengthen the security of medical devices for patients.