2015 Atlanta CHIME Lead Forum
-
Upload
health-it-conference-iht2 -
Category
Healthcare
-
view
235 -
download
0
Transcript of 2015 Atlanta CHIME Lead Forum
A CHIME Leadership Education and Development Forum in collaboration with iHT2
In the Cyber Trenches
● Rusty Yeager, SVP and CIO, HealthSouth Corporation ●
#LEAD15
Inpatient Rehabilitation
Sept. 30, 2015 Portfolio as of... Oct. 1, 2015
109 Inpatient Rehabilitation Hospitals
120
33 Number of IRFs operated as JVs with acute care partners 33
7,422 Licensed Beds 8,324
29 Number of States (plus Puerto Rico) 29
HealthSouth - Post Reliant and CareSouth
Encompass Home Health and Hospice
Sept. 30, 2015 Portfolio as of... Nov. 1, 2015
134 Home Health Locations 179
7 Pediatric Home Health Locations 7
23 Hospice Locations 23
18 Number of States 23
The Game has Changed
Don’t Fight the Last War!
Key Observations
• Threat actors continue to evolve and innovate at a rapid pace which increases their ability to penetrate and compromise systems and to avoid detection
• Healthcare information is more valuable to thieves than credit card numbers or other Personal Identifiable Information
• The game has changed and the Human (user/administrator)has become the main target
The Evolving War….now its personal!
• The Warriors
– Hacktivists
– Sovereign cyber-warriors
– Organized crime
• The Weapons
– Spear-Phishing
– Malvertising
45% of respondents say that their organizations suffered a targeted attack in the last year.
54% of respondents say that their biggest challenge to thwarting these attacks is the increased sophistication of threats.
95% of directed attacks were accomplished using the Spear Phish. A well-crafted and personally/ professionally-relevant email is sent to a targeted user(s), prompting them to open an attachment or click a link within the message. Inevitably, they take the bait, at which point malware installs on the system, a backdoor or command channel opens, and the attacker begins a chain of actions moving toward their objective. Winter 2013 survey by Information Security Media Group of 200
CISOs, CIOs, Directors of IT and other senior leaders who work primarily in the financial services industry.
2014 Data Breach Investigations Report: Verizon
How Does it Go Down? • Reconnaissance or Intelligence Gathering
– Publically available information about business processes and employees
– Vendors and business partners are often used as well
• Perimeter Service Enumeration – Publically available services in the DMZ
– Cloud based services
– Business Partners
• Persistence – Attackers will implement a persistent foot hold into the network. This can include multiple persistent services in the network, or
having access to multiple credentials that allows them access into the network.
• Privilege Escalation and internal service enumeration – Attackers will often attempt to gain administrative access to the targets network.
– This is not always necessary if their current access provides access to sensitive data or infrastructure
• Exfiltration – Attackers will attempt to ex-filtrate sensitive data or information from the targets network.
– Access to email, and cloud services are often used. 7-zip is also very common as attackers reduce the size and split data into undetectable block of data.
“Governance To-Dos”
• Process Review
– Pick a Framework
• Technical Review
– “No-Holds barred”
• Environmental Assessment
“Cultural To-Dos”
• Leadership is Key… From the top
• Security is everyone’s problem
• Show Don’t Tell
• Continued Messaging
• Think like an attacker
“Technical To-Dos”
• Dual Factor Authentication
• Network Segmentation – Internal firewalls
– ACLs
• Authentication Reviews – Access
– Process
• Password Strenthening
Q & A
Speaker(s) Contact Information [email protected]
A CHIME Leadership Education and Development Forum in collaboration with iHT2
Insert Twitter handle(s) here
A CHIME Leadership Education and Development Forum in collaboration with iHT2
Dee Cantrell, RN, BSN, MS, FHIMSS
Chief Information Officer Emory Healthcare
#LEAD15
Emory’s Story Things to try Threat Profile Technical Security Profile Frameworks Biggest Threats Lessons Learned
“WARNING. You have violated information security safeguards, an email notification has been sent to a federal agency, your supervisor and your mother.”
What happens when the security system detects unauthorized access.
Emory’s Threat Landscape
• 900 attackers quarantined per month
• 4.2 M explicit attacks blocked per month
• 161 M communication attempts blocked
per month
• 49M malicious web sites blocked per
month
Basic Stats
• Blocked
32.2 Million Messages
• Quarantined
28.9 Million Messages
• Delivered
5.8 million Messages
Messages
Emory’s Technical Security
Profile
Frameworks
Emory’s Framework
Biggest Threats
Lessons Learned • Employees still biggest threat • Risk management part of Org Culture – Enterprise
Risk Management Board • Constant campaigns and approaches for awareness –
“Search and Secure”, phishing, etc. • Annual required education with competency
assessment • Onboarding training for new staff • Continuous improvement of Breach Investigation and
Notification Process
A CHIME Leadership Education and Development Forum in collaboration with iHT2
@cantrelldedra