CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and...
Transcript of CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and...
![Page 1: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/1.jpg)
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTINGInvestment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor
©20
20 C
lifto
nLar
sonA
llen
LLP
Lee Painter, Principal, HC CyberSecurity and Regulatory Compliance
CyberSecurity – Protect Your Practice
![Page 2: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/2.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
About CLA
• A professional services firm with three distinct business lines– Wealth Advisory– Outsourcing– Audit, Tax, and Consulting
• More than 6,100 employees• 120 offices coast to coast
Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC.
2
![Page 3: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/3.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Speaker Introduction (Huge Nerd)Lee Painter, CISSP, CRISC, HCISPP, CCSFPPrincipal, HealthCare CyberSecurity and Regulatory Compliance• 15 years of operational experience (DoD)
• Threat Analysis and Network Defense• Incident Detection and Response• Insider Threat Analyst/Lead• System/Network Administrator
• 5 years of consulting experience• HIPAA Security Risk Analysis• HIPAA Privacy and Security GAP Assessments• Penetration Testing• Vulnerability Assessments• GDPR Data Protection Impact Assessments• Payment Card Industry Compliance Assessments
3
![Page 4: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/4.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Financial Impact of Healthcare Breaches
4
![Page 5: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/5.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Raise Your Hand If…
5
![Page 6: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/6.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
When a TV is NOT a TV…
6
https://www.theverge.com/2019/6/17/18681683/samsung-smart-tv-virus-scan-malware-attack-tweet
![Page 7: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/7.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTINGInvestment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor
The bad guys
7
![Page 8: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/8.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
“Know Thy Enemy”• Hackers have “monetized” their activity
– More sophisticated hacking– More “hands-on” effort– Smaller organizations targeted– Cybercrime as an industry
• Everyone is a target…
• Phishing is a root cause behind the majority of cyber fraud and hacking attacks
8
![Page 9: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/9.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Cybercrime as an “Industry”
• Black market economy to support cyber fraud• Hacking is run like a business where people
(criminals) specialize in different areas– Writing malware– Renting botnets– Stealing data– Selling data (collect data from various
sources/BIG DATA)– Etc.
9
![Page 10: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/10.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Largest Cyber Fraud Trends - Motivations• Black market economy to support cyber fraud
– Business models and specialization• Most common cyber fraud scenarios we see affecting our clients
– Theft of PII and PFIo W2/Payroll/Benefit info
– Theft of credit card information– Theft of Credentials and
Account take overs– Ransomware and Interference
w/ Operations
10
![Page 11: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/11.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Marketplace for Stolen Information
11
Attackers buy and sell data on cyber black market– “The Dark Web” - similar to amazon.com
![Page 12: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/12.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTINGInvestment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor
12
Cautionary Tales
![Page 13: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/13.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
RansomwareMalware encrypts everything it can interact with
13
http://www.engadget.com/2016/02/19/hospital-ransomware-a-chilling-wake-up-call/
Common Ransomware Targets• Local Disk(s)• Connected devices (USB)• Managed network devices• Other accessible folders• Vulnerable hosts within the
network
![Page 14: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/14.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Everyone is a target
14
![Page 15: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/15.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Should Never Happen
15
• 37,000 Flash Drives sent to members
• Never trust a flash drive• Always perform a secure
download• Constantly update AntiVirus
software• Advanced (and maintained)
Firewalls
How to prevent
![Page 16: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/16.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Should Never Happen
16
• $10,000 Fine• Patient Information was disclosed
in response to a YELP Review (presumably negative)
• Last Name, Health Condition, Treatment Plan, Insurance, Cost Information
• No policies and procedures around PHI – Social Media Policy?
How to prevent• Policies and Procedures!• Training and Awareness• HIPAA Risk Analysis
![Page 17: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/17.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTINGInvestment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor
Ransomware and Cybercrime
The Attacks!
17
![Page 18: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/18.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
RansomwareAttack on the availability of network data
Easier to do than exfiltration of the data
Uses strong encryption to render victims files unreadable
Payments are often in Bitcoin
Cyber criminals attempt to delete host and network backups
User credentials are used for network access
Many variants and constant evolution
18
![Page 19: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/19.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Ransomware Evolution
