10:00 AM Opening Words
Welcome to the Biohacking Village!
10:15 AM Employ Cybersecurity Techniques Against the Threat of Medical Misinformation
Speaker: Eric D Perakslis
Abstract: Medical misinformation has been labeled as one of the greatest public health threats of our time. Previously eradicated diseases, such as measles are occurring in clusters and causing deaths. The problem is complex with a mixture of private individuals and nation state actors all working to undermine the credibility of doctors and the US health system. In this piece, I will discuss our JAMA piece that calls for the use of an ethical cyber response to the threat of medical misinformation.
Speaker Bio: Eric Perakslis, PhD, is a Rubenstein Fellow at Duke University, where he focuses on data science that spans medicine, policy, information technology, and security. Eric is also Lecturer in Biomedical Informatics at Harvard Medical School, and Strategic Innovation Advisor to Médecins Sans Frontières.
11:00 AM From buffer overflowing genomics tools to securing biomedical file formats
Speaker: Corey M. Hudson, Charles Fracchias
In this presentation we describe a previously unreported buffer overflow vulnerability in popular genomics alignment software package BWA. We will show how this exploit, combined with well-known attacks allows an attacker to access and modify patient data and manipulate genomic tests. We then show how this class of attacks constitutes a wider threat to global biomedical infrastructure and what a newly-formed team from Sandia National Labs and BioBright are doing about it.
Speaker Bio: Corey Hudson is a computational biologist at Sandia National Laboratories. Corey leads teams in cybersecurity, machine learning, synthbio and genomics. His main work is modeling and simulating cybersecurity risks in realistic and large-scale genomic systems and highly automated synthbio facilities.
Charles Fracchia is a bioengineer who has worked at the intersection of biology and computer science for the last decade. He is the founder and CEO of BioBright a company dedicated to making biomedical workflows more data-centric and secure.
11:45 AM How to Level Up: Experiential Learning through Gamification
Speaker: JC Vega, Zzzomething
Abstract: Want to learn how an epic clash between hackers turns into a battle of survival? How an intense, immersive experience builds critical cybersecurity skills? This talk highlights how storytelling, gamification and theater arts are used in a realistic environment to experience cybersecurity. The paradigm shift for cybersecurity crisis response training and preparation is here. Individuals, teams, and organizations can now prepare for a worst day with an intense, immersive experience that builds your critical cybersecurity and leadership skills in a realistic and gamified environment. The response and actions can have a decisive impact on the end state or the aftermath.
JC is a hardened bilingual cyber human with the scars to prove it. He loves planting seeds of knowledge and flowers, and making tea leaf predictions. Greatest Professional Accomplishment: Book Club Founder “Not your Grandma’s book club, unless your Grandma is Grace Hopper.” A cybersecurity professional and a US Army Colonel (retired) with over three decades of security leadership experience and 17 years specializing in cybersecurity operations.
Zzzomething is a well intentioned, model citizen with an unrequited love for all things cyber… and glitter. Lots of glitter. Three gold stars in Analytic Razzle Dazzle, and more than a decade in commercial and federal desk flying units. School of the Voiceless Dragon. Order of the Fuzzy Cardigan, 2nd Class. Auror and Unregistered Animagu
12:30 PM Medical Simulations Panel
Dr. Christian Dameff an Emergency Physician, Clinical Informatician, and researcher. He is currently the Medical Director of Cybersecurity for UC San Diego Health. Published clinical works include post cardiac arrest care including therapeutic hypothermia, novel drug targets for acute myocardial infarction patients, ventricular fibrillation waveform analysis, cardiopulmonary resuscitation (CPR) quality and optimization, dispatch assisted CPR, teletoxicology, clinical applications of wearables, and electronic health records. He has published in internationally known journals such as JAMA, Resuscitation, Circulation, JAMA Cardiology, Academic Medicine, and others.
Dr. Dameff is also a hacker and security researcher interested in the intersection of healthcare, patient safety, and cybersecurity. He has spoken at some of the world’s most prominent hacker forums including DEFCON, RSA, Blackhat, Derbycon, BSides, and is one of the cofounders of the CyberMed Summit, a novel multidisciplinary conference with emphasis on medical device and infrastructure cybersecurity. Published cybersecurity topics include hacking 911 systems, HL7 messaging vulnerabilities, and malware.
Dr. Dameff’s unique perspective has allowed him to perform some ground-breaking research and be covered by news publications such as Popular Science, The Washington Post, ABC NIGHTLINE, and WIRED.
