![Page 1: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/1.jpg)
1
Forging a Stronger Approach for the Cybersecurity Challenge
Session 34, February 12, 2019
Tom Stafford, VP & CIO, Halifax Health
![Page 2: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/2.jpg)
2
Speaker Introduction
Tom Stafford, Vice President & CIOEducation:
Bachelors of Science Aerospace Engineering
Masters of Science Mechanical Engineering
Career:
United States Navy
Medical Device Design and Manufacture
Healthcare IT
IT Accolades:
10th Best Place to work in IT 2015 – Computerworld
2nd Best Place to work in IT 2016 – Computerworld
5th Best Place to work in IT 2017 – Computerworld
5th Best Place to work in IT 2018 - Computerworld
Premier 100 Technology Leaders 2017 – Computerworld
Top 105 CIOs to watch in 2018 – Becker’s Healthcare
Add Speaker
Photo Here
![Page 3: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/3.jpg)
3
Tom Stafford, BSAE, MSME
Has no real or apparent conflicts of interest to report.
Conflict of Interest
![Page 4: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/4.jpg)
4
• Halifax Health
• Bad Actors and Healthcare
• What are we Protecting?
• Look back at 2018
• Look forward to 2019
• Governance
• Halifax’s Philosophy: D3
• Anatomy of a Ransomware Attack
• How Strong are you?
• Lets be Collaborative
Agenda
![Page 5: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/5.jpg)
5
• Identify potential threats to cybersecurity and best practices to
establish security, scrutiny, and authentication for access to PHI
• Evaluate effective cybersecurity measures and policies, including
system-wide procedures; end user training; and use of technology
• Analyze strategies aimed at predicting and preventing cyber
breaches
• Identify methods to ensure your cybersecurity insurance policy is
effective and senior leadership is prepared prior to being breached
or ransomed
Learning Objectives
![Page 6: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/6.jpg)
6
About Halifax Health
Halifax Health - Medical Center of
Port Orange
–Opened in 2006
–80 bed community hospital
–20 bed emergency department
–8 bed intensive care unit
Halifax Health Medical Center,
Daytona Beach
–Opened in 1928
–600 beds
–More than 500 physicians,
representing 54 subspecialties
![Page 7: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/7.jpg)
7
Bad Actors and Healthcare
• Who are the Bad Actors?– Financially Motivated Cybercriminals– Hacktivists– Hackers for Hire: RAAS– Nation State supports Actors– Malicious Insider
• How do they Attack?– Social Engineering– Network Vulnerabilities– Misuse of Credentials– Physical Penetration
![Page 8: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/8.jpg)
8
Bad Actors and Healthcare
• Why do they attack Healthcare?
“We are valuable low lying fruit”
– Health Record, includes Identity and other valuable information– Data doesn’t change– Medical history is accurate for a lifetime– Healthcare is easier to Hack– Interoperability Requirements– Great delays between the breach and determining there was one– The Electronic Health Record is vital to patient care and operations
Data is used for Identity Theft, False Claims, Medical Research Trends,
Medical Equipment and Drug Purchases
![Page 9: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/9.jpg)
9
What are we Protecting?
• Patient Records (ex. ePHI)
• Research Data (ex. cancer treatments IP)
• Employee Sensitive Information (ex. PII)
• Business plans, (ex. bids, acquisition targets)
• Payment Card Information
• Medical Treatment Devices (ex. insulin pumps, imaging)
• Contracts (ex. with customers, suppliers, distributors)
• Employee log-in credentials
• Physician Compensation
• Clinical Studies Data
![Page 10: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/10.jpg)
10
Look back at 2018
• Tight Budgets and Lack of Resources
• Email: Friend or Foe
• Ransomware on the Decline, Crypto-mining on the Incline
• IoT Security (Including Biomed)
• Breaches are Back
• Blockchain
• GDPR
![Page 11: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/11.jpg)
11
Look forward to 2019
• Collective Call to Action
• Ransomware, Crypto-mining, and Breaches
• “Patient Safety needs Cyber Safety”
• IoT, the dreaded XP Biomed Devices…
• More Cloud
• Intra-operability, APIs, and AI2019
![Page 12: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/12.jpg)
12
Governance & Executive Involvement
•Board•C-Suite•Executive Approval, “Knowing the Landscape”
• Incident Response Team Members
![Page 13: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/13.jpg)
13
Detectioneception
DD
Halifax’s Security Philosophy
3eterrents
rd Party Assurance
![Page 14: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/14.jpg)
14
Deterrents? What about Defenses?
• The number one deterrent?
• Assisting the User– Training and Testing
• Education, Education, Education• External Source warning in emails• Fake Phishing Tests
– Technology Controls• Block Webmail• Block Malicious Sites• USB Privileges• External Storage Privileges• Local Admin Rights Privileges• Two-Factor
The User
![Page 15: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/15.jpg)
15
Fake Phishing Email Tests
1.0% Click rate, was sent to 4,573 users.
![Page 16: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/16.jpg)
16
Last Deterrent: Network Segmentation
Last Mitigation: Air Gapped Backup
IT Security is based on monitoring attack vectors and having deterrent chains in front of the data that is to be wiped, ransomed, or breached.
Sent
External
Firewall
Team
Member
Cloud
Based
Scan
Deterrents
Hackers
Actions
Halifax
Reactions
Legend
Does not
detectClicks on
Attachment
Attachment
opened in
cloud –
does not
detect
Attack Vector: Zero Day Ransomware attachment in phishing email
Anti-
Virus
Does
not
detect
Patched
Servers
Biomed
Servers –
Not
patched
Obtain
Domain
Account
Access
Hackers own the flat network
Ransomware Threat and Deterrent Chain
![Page 17: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/17.jpg)
17
Biomed Devices on the
Halifax Data Network
![Page 18: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/18.jpg)
18
Lets Talk about Biomed
Why are they vulnerable?
