Hacker Shows and Tells Health Care CIOs Why Security is Important

Kevin Mitnick, famous former hacker, gives thought provoking demonstration to open CHIME-HIMSS CIO Forum

Before the 2017 HIMSS Annual Conference and Exhibition kicked into high gear, the CHIME-HIMSS CIO Forum opened with a keynote address Sunday morning that reinforced just how terrifyingly easy it is to hack into seemingly sophisticated systems, using the right tools and brainpower.

Given the fact that managing the health of populations is becoming more reliant on data, protecting this growing repository of information from cyber attacks is becoming increasingly important — especially to a room full of CIO’s.

However, according to the 2016 HIMSS Cybersecurity Survey, two-thirds of respondents experienced a recent significant security incident, but admitted to only an average level of confidence in being prepared to defend against cyberattacks.

In that vein, during the keynote “The Art of Deception: How Hackers and Con Artists Manipulate You and What You Can do About it,” Kevin Mitnick carried out real-time hacking demonstrations, through the most common form of attack used today — “social engineering,” he says.

The technique involves a “con” tricking a human user into doing something, let’s say downloading a software attachment from what seems like a trusted source, then having the software feed information to the hacker to get further valuable information down the road.

The approach is relatively easy to use, cheaper and hard to trace, says Mitnick, who once earned a spot on the FBI’s most wanted list after hacking more than 40 corporations, but now serves as a security consultant to Fortune 500 companies and governments. “All it takes is one employee inside the business to screw up,” he says.

With four computers spread out over a table on stage, Mitnick breezed through more than five different data hacks. One hack, which he called his favorite, involves sending a barrage of pop-ups to a user requesting to update a simple program such as Adobe. The pop-up annoys the user into downloading the false upgrade. Mitnick’s overhead screens showed simple, but useful data flow onto his computer as the user (his other computer) installed the false upgrade.

In another demonstration Mitnick borrowed a common HID Access card, commonly used to gain access to floors in buildings, from an audience member, and used a small device to automatically hack into the card and gather all the information necessary to gain building access.

Even more terrifying, was the larger version of the device that he says can be stored in a backpack and can steal information within three feet of a similar badge. He handed both cards back to the gentleman saying, “if you lose that one, here’s a backup just in case.”

As the session was nearing an end, and I wondered if he came to Orlando just to send chills down every CIO’s spine, the man billed as "the world’s most successful hacker” offered some advice.

Protect HIPPA and proprietary data and create a more sophisticated type of system that is difficult to hack, he says. The people looking to make money fast will not target you, they will go to another company with less security.

“You can take the steps necessary to make yourself a hard-target.” 

Read this article and other great ones at the source.

Source: Hospitals & Health Networks

Topics: Social Engineering, Speaking Engagements, The Art of Deception, CHIME HIMSS CIO Forum, cyber security, false upgrade, hacking, malicious software updates, Kevin Mitnick Security Awareness Training, cyber attack, protecting data, HID Access card, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Bypassing Key Card Access: Shoring Up Your Physical Security

As you build additional layers of defense into your cybersecurity framework, it's important to implement physical security strategies as well.

Read more ›

How to Prioritize Your Pentesting Report’s Remediation Recommendations

If you recently received a penetration test, you’re on the right track to improving your cybersecurity posture. However, you may be wondering what the..

Read more ›

Understanding Post-Inoculation Cybersecurity Attack Vectors

If you’ve recently improved your cybersecurity posture, you should know that the work to protect your company’s data is not over.

Read more ›