jm + medical   7

Securing wireless neurostimulators
The latest generation of such devices come with remote monitoring and reprogramming capabilities, via an external device programmer. The manufacturers seem to have relied on security through obscurity (when will we ever learn!) with the very predictable result that the interface turns out not be secure at all. So we end up with a hackable device connected directly to someone’s brain.
security  brain  health  medical  devices  iot  exploits  neurostimulators 
4 weeks ago by jm
Remote Code Execution on the Smiths Medical Medfusion 4000 Infusion Pump
'Between March and June of 2017 I spent around 400 hours of personal time analyzing the Smiths Medical Medfusion 4000 infusion pump for security vulnerabilities. The devices analyzed had software versions 1.1.2 and 1.5.0. The flaws discovered (the most critical of which was a DHCP buffer overflow in the MQX operating system used) were disclosed in a coordinated fashion and are detailed by ICS-CERT in ICSMA-250-02A and CERT in VU#590639.

The goal of this exercise was to help protect patients that rely on therapy provided by the pump, to raise awareness of the risk present in unpatched versions of the device, and, finally, to contribute to the corpus of embedded/IoT security research.'
medical  infusion-pumps  security  iot  safety  exploits  embedded-systems  reversing 
january 2018 by jm
How to invoke section 4 of the Data Protection Acts in Ireland
One wierd trick to get your personal data (in any format) from any random organisation, for only EUR6.35 and up to 40 days wait! Good to know.
Hospitals and doctors’ offices in Ireland will give a person their medical records if they ask for them. Mostly. Eventually. When they get to it. And, sometimes, if you pay them over €100 (for a large file).

But, like so much else in the legal world, there is a set of magic words you can incant to place a 40 day deadline on the delivery of your papers and limit the cost to €6.35 -- you invoke the Data Protection Acts data access request procedure.
data-protection  privacy  data-retention  dpa-section-4  data  ireland  medical  law  dpa 
february 2014 by jm
UK NHS will soon require GPs pass confidential medical data to third parties
Specifically, unanonymised, confidential, patient-identifying data, for purposes of "admin, healthcare planning, and research", to be held indefinitely, via the HSCIC. Opt-outs may be requested, however
opt-out  privacy  medical  data  healthcare  nhs  uk  data-privacy  data-protection 
january 2014 by jm
Flickr: gruntzooki's stuff tagged with femur
Cory Doctorow got an MRI of his femur in prep for a surgical procedure -- and his wife used it to make a 3D-printed titanium keyring! awesome. I want to do this with MY SKULL
3d-printing  gadgets  cool  keyrings  tchotchkes  nifty  toys  gifts  mri  medical  bones  from delicious
march 2011 by jm
Auto-appendectomy in the Antarctic: case report -- Rogozov and Bermel 339: b4965 -- BMJ
holy shit. This is absolutely amazing, a first-person account of auto-appendectomy (via infovore)
history  science  russian  medicine  antarctica  medical  amazing  appendectomy  surgery  from delicious
january 2010 by jm
Irish College of General Practitioners' advice on H1N1
promises to be frequently updated if/when anything might happen. certainly better advice for Irish sufferers than the useless PR spooge put out by the HSE -- as usual
ireland  hse  icgp  medical  h1n1  flu  disease  pandemic 
august 2009 by jm

Copy this bookmark:



description:


tags: