Загрузка...

Healthcare Security in Focus: Applying Lessons from Real-World Penetration Tests

Standard vulnerability scans often miss the high-impact risks that lead to real-world breaches. In this collaborative webinar with Health-ISAC, Andrew McNicol of Breakpoint Labs shares actionable insights from 16 years of "hacking hospitals" to help healthcare leaders move beyond compliance and toward true resiliency.

This session explores how attackers bypass traditional defenses by exploiting application logic, misconfigured Active Directory environments, and human error. Andrew also discusses five key takeaways developed in coordination with HHS OIG to help hospitals secure their most critical, life-supporting systems.

Key Moments & Timestamps

00:00 – Introductions: Healthcare Security in Focus
03:47 – Phase 1: Planning a Pen Test for Life-Supporting Systems
07:43 – The Hybrid Approach: Why Purple Teaming is Essential
10:13 – Reducing Risk: The "Assumed Breach" Scenario
15:00 – How a Pen Test Mirrors Real Adversary Behavior
18:30 – Beyond CVEs: Why Attackers Abuse Application Logic
21:30 – The Help Desk Backdoor: Bypassing MFA with a Single Call
26:19 – Brute-Forcing "Secret Questions" with AI Assistance
30:52 – Active Directory Hazards: Why "Disabled" Accounts Can Still Be Abused
37:38 – Network Shares & Snaffler: Finding Exposed Sensitive Data
39:53 – Physical Security Bypass: Using Compressed Air to Unlock Doors
46:00 – AI in Healthcare: Governance, Procurement, and Feature Abuse
49:12 – 5 Key Takeaways for Resilient Security (Developed with HHS OIG)
52:45 – Q&A: Corporate Entity Risks and Medical Device Segmentation

Resources:
Visit our Blog & Video Hub: Explore deep dives on Active Directory security and technical attack walkthroughs at https://breakpoint-labs.com/blog/ https://breakpoint-labs.com/videos/

Presented by Andrew McNicol: Cybersecurity expert, penetration tester, and security strategist. Andrew specializes in uncovering the hidden risks in business processes and physical security layers that leave organizations vulnerable to real-world attacks.

#HealthcareSecurity #HealthISAC #PenetrationTesting #CISORisk #HHS

Видео Healthcare Security in Focus: Applying Lessons from Real-World Penetration Tests канала BreakPoint Labs
HHS OIG cybersecurity medical device security Active Directory security healthcare pen testing hospitals HIPAA compliance vs security Assumed Breach scenario MFA bypass techniques application logic attacks Snaffler AD purple teaming healthcare physical security bypass AI in healthcare security Zero Trust healthcare BreakPoint Labs Andrew McNicol patient safety cybersecurity resilient healthcare security
Комментарии отсутствуют
Зарегистрируйтесь или войдите с
Информация о видео
6 февраля 2026 г. 19:59:14
00:59:23
BreakPoint Labs
Теги
Правообладателям
Жалоба на материал Недопустимый материал Нарушение авторских прав
Комментарии
Поделиться
Другие видео канала

Auditing Network Shares: Using Snaffler and GoWitness to Find Hidden RiskAuditing Network Shares: Using Snaffler and GoWitness to Find Hidden Risk

Beyond Automated Tools and TestingBeyond Automated Tools and Testing

How to Automate BloodHound Triage with AD-RECON (2026 Tutorial)How to Automate BloodHound Triage with AD-RECON (2026 Tutorial)

BreakPoint Labs AI Red Teaming Playground Labs Part 3 - Code with PyRIT#airedteaming #cyberattackBreakPoint Labs AI Red Teaming Playground Labs Part 3 - Code with PyRIT#airedteaming #cyberattack

Active Directory Risks That Have Been Sitting in Your Network for YearsActive Directory Risks That Have Been Sitting in Your Network for Years

How to Find Attack Paths in BloodHound with AD-RECON (Part 2)How to Find Attack Paths in BloodHound with AD-RECON (Part 2)

Tips For Improving Vulnerability ManagementTips For Improving Vulnerability Management

How to Automate BloodHound Triage with AD-RECONHow to Automate BloodHound Triage with AD-RECON

How to Start Your InfoSec CareerHow to Start Your InfoSec Career

How to Find and Fix Critical Active Directory (AD) Certificate Flaws TodayHow to Find and Fix Critical Active Directory (AD) Certificate Flaws Today

AI Red-Teaming Playground Labs: Challenge 2 with Custom Converter & Scorer #airedteaming #aiAI Red-Teaming Playground Labs: Challenge 2 with Custom Converter & Scorer #airedteaming #ai

BreakPoint Labs AI RedTeamIng Playground #cybersecurity #ai #AIRedTeaming #redteaming #howtoBreakPoint Labs AI RedTeamIng Playground #cybersecurity #ai #AIRedTeaming #redteaming #howto

Detecting the DCSync Attack | Active Directory SecurityDetecting the DCSync Attack | Active Directory Security

Intro to Linux for Security AnalystsIntro to Linux for Security Analysts

How a printer handed us domain adminHow a printer handed us domain admin

Your Hospital Has Internet-Facing Devices It Doesn't Know About. Here's the Risk.Your Hospital Has Internet-Facing Devices It Doesn't Know About. Here's the Risk.

Why Attackers Love "Lack of SMB Signing"Why Attackers Love "Lack of SMB Signing"

5 Security Keys: Critical Takeaways from Real-World Hospital Penetration Tests5 Security Keys: Critical Takeaways from Real-World Hospital Penetration Tests

AI in Healthcare: Secure Innovation vs. Rapid AdoptionAI in Healthcare: Secure Innovation vs. Rapid Adoption

3 Ways to Immediately Improve Your Hospital’s Security3 Ways to Immediately Improve Your Hospital’s Security

Яндекс.Метрика
© 2008-2026 «Информационно-развлекательный портал города Верхняя Салда»
salda.ws@mail.ru salda_ws Контакты Карта портала Сообщить об ошибке Соглашения Пользовательское соглашение Соглашение о конфиденциальности Согласие на обработку персональных данных Информация для правообладателей Об использовании Cookies
Все заметки Новая заметка Страницу в заметки
Страницу в закладки Мои закладки
На информационно-развлекательном портале SALDA.WS применяются cookie-файлы. Нажимая кнопку Принять, вы подтверждаете свое согласие на их использование.
О CookiesНапомнить позжеПринять