![Page 1: GNYHA & Cybersecurity › wp-content › uploads › 2018 › 05 › 5-Logan-_G… · Attention at Federal level Cybersecurity Act of 2015 Health Care Industry Cybersecurity (HCIC)](https://reader033.vdocument.in/reader033/viewer/2022060320/5f0d05707e708231d438495f/html5/thumbnails/1.jpg)
GNYHA & CYBERSECURITYApril 26, 2018
![Page 2: GNYHA & Cybersecurity › wp-content › uploads › 2018 › 05 › 5-Logan-_G… · Attention at Federal level Cybersecurity Act of 2015 Health Care Industry Cybersecurity (HCIC)](https://reader033.vdocument.in/reader033/viewer/2022060320/5f0d05707e708231d438495f/html5/thumbnails/2.jpg)
□Cybersecurity concerns expand as industries modernize
□Healthcare sector has gone digital, largely insecurely
□ Greater than 95% EHR utilization exposed to threats emanating
from employees to sophisticated cybercriminals
□ $$ for PHI on the dark web
□ Ransomware most common attack vector
□ Lost revenue and reputational damage for impacted facility
Overview: Cybersecurity in Healthcare 2
![Page 3: GNYHA & Cybersecurity › wp-content › uploads › 2018 › 05 › 5-Logan-_G… · Attention at Federal level Cybersecurity Act of 2015 Health Care Industry Cybersecurity (HCIC)](https://reader033.vdocument.in/reader033/viewer/2022060320/5f0d05707e708231d438495f/html5/thumbnails/3.jpg)
3
![Page 4: GNYHA & Cybersecurity › wp-content › uploads › 2018 › 05 › 5-Logan-_G… · Attention at Federal level Cybersecurity Act of 2015 Health Care Industry Cybersecurity (HCIC)](https://reader033.vdocument.in/reader033/viewer/2022060320/5f0d05707e708231d438495f/html5/thumbnails/4.jpg)
4
![Page 5: GNYHA & Cybersecurity › wp-content › uploads › 2018 › 05 › 5-Logan-_G… · Attention at Federal level Cybersecurity Act of 2015 Health Care Industry Cybersecurity (HCIC)](https://reader033.vdocument.in/reader033/viewer/2022060320/5f0d05707e708231d438495f/html5/thumbnails/5.jpg)
□Attention at Federal level □ Cybersecurity Act of 2015
□ Health Care Industry Cybersecurity (HCIC) Task Force Report
□ CISA 405(d)
□Attention from NYS□ NYS DOH Medicaid increased security to
protect sharing of Medicaid data
□Attention in NYC □ NYC CISO/DA/NYP Cyber Command
Overview: Cybersecurity in Healthcare 5
Graphic from CISA 405(d) draft report
![Page 6: GNYHA & Cybersecurity › wp-content › uploads › 2018 › 05 › 5-Logan-_G… · Attention at Federal level Cybersecurity Act of 2015 Health Care Industry Cybersecurity (HCIC)](https://reader033.vdocument.in/reader033/viewer/2022060320/5f0d05707e708231d438495f/html5/thumbnails/6.jpg)
□ Agency Players:
□ Preparedness (ex. DHS, HHS)
□ Response (ex: FBI, NYPD)
□ Recovery (ex: DOH, DHS)
□ Regulatory (ex: CMS/OCR)
Overview: Cybersecurity in Healthcare 6
Graphic from HCIC Task Force Report 2017
![Page 7: GNYHA & Cybersecurity › wp-content › uploads › 2018 › 05 › 5-Logan-_G… · Attention at Federal level Cybersecurity Act of 2015 Health Care Industry Cybersecurity (HCIC)](https://reader033.vdocument.in/reader033/viewer/2022060320/5f0d05707e708231d438495f/html5/thumbnails/7.jpg)
□ Interdisciplinary team model:
□ Emergency preparedness
□ Legal
□ Health information technology
□ Regulatory
□ Supply chain
GNYHA & Cybersecurity 7
![Page 8: GNYHA & Cybersecurity › wp-content › uploads › 2018 › 05 › 5-Logan-_G… · Attention at Federal level Cybersecurity Act of 2015 Health Care Industry Cybersecurity (HCIC)](https://reader033.vdocument.in/reader033/viewer/2022060320/5f0d05707e708231d438495f/html5/thumbnails/8.jpg)
□Past and Existing Programs & Resources:
□ (Event) GNYHA & NYCDOHMH Emergency Preparedness
Symposia/Cybersecurity: Included CIO of Hollywood
Presbyterian Medical Center discussing ransomware attack
□ (Event) GNYHA & DHS Tabletop Exercise
□ (Resource) Hospital Guide to Cybersecurity
Reporting/Resources
□ (Business Offering) Cybersecurity Targeted Solution Set
GNYHA & Cybersecurity 8
![Page 9: GNYHA & Cybersecurity › wp-content › uploads › 2018 › 05 › 5-Logan-_G… · Attention at Federal level Cybersecurity Act of 2015 Health Care Industry Cybersecurity (HCIC)](https://reader033.vdocument.in/reader033/viewer/2022060320/5f0d05707e708231d438495f/html5/thumbnails/9.jpg)
9
![Page 10: GNYHA & Cybersecurity › wp-content › uploads › 2018 › 05 › 5-Logan-_G… · Attention at Federal level Cybersecurity Act of 2015 Health Care Industry Cybersecurity (HCIC)](https://reader033.vdocument.in/reader033/viewer/2022060320/5f0d05707e708231d438495f/html5/thumbnails/10.jpg)
□Events & Resources Continued –
□ (Event) Threat Briefing with DHS
□ (Event) Erie County Medical Center shares Lessons
Learned from Cyber Attack
□ (Event) Cyberattack at the Bedside: Live Simulation for
Clinicians
□ (Event) Cybersecurity Webinar with Drs. Halamka and
Baker
GNYHA & Cybersecurity 10
![Page 11: GNYHA & Cybersecurity › wp-content › uploads › 2018 › 05 › 5-Logan-_G… · Attention at Federal level Cybersecurity Act of 2015 Health Care Industry Cybersecurity (HCIC)](https://reader033.vdocument.in/reader033/viewer/2022060320/5f0d05707e708231d438495f/html5/thumbnails/11.jpg)
□Upcoming Events and Sharing of Relevant Information
□ (Event) Cybersecurity Tactical Simulation (CTS) with vendor
Sensato
□ (Event) Cybersecurity Insurance Webinar
□ (Member Info) Cybersecurity Bulletin: GNYHA Cyber Team
continues to send relevant cyber alerts and recommendations
GNYHA & Cyber 11
![Page 12: GNYHA & Cybersecurity › wp-content › uploads › 2018 › 05 › 5-Logan-_G… · Attention at Federal level Cybersecurity Act of 2015 Health Care Industry Cybersecurity (HCIC)](https://reader033.vdocument.in/reader033/viewer/2022060320/5f0d05707e708231d438495f/html5/thumbnails/12.jpg)
□What are your biggest concerns related to cybersecurity
preparedness and response?
□Who is involved in planning efforts at your facility/system?
□How can GNYHA assist your facility/system in this area?
Conclusion & Suggested Next Steps12
Logan A. Tierney Project Manager, Regulatory and Professional Affairs GREATER NEW YORK HOSPITAL ASSOCIATIONphone: 212.554.7207email: [email protected]