what does “cybersecurity” really mean in healthcare? · sleeplessness due to user-focused...
TRANSCRIPT
![Page 1: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/1.jpg)
virencehealth.com
What does “Cybersecurity” Really Mean in Healthcare?
Bob FruthPrincipal Product Security Leader, VirenceNovember 10, 2018
![Page 2: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/2.jpg)
Agenda – What does “Cybersecurity” Really Mean In Healthcare?
1. Introduction
2. Virence Cybersecurity
3. What keeps Bob up at night (& what doesn’t)
4. What you can do
5. Summary / Resources / Q&A
![Page 3: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/3.jpg)
Introduction
![Page 4: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/4.jpg)
Who is Bob Fruth?
19+ Years at Microsoft• Involved in numerous product & service releases – most recently as the Security &
Privacy Program Manager for the Bing.com search engine• 6+ years in Trustworthy Computing – internal security advisor• 8 years on Windows – focused on kernel• Edited & published 3 major updates to the Microsoft Crypto Standards• Wrote several Security Development Lifecycle (SDL) requirements
Before Microsoft – positions at several companies on multiple products, including several that defined and/or led markets
Now at Virence Health, protecting medical data one record at a time… (& ALL of them…)
![Page 5: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/5.jpg)
What is Cybersecurity?
“The protection of computer systems from theft of or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the services they provide.” [Source – Wikipedia.org]
Also known as –
• Computer Security
• IT Security
• Internet Security
![Page 6: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/6.jpg)
What does Healthcare Cybersecurity care about?
Providing CIA for data at all times• Confidentiality • Integrity• Availability
![Page 7: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/7.jpg)
What does Healthcare Cybersecurity care about?
Providing CIA for data at all times• Confidentiality – Data is secure; only available to
people/systems/processes who are authorized to access it
• Integrity – Data is changed only by people/systems/processes authorized to modify/delete it
• Availability – Data is available when and where needed
![Page 8: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/8.jpg)
The Security Practitioner’s Mindset
Assume the worst case
Verify everything
Be vigilant – monitoring, etc.
Practice transparency to the greatest extent possible
Share sensitive information on a need-to-know basis
• Examples – threat models, network diagrams, security testing reportsEncourage & practice responsible disclosure
Get the straightforward stuff done promptly
• Examples – monthly patching, keeping signatures up-to-date, etc.
Make informed risk-based decisions
![Page 9: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/9.jpg)
Virence Cybersecurity
![Page 10: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/10.jpg)
Secure in Deployment
Virence Secure Product Development
Focused on Key Risk areas: Service Security, Separation of Data, Regulatory Compliance
ü Design with security in mindü Threat Modelingü Security Risk & Privacy Impact Assessmentsü Principle of Least Privilege applied throughout
Secure by Design
Secure by Default
ü Secure coding practicesü Clean static analysis reportsü Code reviewsü Security Testing / Penetration Testing
ü All deployed services are regulatory compliantü Security Operations Centers – 24x7 Monitoringü Enable secure on premise deployments
Security Throughout the
Product Lifecycle
ü Dedicated Product Security Leader
![Page 11: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/11.jpg)
Virence Cybersecurity – Proactive Activities
Cybersecurity Policy – ownership
Security / Privacy best practices –
• Secure design & development
• Security testing – internal & 3rd party
• Secure operations – own jointly with DevOps
Certifications (e.g. HITRUST)
Outreach
• Partners
• Conferences
• Customer materials – white papers, etc. (coming in 2019)
![Page 12: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/12.jpg)
Virence Cybersecurity – Reactive Activities
Incident Response –
• Virence is a 24x7x365 company
• Work closely with partners, e.g. Microsoft
Actively monitor worldwide security ecosystem for vulnerabilities and trends
• US-CERT
• The “Dark Web”
Customer inquiries
Partner inquiries
![Page 13: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/13.jpg)
Cybersecurity – What We Provide
Policies, guidance and best practices
Holding Virence product teams accountable
Transparency to the greatest extent possible without creating an 0-day
Focal point for Certifications
Help Product Teams prepare customer facing materials
• Product documentation
• Responses to questionnaires
• White Papers
Customer interactions
![Page 14: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/14.jpg)
Cybersecurity – What We Won’t Provide
Direct consulting to customers or partners
Direct review of customers’ network/environment
Opinions on other vendors’ products, VBC add-ons, security tools, etc.
Sensitive product/service information
Anything that compromises legal, regulatory or ethical responsibilities
![Page 15: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/15.jpg)
What keeps Bob up at Night & What Doesn’t
![Page 16: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/16.jpg)
What keeps Bob up at Night
Customers’ on premise networks
• Virence doesn’t own
• Virence doesn’t control
• I have to assume the worst…
![Page 17: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/17.jpg)
Sleeplessness due to User-Focused Attacks
Phishing
Spear-Phishing
Social Engineering
Þ Impactful threat vectors
Tendency to blame the user instead of the technology and/or the lack of usability
![Page 18: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/18.jpg)
What keeps Bob up at Night
The Internet of Things…
“Let’s connect everything to the network!”
