2015 Atlanta CHIME Lead Forum

download 2015 Atlanta CHIME Lead Forum

of 29

  • date post

  • Category


  • view

  • download


Embed Size (px)

Transcript of 2015 Atlanta CHIME Lead Forum

  • A CHIME Leadership Education and Development Forum in collaboration with iHT2

    In the Cyber Trenches

    Rusty Yeager, SVP and CIO, HealthSouth Corporation


  • Inpatient Rehabilitation

    Sept. 30, 2015 Portfolio as of... Oct. 1, 2015

    109 Inpatient Rehabilitation Hospitals


    33 Number of IRFs operated as JVs with acute care partners 33

    7,422 Licensed Beds 8,324

    29 Number of States (plus Puerto Rico) 29

    HealthSouth - Post Reliant and CareSouth

    Encompass Home Health and Hospice

    Sept. 30, 2015 Portfolio as of... Nov. 1, 2015

    134 Home Health Locations 179

    7 Pediatric Home Health Locations 7

    23 Hospice Locations 23

    18 Number of States 23

  • The Game has Changed

    Dont Fight the Last War!

  • Key Observations

    Threat actors continue to evolve and innovate at a rapid pace which increases their ability to penetrate and compromise systems and to avoid detection

    Healthcare information is more valuable to thieves than credit card numbers or other Personal Identifiable Information

    The game has changed and the Human (user/administrator)has become the main target

  • The Evolving War.now its personal!

    The Warriors


    Sovereign cyber-warriors

    Organized crime

    The Weapons



    45% of respondents say that their organizations suffered a targeted attack in the last year.

    54% of respondents say that their biggest challenge to thwarting these attacks is the increased sophistication of threats.

    95% of directed attacks were accomplished using the Spear Phish. A well-crafted and personally/ professionally-relevant email is sent to a targeted user(s), prompting them to open an attachment or click a link within the message. Inevitably, they take the bait, at which point malware installs on the system, a backdoor or command channel opens, and the attacker begins a chain of actions moving toward their objective. Winter 2013 survey by Information Security Media Group of 200

    CISOs, CIOs, Directors of IT and other senior leaders who work primarily in the financial services industry.

    2014 Data Breach Investigations Report: Verizon

  • How Does it Go Down? Reconnaissance or Intelligence Gathering

    Publically available information about business processes and employees

    Vendors and business partners are often used as well

    Perimeter Service Enumeration Publically available services in the DMZ

    Cloud based services

    Business Partners

    Persistence Attackers will implement a persistent foot hold into the network. This can include multiple persistent services in the network, or

    having access to multiple credentials that allows them access into the network.

    Privilege Escalation and internal service enumeration Attackers will often attempt to gain administrative access to the targets network.

    This is not always necessary if their current access provides access to sensitive data or infrastructure

    Exfiltration Attackers will attempt to ex-filtrate sensitive data or information from the targets network.

    Access to email, and cloud services are often used. 7-zip is also very common as attackers reduce the size and split data into undetectable block of data.

  • Governance To-Dos

    Process Review

    Pick a Framework

    Technical Review

    No-Holds barred

    Environmental Assessment

  • Cultural To-Dos

    Leadership is Key From the top

    Security is everyones problem

    Show Dont Tell

    Continued Messaging

    Think like an attacker

  • Technical To-Dos

    Dual Factor Authentication

    Network Segmentation Internal firewalls


    Authentication Reviews Access


    Password Strenthening

  • Q & A

    Speaker(s) Contact Information Rusty.Yeager@healthsouth.com

    A CHIME Leadership Education and Development Forum in collaboration with iHT2

    Insert Twitter handle(s) here

  • A CHIME Leadership Education and Development Forum in collaboration with iHT2

    Dee Cantrell, RN, BSN, MS, FHIMSS

    Chief Information Officer Emory Healthcare


  • Emorys Story Things to try Threat Profile Technical Security Profile Frameworks Biggest Threats Lessons Learned

  • WARNING. You have violated information security safeguards, an email notification has been sent to a federal agency, your supervisor and your mother.

  • What happens when the security system detects unauthorized access.

  • Emorys Threat Landscape

  • 900 attackers quarantined per month

    4.2 M explicit attacks blocked per month

    161 M communication attempts blocked

    per month

    49M malicious web sites blocked per


    Basic Stats

  • Blocked

    32.2 Million Messages


    28.9 Million Messages


    5.8 million Messages


  • Emorys Technical Security


  • Frameworks

  • Emorys Framework

  • Biggest Threats

  • Lessons Learned Employees still biggest threat Risk management part of Org Culture Enterprise

    Risk Management Board Constant campaigns and approaches for awareness

    Search and Secure, phishing, etc. Annual required education with competency

    assessment Onboarding training for new staff Continuous improvement of Breach Investigation and

    Notification Process

  • A CHIME Leadership Education and Development Forum in collaboration with iHT2