Malicious attacks were the listed as the dominant threat vector and source of healthcare breaches this year according to IBM’s 2020 Data Breach Report [1]. Top sources of compromises from these malicious attacks included compromised access credentials, cloud misconfigurations, and vulnerabilities in third-party software.

Opportunistic cyber attackers have seized the moment of a pandemic to target vulnerable healthcare entities and their remote workforces for their own personal gain. Attacks have leveraged COVID-19 themes for social engineering assaults, phishing campaigns, ransomware entry, and more. Healthcare organizations are on their heels trying to thwart unprecedented viruses, both physical and virtual alike.

In this CyberPHIx episode, we speak with Kevin Sacco, who leads the Ethical Hacking and Penetration Testing practice for Meditology Services. With almost 20 years in the field, Kevin talks about his experiences hacking healthcare organizations, including recent pandemic-era attacks.

Highlights of the discussion include:

• Heartless hackers: the bad guys and their motives
• Common healthcare security vulnerabilities and cybersecurity weak spots identified in penetration testing assessments
• The impact of the pandemic on attack methods, remote workforce targeting, and protection mechanisms
• Recommendations for the most cost-effective and impactful security controls to mitigate attacks
• War stories from decades of hacking healthcare entities

The average breach costs healthcare organizations $7.13m. Organizations that conduct routine penetration testing save an average of $243k per breach.

Healthcare is likely to remain in the cross hairs of attackers for some years to come. Kevin provides practical and cost-effective recommendations for thwarting these damaging attacks on our critical healthcare infrastructure.