The devices last longer than the available support for the
operating system or the vendor will not patch the systems since
they are FDA Class 2/3 devices.
WannaCry, HHS, and the FDA...
Notify customers within 30 days after vulnerability is found.
Patch within 60 days
Manufacturers are not there yet…
![Page 19: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/19.jpg)
19
Lets Talk about Biomed and IoT
How do we reduce the risk?
New Devices:
– Do not demo or purchase new devices that have outdated Operating Systems and/or the manufacturer will not allow the device to be patched.
– Updated bid spec to include Halifax Health’s IT and Biomed Specifications:
![Page 20: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/20.jpg)
20
How do we reduce the risk?
Existing Devices:
– Vulnerability Scans will help determine what needs to be
patched.
– Work with Biomed and other departments to determine
type/location of devices
– Work with the vendors for them to patch the devices or to
allow IT to patch the devices
– If they cannot be patched, bury the devices (Micro-
Segmentation) behind the Internal Firewall prior to having
them replaced with a non-vulnerable device
Lets Talk about Biomed and IoT
![Page 21: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/21.jpg)
21
Detection and Deception
Detection (SIEMS):
• User Behavior
• Machine, Biomed, IoT Behavior
• Network Penetration
Deception:
• Honey pots
• Domain Account Verification
![Page 22: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/22.jpg)
22
3rd Party (Digital Traders) Assurance
Does anyone know what Fazio Mechanical Systems did?
“BAA is not enough for Healthcare”
“You are only as strong as your weakest link”
Don’t be their Target
![Page 23: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/23.jpg)
23
Understanding your Digital Traders
• Map your existing digital traders
• Create controls so you are aware of new Digital Traders
• Beyond the BAA, Contractual Requirements
• Quantify their Security Posture
• Audit Them
• Do not allow them to dictate how the access your system
• Require Two-Factor Authentication
![Page 24: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/24.jpg)
24
Anatomy of a Ransomware Attack
• The Hack
• The Crash
• Cyber Insurance
• External Council
• To Bit Coin or Not
• Recovery
• Key takeaways:
– Hospital Incident
– Know your Cyber Insurance Plan
– Executive Table Top Exercises
– DR/BD Documents and Logs
![Page 25: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/25.jpg)
25
How Strong are you?
Two ways to test this:
1. Do not - You only know if you fail…
and CIO will have a whole new meaning
2. Ethical Hacking and Penetration Testing
CI
O
areer
sver
![Page 26: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/26.jpg)
26
Lets be Collaborative!
• Standards Framework
• Passwords
• Two-Factor
• Webmail
• USB & External Storage
• Phishing
• BioMed
• Cyber Insurance
• Tabletop Exercises
• Quantitative 3rd Party Risk Assessments
• Ethical Hacking
![Page 27: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/27.jpg)
27
Lets be Collaborative!
Question 1
Which standards framework do you utilize?
1. NIST
2. HITRUST
3. Critical Security Controls
4. ISO
![Page 28: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/28.jpg)
28
Lets be Collaborative!
Question 2Password Reset Duration?
1. 90 Days2. 180 Days3. 1 Year4. Other
![Page 29: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/29.jpg)
29
Lets be Collaborative!
Question 3Require Robust Passwords?
1. Yes2. No
![Page 30: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/30.jpg)
30
Lets be Collaborative!
Question 4Remote Two-Factor Authentication Utilization?
1. Employees, Physicians, Vendors2. Employees, Physicians3. Employees4. None
![Page 31: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/31.jpg)
31
Lets be Collaborative!
Question 5Webmail Blocking?
1. Yes2. No
![Page 32: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/32.jpg)
32
Lets be Collaborative!
Question 6Restrict USB Access?1. Read2. Write3. Both4. None
![Page 33: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/33.jpg)
33
Lets be Collaborative!
Question 7Restrict Internet Based Storage?1. Yes2. No
![Page 34: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/34.jpg)
34
Lets be Collaborative!
Question 8Conduct Fake Phishing tests?1. Yes2. No
![Page 35: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/35.jpg)
35
Lets be Collaborative!
Question 9Vulnerable Biomed devices location?1. Yes2. No
![Page 36: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/36.jpg)
36
Lets be Collaborative!
Question 10Do you have Cyber Insurance?1. Yes2. No3. Don’t Know
![Page 37: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/37.jpg)
37
Lets be Collaborative!
Question 11Do you know how to contact your Insurer?1. Yes2. No
![Page 38: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/38.jpg)
38
Lets be Collaborative!
Question 12Do you conduct tabletop exercises?1. Senior Leadership2. IT Staff3. Both4. None
![Page 39: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/39.jpg)
39
Lets be Collaborative!
Question 13Do you have quantitative 3rd Party RAs?1. Yes2. No
![Page 40: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/40.jpg)
40
Lets be Collaborative!
Question 14Conduct Ethical Hacking Tests?1. Once2. Annually3. Bi-Annually4. Never
![Page 41: Forging a Stronger Approach for the Cybersecurity Challenge · Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax](https://reader033.vdocument.in/reader033/viewer/2022060409/5f101b647e708231d4477ac4/html5/thumbnails/41.jpg)
41
Questions
Tom Stafford
386-425-7309
https://www.linkedin.com/in/tom-stafford-8a69927
*** Don’t forget about the online session evaluation