The critical nature of healthcare systems has made penetration testing difficult in the past due to uncertain outcomes. CISOs have begun to understand that traditional cybersecurity assessments do not provide the same insight a penetration test could. This has left a gap between a traditional penetration test, which is not optimized for healthcare information systems, and the need for a deeper technical dive into these systems, with a specialized care to avoid systems that could cause unnecessary system downtime or impact patient care.
Organizations can have more confidence when performing a penetration test by carefully determining the scope of the assessment, planning for clear and open communication, and having an understanding of unique healthcare technologies and protocols.

Learning Objectives:

• Understand the difference between penetration testing and vulnerability assessments
• Understand how penetration testing differs across industries
• Learn how healthcare penetration tests can be tailored to the client
• Understand the value proposition penetration testing can bring to healthcare
• Learn about future considerations for penetration testing in healthcare

Rick O’Leary, Senior Digital Security Consultant, Crowe LLP
Evan Kiel, Digital Security Consultant, Crowe LLP