Hacker Shows and Tells Health Care CIOs Why Security is Important

Kevin Mitnick, famous former hacker, gives thought provoking demonstration to open CHIME-HIMSS CIO Forum

Before the 2017 HIMSS Annual Conference and Exhibition kicked into high gear, the CHIME-HIMSS CIO Forum opened with a keynote address Sunday morning that reinforced just how terrifyingly easy it is to hack into seemingly sophisticated systems, using the right tools and brainpower.

Given the fact that managing the health of populations is becoming more reliant on data, protecting this growing repository of information from cyber attacks is becoming increasingly important — especially to a room full of CIO’s.

However, according to the 2016 HIMSS Cybersecurity Survey, two-thirds of respondents experienced a recent significant security incident, but admitted to only an average level of confidence in being prepared to defend against cyberattacks.

In that vein, during the keynote “The Art of Deception: How Hackers and Con Artists Manipulate You and What You Can do About it,” Kevin Mitnick carried out real-time hacking demonstrations, through the most common form of attack used today — “social engineering,” he says.

The technique involves a “con” tricking a human user into doing something, let’s say downloading a software attachment from what seems like a trusted source, then having the software feed information to the hacker to get further valuable information down the road.

The approach is relatively easy to use, cheaper and hard to trace, says Mitnick, who once earned a spot on the FBI’s most wanted list after hacking more than 40 corporations, but now serves as a security consultant to Fortune 500 companies and governments. “All it takes is one employee inside the business to screw up,” he says.

With four computers spread out over a table on stage, Mitnick breezed through more than five different data hacks. One hack, which he called his favorite, involves sending a barrage of pop-ups to a user requesting to update a simple program such as Adobe. The pop-up annoys the user into downloading the false upgrade. Mitnick’s overhead screens showed simple, but useful data flow onto his computer as the user (his other computer) installed the false upgrade.

In another demonstration Mitnick borrowed a common HID Access card, commonly used to gain access to floors in buildings, from an audience member, and used a small device to automatically hack into the card and gather all the information necessary to gain building access.

Even more terrifying, was the larger version of the device that he says can be stored in a backpack and can steal information within three feet of a similar badge. He handed both cards back to the gentleman saying, “if you lose that one, here’s a backup just in case.”

As the session was nearing an end, and I wondered if he came to Orlando just to send chills down every CIO’s spine, the man billed as "the world’s most successful hacker” offered some advice.

Protect HIPPA and proprietary data and create a more sophisticated type of system that is difficult to hack, he says. The people looking to make money fast will not target you, they will go to another company with less security.

“You can take the steps necessary to make yourself a hard-target.” 

Read this article and other great ones at the source.

Source: Hospitals & Health Networks

Topics: Social Engineering, Speaking Engagements, The Art of Deception, CHIME HIMSS CIO Forum, cyber security, false upgrade, hacking, malicious software updates, Kevin Mitnick Security Awareness Training, cyber attack, protecting data, HID Access card, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

6 Types of Social Engineering Attacks and How to Prevent Them

Social engineering attacks account for a massive portion of all cyber-attacks.

Read more ›

What You Get When You Invest in Social Engineering Testing with Mitnick Security

When testing your employees' social engineering readiness, your teams need simulated attacks that feel as if they’re coming from a nefarious engineer...

Read more ›

Mitnick Security: Ransomware Awareness Training

Ransomware is a type of malware that prevents accessibility to either a single computer or an entire network until a ransom is paid. This can result i..

Read more ›
tech-texture-bg