cybersecurity threats & risk management
TRANSCRIPT
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
Cybersecurity Threats & Risk ManagementWHAT YOU NEED TO KNOW
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions ExpoLeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
“Top 10” Healthcare Breaches - 2017Commonwealth Health Corporation (697,800)
Airway Oxygen (500,000)
Women’s Healthcare Group of PA (300,000)
Urology Austin, PLLC (279,663)
Pacific Alliance Medical Center (266,123)
Peachtree Neurological Clinic, PC (176,295)
Arkansas Oral & Facial Surgery Center (128,000)
McLaren Medical Group. Mid Michigan Physicians Imaging Center (106,008)
Harrisburg Gastroenterology (93,323)
VisionQuest Eyecare (85,995)
Source: https://www.hipaajournal.com/largest-healthcare-data-breaches-2017/
2,633,207
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
LTPAC HIPAA Breach - 2016
Sou
rce: ww
w.h
ealthcareitn
ew
s.com
| Bern
ie Mo
negain
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
Why is Healthcare a Target?Healthcare information is more valuable than financial informationoPHI contains financially & personally identifiable information
oAbility to commit insurance fraud
oAbility to obtain prescription medications via identity theft
Fewer “Watchdogs”oHealthcare cyber security efforts are behind other industries
oLTPAC is further behind than acute care
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
Cost of a Data Breach$80,000oCyber Forensics to figure out “what happened”
$120,000oAttorney fees to oversee investigate and litigate
$50,000oMarketing & P/R Response
$360 (per affected individual)oFor credit monitoring / identity theft protection
Fines & Lawsuits
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
Anatomy of a Cyber Attack
Information Gathering
Intrusion
Malware Deployment
Data Extraction
Clean-up
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
1 – Information GatheringSpam
Phone Calls
Job Postings / Job Interviews
Google Searches
“Looking for in-depth information, like an
organizational chart…so they can identify privileged
users that would have greater access or decision
making capability.”
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
2 – Intrusion / InfiltrationPhishing / Spear Phishing
Theft
Negligent Users
Known Software Vulnerabilities
Zero Day Attacks (unknown software vulnerabilities)
Brute Force Attacks
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
3 – Malware DeploymentControlling Malware
◦ Trojan Horses execute programs unknowingly by the user◦ Remote Access Trojans (RATs) create “back doors” into the
network◦ Rootkits that allow hackers to full administrative access
Destructive Malware◦ Viruses must be activated by the user, but typically “seek and
destroy” once activated◦ Worms spread throughout the network without user intervention,
spreading payload
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
4 – Data Extraction
The average amount of time between the detection of infiltration of the network after malware has been deployed is…
2 8 0 Days
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
Sou
rce: ww
w.h
imm
s.org
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
5 – Clean UpUse of “Zombie” botnets – networks of other organizations that have been infiltrated and infected, but not yet detected◦Spam Relay Points◦A “hop” serving as a DMZ or buffer between the hacker and the network
Use of viruses and worms to destroy digital fingerprints and other forensic evidence
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
“Top 10” Cyber ThreatsThreat Type % Of Orgs Affected
Phishing / Spear Phishing Attack 69%
Negligent Insiders 65%
Advanced Persistent Threat (APT) 63%
Cyber Attacks 59%
Zero Day Attacks 53%
Known Software Vulnerabilities 53%
Malicious Insiders 50%
Social Engineering 49%
Denial of Service Attacks 39%
Brute Force Attacks 34%
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
What Can You Do?PROTECTING YOUR ORGANIZATIONS DATA AND REPUTATION
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
Multi-Faceted Cyber Security Campaign
Threat Data vs Threat Intelligence
Network Analysis
Firewall / Access Controls
Internal and External Audits
HIPAA Compliance Training
Policies and Procedures
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
Policies and ProceduresPolicies and Procedures, Disaster Recovery / Business Continuity Plan
◦ Use of Corporate Standard Group Policies for Security◦ Force password change after 90 days, inactivity timeout, network resource access, etc…
◦ Encryption (E-mail / Hard Drives)
◦ Proper Destruction of Decommissioned Hard Drives
◦ File Integrity Monitoring
◦ Anti-Virus Software, Spam / Mail Filtering
◦ Web Content Management
◦ Encrypted Wireless Standards, Private vs. Public WiFi
◦ Software Patch Management
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
HIPAA Compliance & TrainingAnnual HIPAA Compliance Audits
◦ Annual Risk Assessment to evaluate administrative, physical and technical safeguards
◦ Annual training of all employees for HIPAA regulations
Educating the End Users◦ Provide IT Security Training and Awareness classes on a regular basis
◦ Teach your managers and your users about security vulnerabilities that they may be exposed to◦ Phishing E-mails
◦ Malware attachments in e-mail
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
Internal & External AuditsPerform periodic internal audits
◦ Consider “spoofing” an e-mail to see what percentage of your users respond
◦ Keep an audit log of all user access credentials and review annually to ensure it is accurate
External Audits◦ Seek third-party validation of your network security by conducting
an annual penetration test of your network
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
Firewall Access ControlsReview Firewall Configuration
◦ Periodically (quarterly) review the rules on the firewall to ensure that only the accessibility that is required is enabled
Firewall Capabilities◦ Have you implemented a “next-generation” Firewall with L7 networking and
proactive threat defense capabilities?
Security Incident & Event Management (SIEM)◦ Consider tools to aggregate firewall log information and present in a single
pane of glass
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
Network AnalysisSecurity Tools to Test:
◦Missing Security Patches
◦ Improperly Shared Drives / Data
◦Weak Passwords
◦Rogue Devices
◦Server Hardening
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
Threat Data vs. Threat IntelligenceCyber Security Risk Management
◦ “It’s no longer a matter of IF you will be breached, but a matter of WHEN you will be breached
◦ IT Department◦ Identify & Analyze Threats
◦ Defend, Troubleshoot and Remediate the technical aspect
◦ Executive / Board◦ Awareness and Acceptance of Risk Level
◦ Public Relations following a breach
◦ Legal ramifications and insurance claims
Cyber Liability Insurance◦ The application process details what measures are currently in place, so they can base the premium on
the known gaps
◦ Just like every other kind of insurance – if they find negligence on our part, they will try to get out of paying a claim
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
Taking Action – 3 P’sPrepare
◦ Yourself – Understand Cyber Security & Threats
◦ Your Leadership – Risks associated with Cyber Security
◦ Your Staff – Create a “Security Awareness” culture
◦ Your Organization – Appropriate response to data breaches
Protect◦ Policies & Procedures – HHS Risk Assessments (Physical, Administrative, Technical)
◦ Cyber Liability Insurance
Prevent◦ Intrusion Detection Prevention
◦ Network Penetration Testing
LeadingAge Michigan ~ 50th Anniversary Annual Conference & Solutions Expo
Thank YouJOE VELDERMAN, MCP