There will be a Medical Device (Virtual) Village this year at DEF CON, organized in conjunction with I Am The Cavalry, the BioHacking Village, and the IoT Village (located in IoT Village) from July 28-30th at Caesars Palace in Las Vegas, Nevada. We seek to establish a high-trust, high-collaboration environment where security researchers, medical device makers, healthcare providers, doctors, and others can come together in a joint mission to preserve patient safety. This event builds on work such as our Hippocratic Oath for Connected Medical Devices and our Position on Disclosure.
The latest medical advances lay at the intersection of patient care and connected technology. Integration of new technology enables innovations that improve patient outcomes, reduce cost of care delivery, and advance medical research. A growing number of medical devices are designed to be networked to facilitate patient care. As such, accidents and adversaries that trigger software vulnerabilities may harm human life, patient safety, and public trust.
Researchers may be more reluctant to disclose if they know a vulnerability has not been (or cannot be) fixed. On the other hand, the prospect of high consequence failures may motivate action. Remediation urgency can preserve safety, life, and trust; at the same time, validation and verification avoid unintended consequences, Vulnerability discovery, disclosure and remediation in public safety and human life contexts should be handled with both due haste and due care.