0      0

(ISC)2 Security Congress 2022

SC2265 - Healthcare Hacked! Culture, Costs, and Cures

Oct 11, 2022 1:35pm ‐ Oct 11, 2022 2:35pm


Attackers targeted healthcare more than any other industry in 2021, accounting for 34% of incidents—more than one third. What’s the remedy? This session analyzes root causes for the sharp rise in attacks by presenting accurate historical and current data, analysis and conclusions pertaining to international and domestic healthcare breaches from 2009 to present day. We'll scrutinizes the subculture within healthcare IT over time and current emerging trends, including rapid cybersecurity prioritization following the onset of the COVID-19 pandemic and lingering resource gaps. The session provides a summary of counted and uncounted cost of breaches using real-world cases. Attendees will take away achievable recommendations to help cure the culture and cost woes and continue to mature their healthcare IT security programs.

Learning Objectives:
  • Verbalize the differences between historical "risks" and modern "threats" in the areas of risk management/assessment, privacy, security, and information governance and identify both "Blue" and "Red" motivators. Gain a deeper contextual understanding of factors that contributed to the sharp rise in attacks in recent years and describe them.
  • Describe the total cost of recovery, including the uncountable recovery cost of hardware, supplemental resources, and the human factor cost of extended downtime. Objectively perform an impact comparison between the total costs of implementing reasonable measures before a breach vs. post-breach scenario given minimal preparation beforehand.
  • Define resource management concerns including skill gaps, availability, training, downtime and burnout. List the key value points of auditing for internal program maturation over and above audits for regulatory and standards compliance. Finally. attendees will gain an understanding of the efficiencies to be had by conducting a combined audit.


  • Rev. Wm Gregg Bridgeman, CISSP, PMP, GCIH, GISCP, GPEN, and C|eH, Manager Health IT Security & Risk, Change Healthcare

You must be logged in and own this session in order to post comments.