Leslie Saxon, MD is a professor of medicine and clinical scholar at the Keck School of Medicine of USC. She specializes in wirelessly connected implantable and wearable devices that treat and diagnose heart conditions and prevent sudden death. Board-certified in cardiology, electrophysiology and heart failure, Saxon has authored more than 100 articles in various medical journals. She is an active member of several organizations and is a fellow at the Heart Rhythm Society.
Saxon is also the executive director of the internationally acclaimed USC Center for Body Computing (CBC). The CBC is a place for all USC schools, including medicine, engineering, business and cinematic arts, to form interdisciplinary relationships and accelerate the future of fully integrated, “connected” medicine. Saxon participates in the preclinical and clinical development and testing of wearable and implanted technology, including networked devices used in medicine, wellness and performance. Her active research programs involve connected sensors with elite athletes, military groups and patients. Her work is dedicated to providing users with continuous and protected information about their health or performance status. She leverages her clinical expertise to develop device models and software solutions that offer engaging user feedback–based real-time physiologic data.
Saxon has spoken at various forums, including TEDMED, SXSW and WIRED Health. She is regularly quoted in popular media outlets, including the Wall Street Journal, New York Times, BBC and Fast Company
Julian M. Goldman, MD is Medical Director of Biomedical Engineering for PartnersHealthCare System, an anesthesiologist at the Massachusetts General Hospital, and Director of the Program on Medical Device Interoperability based at MGH, Partners, and CIMIT.
Dr. Goldman founded the Medical Device "Plug-and-Play" (MD PnP) Interoperability research program in 2004 to promote innovation in patient safety and clinical care by leading the adoption of safe, secure, patient-centric integrated clinical environments. The MD PnP team has been recognized by multiple awards, including the Edward M Kennedy award for Healthcare Innovation.
Dr. Goldman is Board Certified in Anesthesiology and Clinical Informatics. He completed anesthesiology residency and research fellowship in medical device informatics at the University of Colorado. He departed Colorado as a tenured associate professor to work as an executive of a medical device company. Subsequently, Dr. Goldman joined Harvard Medical School and the Department of Anesthesia, Critical Care, and Pain Medicine at MGH in 2002 as a staff anesthesiologist, where he served as a principle anesthesiologist in the MGH "Operating Room of the Future".
Dr. Goldman co-chaired the FCC mHealth Task Force, the HIT Policy Committee FDASIA Workgroup regulatory subgroup, and the FCC Consumer Advisory Committee healthcare working group. He served on the NSF CISE Advisory Committee, as a Visiting Scholar in the FDA Medical Device Fellowship Program, and as a member of the CDC BSC for the NCPHI. Dr. Goldman currently serves in leadership positions in several healthcare standardization and innovation organizations including Chair of ISO Technical Committee 121, Co-Chair of the AAMI Interoperability Working Group, Co-Chair of the Healthcare Task Group of the Industrial Internet Consortium, and Chair of the Use Case Working Group of the Continua Health Alliance (now the Personal Connected Health Alliance).
Dr. Goldman is an IEEE EMBS Distinguished Lecturer, and the recipient of the International Council on Systems Engineering Pioneer Award, American College of Clinical Engineering (ACCE) award for Professional Achievement in Technology, the AAMI Foundation/Institute for Technology in Health Care Clinical Application Award, and the University of Colorado Chancellor's "Bridge to the Future" award.
David Guffrey, MS, MSM, HCISPP, ITIL is the Biomedical Cybersecurity Specialist for Partners HealthCare. David leads the medical device cybersecurity program for research and operations across the largest healthcare system in Massachusetts. David’s background includes R&D in brain computer interfacing and neural prosthetic systems, linear and non-linear signal processing, electrical stimulation and feedback systems, virtual reality, as well as network and server architectures and medical device integration with electronic health records (EHR). In his current appointment, David leads myriad projects and activities across the Partners HealthCare enterprise. A major component of his work has been centered around architecting the MDPnP Cyber Lab, a state-of-the-art medical device cybersecurity laboratory with funding provided by the United States Department of Homeland Security (DHS) and Food and Drug Administration (FDA). David’s daily work includes risk assessments, technology assessments, penetration testing, and emergency preparedness & response activities as well as the nitty gritty work of applying his cybersecurity expertise to procurement contract negotiations. David is a leading voice representing healthcare delivery organization (HDO) interests in the national standards community. David’s passion lies at the nexus of medical devices, information technology, personnel practices and policies, and tackling the cybersecurity challenges of today to lay the groundwork for tomorrow.
