FBI Files: How Humans Get Hacked

Healthcare organizations are attractive targets for cybercrime actors due to their size, technological dependence, access to personal health information and unique impacts from patient care disruptions. Your organization’s system might be correctly configured, your software perfectly patched and your data safely secured, but a problem remains: humans can be hacked. Social engineering has become the initial access vector of choice for cybercriminals. In this session, the Federal Bureau of Investigation (FBI) will share real-life social engineering phone calls and emerging tactics cybercriminals use to exploit victims’ trust to gain initial access. It will provide examples to show how once initial access has been obtained, bad actors use privilege escalation and lateral movement to further penetrate and compromise networks. It will show how ransomware is used to encrypt healthcare data and extort the entities involved. This session will provide actual examples using Cybersecurity and Infrastructure Security Agency (CISA)/Federal Bureau of Investigation (FBI) threat briefs of actual indicators of compromise that affect the healthcare sector.