2004 Misleading Applications
2008 Fake anti-virus
2013 Locks you out of your device (browser, etc.)
2015-2019 Locks you out of your data
19
• This evolution of ransomware has been greatly influenced by a range of developments in technology, economics, and security.o Cryptocurrency and anonymization networks has made it difficult to hunt down
cyber criminals
![Page 20: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/20.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
RansomwareTypes• CryptoWall, CryptoLocker, etc.• Encrypt all data, hold it “ransom” for $$
– Data on local machine and on network• Attackers are putting much more time and
effort into these types of attacks over the last year(s)
• Starting to target other operating systems, like Macs, Android, IoT
![Page 21: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/21.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Ransomware as a Service (RaaS)
Attackers buy and sell anti-security services on cyber black markets– “The Dark Web” - similar to amazon.com
21
![Page 22: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/22.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Ransomware(One year ago)
22
![Page 23: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/23.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
(Six months ago)
23
Ransomware
![Page 24: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/24.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities 24
Ransomware
![Page 25: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/25.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Ransomware(More Recently…)
25
![Page 26: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/26.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Image source from NPR
26
![Page 27: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/27.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Defensive Strategies
• Defense in depth• Staff awareness (users that are aware
and savvy)• Current operating systems and up to
date/patched software• Minimized User Access Rights• Email spam filters
– Setup– Tested– Examine spam
• Removal of ads from the network– Web proxy
27
![Page 28: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/28.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTINGInvestment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor
28
Phishing
The Attacks!
![Page 29: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/29.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
What is Phishing?
• Simply put:– Convince someone to perform an action that will benefit the attacker
• What is that action?– Visit a malicious website– Download and open a malicious file– Provide confidential information (Password, Account Number, etc.)– Wire money out of the organization
29
![Page 30: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/30.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Types of Attacks
• Traditional Attack (Spamming) – Attacker targets a large amount of users
• Spear Phishing – A custom message is built for a specific target
• Whaling – “C-level” executives or management is specifically targeted
30
![Page 31: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/31.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Phishing Email
You can forge the sender address in a letter
31
![Page 32: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/32.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Poor Email Filtering
32
Connected to mail.cogentco.com (38.9.X.X).MAIL FROM: <[email protected]>250 OKRCPT TO: <[email protected]>250 Accepted
DATA354 Enter message, ending with "." on a line by itselfFROM: <[email protected]>TO: <[email protected]>Subject: Free Tesla Car
SMTP Envelope
SMTP Message
![Page 33: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/33.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Phishing Email
33
![Page 34: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/34.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Phishing Email
34
![Page 35: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/35.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Ransomware
35
![Page 36: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/36.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Phishing Website
36
![Page 37: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/37.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Protect Against Email Phishing
• Harden email gateway (spam filter)– Block potentially malicious file attachments (e.g. ZIP, RAR, HTA, JAR)– Flag Office documents that contain Macros as suspicious– Prevent your organization’s domain from being spoofed
◊ Sender Policy Framework (SPF)◊ Custom rule to evaluate SMTP Letter FROM field
– Flag emails that originate from the Internet◊ E.g. Modify subject line to say ‘External’
37
![Page 38: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/38.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Protect Against Email Phishing
• Continue to Train Employees– Train employees how to spot odd wire requests– Politely challenge the request and ask if it has been verified through
proper channels – Provide sample policies/guidelines for organizations that don’t have
them– Explain simple controls to implement (limits, two-step/two-factor,
etc.)– Make sure request is not authorized via email
38
![Page 39: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/39.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTINGInvestment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor
Ransomware Recovery Strategies
None of that worked – Now What?
39
![Page 40: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/40.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Data Backup
• Ensure ALL critical systems and data are being backed up
• Practice a full system and data restore to verify your confidence in full system and data restore capabilities– Understand how long it will take to recover various
backup types
• Segment critical backups to prevent deletion– Attackers will attempt to delete or encrypt all
accessible backups
40
![Page 41: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/41.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Incident Response
• Playbooks for common incident types• Ensure employees understand their
responsibilities and procedures to follow in the event of an incident
• TEST!
41
![Page 42: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/42.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Cyber Insurance
• Average cyber insurance payout:– Median $150,000– Mean $700,000
42
![Page 43: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/43.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTINGInvestment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor
43
An Ounce of Prevention
![Page 44: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/44.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
• Evaluate your risks (and be compliant) – Perform a HIPAA Risk Analysis• Establish policies and procedures• Train staff to policies and procedures• Test your security – Penetration Testing, Vulnerability Assessment(s)• Plan for an incident/disaster• Practice your plan• Assess, Adjust, Operate (Repeat)
Prevent the Breach and/or Limit the Impact
44
“You can outsource IT and the responsibility, but you can never outsource theaccountability for protecting Patient Health Information….Choose yourvendors carefully.” Lee Painter, Today – and a bunch of times since 2014
![Page 45: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/45.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
Create Opportunities
Thank you!
45
![Page 46: CyberSecurity – Protect you Practice · – Cybercrime as an industry ... economics, and security. o Cryptocurrency and anonymization networks has made it difficult to hunt down](https://reader036.fdocuments.net/reader036/viewer/2022081405/5f0ad81c7e708231d42d9e01/html5/thumbnails/46.jpg)
©20
20 C
lifto
nLar
sonA
llen
LLP
CLAconnect.com
Lee PainterPrincipal, HC CyberSecurity and Regulatory Compliance