Instructions for joining DHS IMPACT and requesting medical device network data from Massachusetts General Hospital
1) Go to the IMPACT website: https://www.impactcybertrust.org/login
2) Click on “REGISTER”
3) Create an account and complete the registration process
4) Once your account is created, return to the IMPACT site: https://www.impactcybertrust.org/login
5) Enter your “User Name” and “Password” to log into your account
6) Click on “Search”
7) Click on “DATA & TOOLS Catalog
8) Navigate to the left “FILTER” pane and click on “Massachusetts General Hospital”
9) This will display data sets available from MGH
10) Click on a data set title
11) The detailed description of the data set you are interested in will open in a new window
12) Click “Request” in the upper right hand corner of the data set window
13) Complete the request form per instructions and click “Submit”
14) The data request will be reviewed by IMPACT personnel and then forwarded onto MGH personnel
2:30 PM: Amputees and Prosthetic Challenges: Creating Functionality, Dignity Restoring, Interaction, and Enabling Technology
Speakers: Wayne Penn, Laurel Koss, Chuck Hildreth Jr.
Abstract: The human body is the most elegant and complex machine ever created, but often we do not realize how well it works until a major system has been compromised such as with an amputation severing and removing an element of the neuromuscular and skeletal system. There are 1 million annual limb amputations globally, which equates to one every 30 seconds. With those kinds of numbers and what we see in science fiction TV and film, one would expect that prosthetic technology is ubiquitous and advancing at an exponential pace. However, prosthetic technology advancement can be correlated with periods immediately following military conflicts and still not able to fully replicate anatomical function, which is why we are seeking assistance of those at DEFCON’s Biohacking Village to collaborate and help create prosthetic solutions. Wayne Penn, a biomedical engineer and entrepreneur, will be joined by bi-lateral amputee Chuck Hildreth Jr., and Occupational Therapist Laurel Koss to discuss the etiology and epidemiology of amputations, challenges amputees face, the secondary or associated conditions and complications, and their shared experiences while working on advanced robotic prosthetic limb research programs such as the DEKA/DARPA/Mobius Bionics Luke Prosthetic Arm System. Chuck will give a demonstration of the Luke Arm System, the only full powered shoulder down prosthetic arm system in existence. Introductions will be given to the two BHV Prosthetic Labs taking place following the talk and ran by this presentation team. The first Lab will be to create a family of Quick Change Magnetic Adapters for Activities of Daily Living to hold items for personal hygiene as well as items for eating and food preparation utilizing 3D Printing. The second Lab, Thermo Limbs, will be introduced by 7th graders, Piper Vail Lalla and Ava Conlon, who won the Best Idea in the Medical Field and a $20,000 grant for a patent application at the National Invention Convention. This lab will focus on creating microprocessor controlled cooling systems for amputees, as thermal regulation is a major issue that affects amputees with the loss of their major sweat and heat dissipation surfaces.
Wayne is a biomedical engineer and entrepreneur. He received his undergraduate degree in biomedical engineering from Columbia University, and his graduate degree in mechanical engineering with a focus on biomechanics from Boston University. He worked as the Clinical Research Coordinator at DEKA Research & Development on the DARPA/DEKA Luke Prosthetic Arm Project and the Product Marketing Manager for the MIT Media Lab startup iWalk for the BiOM Powered Prosthetic Ankle System, now the Ottobock Empower Ankle. He has continued his work in prosthetics focusing on advanced human interface, controls, and fitting systems for amputees while working in partnership with biodesigns. Wayne founded and leads his multidisciplinary engineering and design team at Charged Concepts, whose mission is to turn innovative concepts into impactful real world technology, programs, and initiatives.
Laurel Koss has been an Occupational Therapist for 21 years. She received her undergraduate degree from the University of Pittsburgh, and her Occupational Therapy education from Duquesne University. Laurel worked as a Subject Matter Expert and Clinical Research Specialist at the James A Hayley VA Tampa Regional Amputee Center of Excellence, where she and Wayne worked together on the DARPA/DEKA Luke Prosthetic Arm Clinical Trials. Additionally, she has worked as a Patient Advocate at the Durham VA Medical Center and now works at Relias Learning where she teaches and writes Occupational Therapy Curriculum.
Chuck Hildreth Jr. was injured in an electrical substation accident in 1981. As a result he lost both arms and suffered electrical exit wounds on his kneecaps as well as his feet. He is a positive father of 2 and gives encouraging talks to new amputees. He served as the lead test pilot and amputee trainer for the DARPA/DEKA Luke Prosthetic Arm System for all 3 generations of its development. Additionally, Chuck is a competitive downhill skier, and is the President of Lakes Region Disabled Sports, a non-profit organization that provides recreation and fitness for individuals with disabilities in a safe, supportive, independent, and fun environment.
