The annual HIMSS (Society of Information Systems and Medical Care Management) Conference 2025 began forums prior to the conference on March 3 in Las Vegas, Nevada. With many forums to choose from, about 400 attendees sat on coffee and cakes to listen to the cybersecurity forum.
Cybersecurity has been a much discussed topic, especially taking into account several important infractions in health systems last year. Organizations are actively thinking about how to protect themselves from attackers.
In a technical talk with law Adversary mentality: break the ransomware attack chainErik Decker, VP and Ciso de Intermountain Health, He discussed the question of how these attacks are really happening. Shawn Anderson, director of cybersecurity of Intermountain Health, joined Decker in the discussion.
Decker mentioned that the route attackers are no surprise. This includes social engineering, third -party commitments and system vulnerability commitments. Most intrusions occur when you log in with compromised login information. «The vulnerabilities exposed to 10 billion people must be set at 72 hours,» said Decker.
«If you want to cause damage, you must reach the control systems,» Decker continued. This is the Active Directory. This is how the attackers reach privileges. “They are reaching these super users access rights, access privileges that their people have. Then, log in and take all the data. Then they push all the malware. That is the play book every time. «
Anderson enforced the importance of keeping up with the patches and continuing to test the systems.