• Potentially without segmentation or airgaps
“Then we’ll connect the network to the Internet”
What could possibly go wrong?
![Page 19: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/19.jpg)
“The Internet of Ransomware Things”
Copyright 2018 Robert C. Fruth
![Page 20: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/20.jpg)
What keeps Bob up at Night
Technology distracting Healthcare providers from focusing on patient care
Uninformed decisions
Missed opportunities –
• Not learning from others’ experiences
• Failure to heed warning signs, e.g. WannaCry
![Page 21: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/21.jpg)
The “Next WannaCry” costs Bob sleep
WannaCry –
• Medium impact to the Internet
• Compare with SQL Slammer or Heartbleed• Preventable – if you were fully patched, you weren’t impacted
My concerns regarding the “Next WannaCry” –
• Will our customers be prepared?
• Ensure that Virence has timely response capabilities
![Page 22: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/22.jpg)
What keeps Bob up at Night
Driving security into Virence products & services
Secure by default vs. compatibility
• Example – encryption of CPS database
Supporting older versions of our products
“I’m too busy to …”
![Page 23: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/23.jpg)
But what about the Cloud?
Well, what about it?
![Page 24: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/24.jpg)
The Cloud doesn’t keep Bob up at Night
Cloud deployments transfer risk to the Cloud providers
Consider Microsoft’s nightmare scenarios for Azure –
• Failure of Tenant Separation
• Data alteration / disclosure
• Denial-of-service
Microsoft has a lot of people losing sleep over the above, so Virence and Virence customers don’t have to J
![Page 25: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/25.jpg)
More Things that don’t cost Bob sleep…
Healthcare privacy awareness
• Healthcare folks – IT, providers, etc. – understand privacy• Privacy conversations at Virence are short; they can be lengthy at non-
healthcare technology firms…
Partners & vendors that Virence works with
• Development partners
• Integration partners
• Security testing firms
![Page 26: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/26.jpg)
What You Can Do
![Page 27: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/27.jpg)
Define Realistic Goals
Technology / Cybersecurity fully support the medical mission
Regulatory compliance maintained
End user frustration level is low
IT resiliency is built in
IT folks are bored and sleep well at night (no 3am phone calls)
![Page 28: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/28.jpg)
Deploy and Maintain Secure Networks
Firewalls
• Close all ports by default
• Open only what is needed
Leverage new and not-so-new technologies
• Active Directory (LDAP)
• Certificate Management
• Security Groups
![Page 29: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/29.jpg)
Deploy & Maintain Secure Systems
Systems tuned to specific purposes
No extraneous software!
• No browsers on servers
• Nothing on systems used for domain management
• End users’ client systems have what they need and nothing more
All systems kept fully patched
All systems scanned regularly with updated AV/AM software
![Page 30: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/30.jpg)
Deploy and Maintain Secure Environments
Segment & air gap intelligently
Encryption throughout
• TLS is your friend
• Encrypted storage
Test Backup & Restore capabilities regularly
• Automated backups are a plus
Consider Threat Modeling your environment / network topology
![Page 31: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/31.jpg)
Only use Supported Versions
Only deploy supported OS versions
• Windows XP?
• NO!!
Regularly upgrade to latest versions of applications (including Virence’s)
![Page 32: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/32.jpg)
Define & Follow Procedures
Upgrades
Change requests
Exception requests and approvals
Monitoring
Emergencies
• Know what you need to do before you need to do it
• Containment procedures
• Escalation & Notifications paths – who to notify? What to tell them?
• Emergency changes
![Page 33: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/33.jpg)
Learn from Others
Leverage best practices
In response to a breach / incident, ask “why weren’t we impacted?”
Example from Healthcare IT News – “How not to handle a data breach brought to you by Uber, Equifax and many others”
• Equifax –
• Failure to patch Apache Struts
• Attempted to blame Apache
• Email from official account sent users to a phishing site!
• Uber – paid $100K to hackers to keep a breach secret
• Others – glossed over the truth / lack of transparency
![Page 34: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/34.jpg)
User Management
Enabling vs. Managing
Apply Principle of Least Privilege / Role Based Access Controls
• Grant permissions as needed
Mandate complex passwords
• Consider deploying a password manager
Whatever you do, don’t blame users!
• Victim blaming doesn’t solve anything• Assess related misunderstanding & take positive actionEducation & enabling are key
![Page 35: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/35.jpg)
Educate Your Users
Build a security culture
Conduct Phishing exercises to build awareness
“15 Examples of Phishing Emails from 2016-2017”
(https://www.edts.com/edts-blog/15-examples-of-phishing-emails-from-2016-2017)
• False urgency
• “You missed…”
• “Your account has been suspended/locked…”
![Page 36: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/36.jpg)
Plan Ahead
Recognize that upgrades are necessary
• Plan & budget accordingly
• New features!
