Cyber Security Update for Healthcare · Cyber Security Update for Healthcare: What You Need to...
Transcript of Cyber Security Update for Healthcare · Cyber Security Update for Healthcare: What You Need to...
Cyber Security Update for Healthcare:
What You Need to Know
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Derrick Weisbrod
Founding Advisor
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Melony Tanko
President/Co-Founder
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Learning Objectives
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Top 3 breaches of 2017
Number of records breached
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Molina Healthcare
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Indiana Medicaid
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Airway Oxygen
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Top 3 Threats
Ransomware
Social Engineering
Phishing
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Top 3 Threats
Files are encrypted and held for ransom
Examples like: Wannacry, Cryptolocker, Jigsaw
Often have to revert to backups because paying the ransom is never a good idea
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Top 3 Threats
Most commonly occurs via email
Real world example: Wire transfer
Individuals are the target
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Criminal actors posing as legit companies
Google and John Podesta
Individuals are the target
Top 3 Threats
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Threats over the last 10 years
More sophisticated and effective
Increased financial damage
Target changes from businesses to individuals
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
0
100,000,000
200,000,000
300,000,000
400,000,000
500,000,000
600,000,000
700,000,000
2008 2009 2010 2011 2012 2013 2014 2015 2016 2017
Malware in the millions
Total Malware
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Malware Detection Sorted by Operating system
Windows Android MacOS Linux Other
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
HIPAA Security Rule
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
What are the basis for HIPAA Security Rules?
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
What does best practice IT mean?
Tools being used
The way you are treated by the IT person
Keeping hardware warrantied
Testing data backups
Patching Systems proactively
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Security Tools Used with Best Practice IT
• AV, Malware, IPS, IDS
Business Class Firewall
• In particular, with USB Controls
Business Class Antivirus
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Security Tools Used with Best Practice IT
SPAM Filtering
Web Filtering
Keeping Security Subscriptions Maintained
What did Melony tell us about how these threats have changed?
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Processes Deployed Best Practice IT
Patching
Operating Systems
Office Productivity
Tools
Other Third Party
Software Installed
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Processes Deployed Best Practice IT
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Processes Deployed Best Practice IT
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Processes Deployed Best Practice IT
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Processes Deployed Best Practice IT
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Summary
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
The Fines
5.5 Million dollars
Memorial Healthcare Systems
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
2.5 Million dollars
CardioNet
The Fines
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
University of Mississippi Medical Center
2.75 Million dollars
The Fines
INTRODUCTION THREAT LANDSCAPE MITIGATION FALLOUT
Why is Security so Important?
Thank You
Derrick Weisbrod
Founding Advisor
www.htadvisorsllc.com
Melony Tanko
President/Co-Founder
www.kypher.com