4:15 PM: Hacking Wetware with Open Source Software and Hardware: The DIY Artificial Pancreas
Speaker: Jay Lagorio
Abstract: Managing diabetes revolves around stagnated tech from the 80s and 90s. Hackers took their lives into their hands by augmenting inadequate products after market. Building iterations of a DIY artificial pancreas and real-life examples of will be discussed and at least one will be working on the presenter. Replacing human intervention with technology betters quality of life. See what happens when hackers decide they’re not waiting around for government and the MedTech industry to do better.
Speaker Bio: Jay Lagorio, a software engineer and independent security researcher, has been building computers and networks and writing code nearly his entire life. He received a B.S. in Computer Science from UMBC in 2008 and an M. Eng. from the Naval Postgraduate School in 2015.
5:00 PM: Beyond the Firmware: A Complete View of the Attack Surface of a Networked Medical Device
Speaker: Dr. Avi Rubin
Abstract: Even a device with the most ironclad firmware can still be subject to a broad variety of attacks depending on its interaction with other external components. This presentation will examine commonly overlooked vulnerabilities in medical device deployments, with real-world examples discovered either during a certification process or through regulatory review. These vulnerabilities serve as cautionary examples of the extensive, but not always apparent, attack surface of medical devices.
Speaker Bio: Dr. Avi Rubin is a Professor at Johns Hopkins University, where he serves as the Technical Director of the JHU Information Security Institute. He is also the founder and director of the JHU Health and Medical Security Lab, where his work is advancing medical device security and healthcare networks.
7:15 PM: Medical Device Incident Response, Forensics, and “IT’s” Challenges
Speakers: Sam Buhrow, Adam Bravo, Randy Riden
Abstract: Performing incident response (IR) and forensics on Medical devices is met with unique challenges due to manufacturers focus on longevity, but not security. This creates an environment with OS’s that are outdated, making live acquisitions almost impossible and conducting “Dead Box” forensics a standard practice. In this talk, we will cover some of the experiences we have had with medical device forensics, artifacts found (and not found), and the unique security concerns encountered.
Sam is a cybersecurity practitioner that has had the opportunity to do, manage, or lead nearly every role in cyber, and has been in every vertical except Energy. Sam was told he wouldn’t go to college by his high school counselor. He graduated Summa Cum Laude.
Adam served in the US Navy onboard the USS Halsey out of San Diego from 2006 – 2011 as a Sonar Technician 2nd Class (STG2). Upon separation from the Navy he began furthering his education and obtained his BS in Computer Information Systems with an emphasis in computer forensics in 2014. Since then he has been working as a computer forensic examiner/analyst in the education field and then healthcare for the past two years. He has multiple forensic and security certifications including CISSP, GCFA, GCFE, and EnCE. He is currently an IT Security Sr. Analyst in a large healthcare company where he has experienced many pitfalls and victories while responding to potential medical device security incidents.
Randy served in the US Air Force as an Instrument and Flight Control Specialist under the Air Force Special Operations Command. Randy transitioned from his military career in Avionics to a civilian career in Digital Forensic Investigations. Since then he has grown in the Information Security workspace from litigation support to military contractor, higher education, and presently healthcare. He holds multiple certifications in fraud, forensic and security including CISSP, CISA, CHFI, CFE, CCE and EnCE. He is currently the Senior member of the Incident Management team as the IT Security Sr. Consultant for a non-profit healthcare organization.
6:30 PM: 0-Day Inside: Analog Analytics, Blood, Muscle, and Electricity
Speaker: Mandy Logan
Abstract: Brainstem & cerebellar strokes=0day for me. No inside voice. No ability to comprehend speech or form words. No movement, no memories. Filters removed. Senses heightened in ways that threatened life. I lived through being “reset to abilities of a 6-mo” and spent 1000’s of hours formulating a new OS based on on/off response of my body’s electrical system and defining electrical signature of words, emotions, sensations, everything. Come listen. Grow stronger.
Speaker Bio: After 5 strokes & major injuries, Mandy is no longer in const/eng. She used life hacking skills from a non-traditional background to re-establish neuro control using her tongue against her teeth & perseverance. Now, as a happy dyslexic autie, she pursues biohacking/stand up/fun/improving lives.
5:45 PM: The Biology of Malware
Speaker: Turtle Snap
Abstract: Drawing the connections between how human biology is affecting the evolution of malware. This talk will discuss how malware can affect biological virus research and be used for future medical research. Basically, a cool malware talk that will hopefully make you excited or s*&^ your pants.
Speaker Bio: Turtle has dedicated the last 5 years of her career researching malware and providing foresight into future attacks and international terrorism. Her goal is to one day work full time in the United Kingdom providing offensive research to commercial entities.