• Other improvements that aren’t as obviously apparent
Don’t underbudget / underfund IT
“If it ain’t broke, don’t fix it” – doesn’t apply in Cybersecurity
“If it ain’t broke now, it may/will be in the foreseeable future…”
![Page 37: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/37.jpg)
Summary / Resources / Q&A
![Page 38: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/38.jpg)
Conclusions
No one is ever “done” with cybersecurity
There are no “silver bullets”
• There are best practices that significantly reduce risk
The scope can be daunting; attackers only need to find one vulnerability
![Page 39: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/39.jpg)
Leverage The Security Practitioner’s Mindset
Assume the worst case
Verify everything
Be vigilant
Practice transparency to the greatest extent possible
Share sensitive information on a need-to-know basis
Encourage & practice responsible disclosure
Get the straightforward stuff done promptly
Make informed risk-based decisions
Apply common sense
![Page 40: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/40.jpg)
Resources
US-CERT – https://www.us-cert.gov/
• “Avoiding Social Engineering and Phishing Attacks” – https://www.us-cert.gov/ncas/tips/ST04-014
HITRUST
• Virence Press Release –https://www.businesswire.com/news/home/20181105005072/en/Virence-Health-Technologies-Achieves-HITRUST-CSF%C2%AE-Certification
• HITRUST – https://hitrustalliance.net/
![Page 41: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/41.jpg)
Resources
General Secure Development Resources
• Microsoft SDL – https://www.microsoft.com/sdl• Application Security – OWASP – https://www.owasp.org/index.php/Main_Page
Threat Modeling
• My talk at BSides Vancouver 2015 –https://www.youtube.com/watch?v=EClmWcRESP8
• Threat Modeling Book – Threat Modeling: Designing for Security
![Page 42: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/42.jpg)
Thank you!
Robert “Bob” Fruth
Principal Product Security [email protected] (subject to change)206-607-5123
![Page 43: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/43.jpg)
Backup Materials
![Page 44: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/44.jpg)
Abstract
What does “Cybersecurity” Really Mean In Healthcare?: The term “Cybersecurity” appears in news headlines every day. But what does this buzzword mean for you and your practice? In this session learn what “cybersecurity” really looks like for an ambulatory practice and walk away from this session with tips and tricks that you can put in place to help ensure the cybersecurity for your practice. While the technology you use is plays a big part in this, it’s also important to create a culture where data is used correctly. This session will address technological, practical and cultural aspects of what cybersecurity looks like for an ambulatory practice. Note: This session will be given by a GE Healthcare/NewCo Cybersecurity expert.
![Page 45: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/45.jpg)
Speaker Biography
Bob Fruth has been involved with more successful product and service releases than he cares to remember. After many successful years in Silicon Valley, Microsoft brought him to Seattle. While at Microsoft, Bob provided security guidance for most of the company’s major product teams, served on and ran the Microsoft Crypto Board and was the focal point for Bing.com security and privacy. After being recruited to focus on security and privacy at GE Healthcare, he has transitioned with the businesses to Virence Health, where he finds himself teaching security essentials and authoring needed policies, all the while worrying about protecting patient medical and financial data. In his spare time, Bob watches soccer and hockey, plays music and enjoys traveling.
![Page 46: What does “Cybersecurity” Really Mean in Healthcare? · Sleeplessness due to User-Focused Attacks Phishing Spear-Phishing Social Engineering ÞImpactful threat vectors Tendency](https://reader033.vdocument.in/reader033/viewer/2022051811/6020352f5ce7df5a3221c06b/html5/thumbnails/46.jpg)
46
Enhance care quality
“Centricity™ solutions help me
unlock value in my organization in
many ways. We use the EMR in a
way that guides our staff down a
path -- building rules into the
software to help us. Using GE
Healthcare products has actually
helped us improve the [patient]
wait time, and we are able to help
our staff do the right thing.”
-Rhonda Draper, Ortho Northeast
©2018 Virence Health Technologies. All rights reserved.The contents provided herein are for information purposes only. Virence Health makes no representations or warranties as to current or future product functionality, or in any other respect, and Virence Health disclaims all liability from any reliance on the content or information provided herein.
Customer is responsible for understanding and meeting the requirements of achieving Meaningful Use and MACRA-related payment programs as applicable through use of HHS certified EHR technology and associated standards. Customer is responsible for understanding applicable Virence Health documentation regarding functionality and reporting specifications, including for Meaningful Use and MACRA-related payment programs, and for using that information to confirm the accuracy of attestation for Meaningful Useand MACRA-related payment programs. Customer is responsible for ensuring an accurate attestation is made and Virence Health does not guarantee incentive payments. Use of the product does not ensure customer will be eligible to receive payments.
Centricity Practice Solution v. 12.3 EHR Module and Centricity EMR v. 9.12 are ONC 2015 Edition compliant and have been certified by Drummond Group in accordance with certifiable action criteria. For additional certification and transparency information, visit www.gehealthcare.com/certifications.