Escalated Threats Require Escalated Expertise & New Tactics

January 19th 2016 Executive Series Webinar

View the Replay on YouTube

Today’s Speakers

Tara McKibben

HIPAA Director and Privacy Officer Susquehanna Health

Shane Whitlatch

Enterprise Vice President

FairWarning, Inc.

Chuck Burbank

Director of Managed Privacy

Services & Chief Information

Security Officer

FairWarning, Inc.

Ryan Dees

Privacy Analyst

FairWarning, Inc.

Agenda

• Susquehanna Health: Evolving their privacy and security program

• Escalating threats to healthcare driving new approach to privacy

and security

• New tools to combat threats to PHI: visualization, trending and

analytics

• Managed Privacy Services

Susquehanna Health

• Founded in 1994

• Four-hospital integrated health system in northcentral Pennsylvania

• Honors & Awards: • 100 Most Wired Hospitals and Healthcare

Systems by Hospitals & Health Networks: 11 of the 13 times that it has been published

• Employer of Choice® in January 2014

Escalating Advanced Threats

´1

Lost laptops, media, paper records

Patient Complaints

Snooping

Medical & Financial ID Theft

2015 2013 2011

IRS Tax Fraud

2012 2014 Pre-2010

Sale of Patient Data to Crime Rings

Sale of Physician Data to Crime Rings

Sale of Employee Data to Crime Rings

Rise of Cyber Threats to Healthcare Industry

Foreign National Espionage

We are all patients … And the long-term effects of a PHI breach have yet to be realized

91 percent of Healthcare organizations have had at least one data breach involving the loss of theft of patient data in the last two years Source: Forbes May 2015

As of November 2015, breaches impacted 119,959,229 patients. That’s well over one-third of all United States citizens who have suffered an information breach through the healthcare industry. Source: Identity Theft Resource Center

Only 37 percent of respondents say their healthcare providers have informed them about the measures they take to protect medical records. 68 percent of these respondents are not confident that these measures will keep their medical records secure. Source: Ponemon Medical Identity Theft Report

Recent studies have found people are withholding information – sometimes critical information – from their healthcare providers because they are concerned that there could be a confidentiality breach of their records Source: Verizon 2015 PHI Data Breach Report

How long does it take to discover a breach?

Source: Mandiant M:Trends 2015, View From the Front Lines Report

On average hackers had access to victims’ environments for 205 days before they were discovered and 69% of victims learn from a third party that they are compromised*

How can you get ahead of a breach?

• Information security • Data visualization • Trending • Analytics • Finding the right talent or using Managed privacy &

security services

Thought leaders like Susquehanna Health are taking it to the next level

• Moving from focusing on snooping & HIPAA compliance

• Developing new tools to detect bad behavior

• Emphasizing security focused scenarios

Insider threats are still very real • Malicious

– Co-worker, Patient, Neighbor, & VIP Snooping – Fraud/Medical ID Theft/ID Theft – Inappropriate physician access – Disgruntled employee

• Compromised – Compromised user credentials from an outside source

• Negligent/Accidental

– Lost device – Misuse of systems – Log-in/Log-out failures

Data Visualization

• One-click reporting

• Easy to read charts

• Multiple chart types

• Add to dashboards

Statistical Analysis of User Behavior and Trending

Value:

• Ease of use: Allows managers to visually see out of the norm activities

• Positive feedback from Susquehanna leadership

Depicts graphically what is happening to your data

Looking Ahead • Already looking for more Trending Reports

• What statistical approaches to take

• High expectations/Unlimited potential – always looking for new ways to monitor & educate

Managed Privacy Services

The Business Case

Most rapid and pragmatic approach to HIPAA privacy audit cycle

Instant access to expertise & best practices

Sustainable, robust, accurate

Dramatically lower cost without hiring

Expert advice on navigating an OCR Audit

Stay current with ongoing knowledge transfer

Mitigates staffing turn-over risks

Broader proactive monitoring coverage

One less compliance priority to worry about

Value to Your Compliance Team

Questions? For more information, please visit:

www.FairWarning.com

Email: Solutions@FairWarning.com

Today’s Speakers

Tara McKibben

HIPAA Director and Privacy Officer Susquehanna Health

Shane Whitlatch

Enterprise Vice President

FairWarning, Inc.

Chuck Burbank

Director of Managed Privacy

Services

FairWarning, Inc.

Ryan Dees

Privacy Analyst

FairWarning, Inc.