what to do when hacktivists target your health systemslide deck: webex support 1-866-229-3239 event...
TRANSCRIPT
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
“What to Do When Hacktivists Target Your Health System”
A Complimentary Webinar From healthsystemCIO.com
Sponsored by Proofpoint
Your Line Will Be Silent Until Our Event Begins at 12:00 ET
Thank You!
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
Housekeeping
• Moderator – Anthony Guerra, editor-in-chief, healthsystemCIO.com• Ask A Question
• We will be holding a Q&A session after the formal presentations. • You may submit your questions at any time by clicking on the QA panel located in the
lower right corner of your screen, type in your questions in the text field and hit send. Please keep the send to default as “All Panelists.”
• Download the Deck • Go to Download today's deck at: http://healthsystemcio.com/presentation/hack-
webinar.pdf• Shortened URL at bottom of all slides
• View the Archive• You will receive an email when our archive recording is ready. • Separate registration is required.
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
Agenda — Approximately 45 Minutes
• 30 minutes: Daniel Nigrin, MD, CIO, Boston Children's Hospital
• 5 minutes: A Word From Our Sponsor: Patrick Wheeler, Director, Product Marketing, Proofpoint
• 10 minutes: Q&A w/Daniel Nigrin
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
“What to Do When Hacktivists Target Your Health System”
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
Case Study
• What happened?
• How did we respond
• What did we learn?
• Could it happen again?
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
A Shot Across Our Bow
• March 20, 2014 – notified by external cyber intelligence group about Twitter/Pastebin posting by Anonymous, threatening attack
• result of highly publicized child custody case
• Anonymous: loose and decentralized group of “hacktivist” individuals
• “d0x” of staff and presiding judge posted
• “Details” of BCH external web site posted
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
Was This the Real “Anonymous”?
• Not hard to get details they posted
• Not hard to post a video on YouTube
• Should we just discount it then?
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
Was This the Real “Anonymous”?
Should we just discount it then?
NO!!• Convened Hospital’s Incident Response Team, began forming
contingency plans• Especially focused on potential need to “go dark”, cutting ourselves off from
Internet if necessary
• Message to entire organization emphasizing vigilance, email security best practices
• Contacted authorities
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
It Begins
• About 3 weeks later... low volume DDoS attack starts
• Mitigated by network changes
• Cat and mouse – we address attack, they change tactic/increase volume
• 1 week later, Easter/Patriot’ Day weekend (Boston Marathon bombing 1 year anniversary)
• Massive uptick in DDoS volume
• Engaged 3rd party vendor to assist in filtering traffic
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
Internet Traffic During DDoS Attack
Nigrin, NEJM, July 31, 2014
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
******
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
Not Just DDoS…
• Direct penetration attacks on exposed ports, web sites• Proactively took down virtually all externally facing sites: research,
philanthropy, patient and provider portals, etc…
• Massive influx of malware laden emails• Proactively shut down entire email system for ~24 hrs
• Re-emphasized to staff to not open suspicious mails/attachments
• Ensured no malware made it through filters
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
It Ends
• About 1 week after high volume DDoS started, it abruptly declined, to a low trickle
• Only gradually brought externally facing sites back online, after extensive 3rd party (re)penetration testing
• Took a deep breath!
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
Out of all bad things...…good things come
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
What Did We Learn
• DDoS countermeasures are critical!
• Know what systems (or features within systems) depend on Internet access, and have contingency plans for those
• Recognize importance of email, and need for alternate forms of communication
• Need to push through security initiatives – no excuses anymore
• Securing teleconference meetings
• Separating signal from noise
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
And Most Importantly
As an industry, we’ve got to pay closer attention to these threats, and prioritize our efforts against them,
far more than we have done in the past
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
“What to Do When Hacktivists Target Your Health System”
Patrick Wheeler, Director, Product Marketing, Proofpoint
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
E-mail is Arguably the #1 Threat Vector“There is ample evidence that
email is the preferred channel to
launch advanced targeted
attacks.”
- GARTNER, JULY 2013
“Criminals who pursue a
career in phishing can
reap millions of dollars a
year, even if they only
manage to snag just a
few victims per scam.”
- Brian Krebs, KrebsOnSecurity and investigator who
revealed Target breach
“Users WILL be
phished, and they
WILL eventually
click.”
- Verizon 2014 Data Breach Investigations Report
“A BUSINESS’ REPUTATION CAN BE AFFECTED
IMMENSELY BY A PHISHING ATTACK ... IRRELEVANT
OF A COMPANY’S SIZE, IT CAN TAKE A LONG TIME
FOR PEOPLE TO REGAIN CONFIDENCE IN A
BUSINESS”
- Rachel Ark, Hacksurfer
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
• Attackers continually refine and try new phishing templates
The Limits of User Education
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
The User Challenge
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
TRADITIONAL
ANTI-SPAM
Traditional Reputation and
Signature Systems
99% effectiveness good enough
Black-box
TODAY’S
THREATS
Mass customization and botnets increasingly by-pass
Every message matters
Real-time, end-to-end insight and rich policy are critical
New Threat Landscape, New Requirements
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
Proofpoint Email Security Suite
Known, Emerging Threats
Proofpoint
Enterprise Protection
DETECTBLOCK
Targeted, Previously
Unknown Threats
Proofpoint
Targeted Attack Protection
RESPOND
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
Proofpoint (NASDAQ: PFPT)
Security-as-Service LeaderKey PartnersWhat We Do
Leaders Quadrant:
2012-2013-2014 Magic Quadrant for Secure Email Gateways &
Enterprise Information Archive Champions Quadrant & Innovation Award, 2012
Accolades
Select Partners & CustomersDemonstrated Success
3 of the 5 largest
US Retailers
5 of the 5 largest
US Banks
3 of the 5 largest US
Defense Contractors
2 of the 5 largest
Global Pharmaceuticals Companies
Protect the Most Sensitive Data of
the World’s Most Successful
Companies
Comprehensive Data Protection
Portfolio
Scalable Security-as-a-Service
platform
Advanced Threat Protection
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
Gartner Positions Proofpoint in the Leaders Quadrant2014 Magic Quadrant for Secure Email Gateways
• Gartner positions Proofpointin the Leaders Quadrant
• Evaluation based onCompleteness of Visionand Ability to Execute
• Magic Quadrant for Secure Email Gatewaysby Peter Firstbrook and Brian LowansGartner, Inc., July 1, 2014
This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report.
The Gartner report is available from Proofpoint upon request. Read the full report:
www.proofpoint.com/magicquadrant
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
Q&A
Click on the Q&A panel located in the lower right corner of your screen, type in your questions in the text field and hit send. Please keep the
send to default as “All Panelists.”
Slide Deck: http://goo.gl/4wMk3RWebex Support 1-866-229-3239
Event #667 827 013
Thank You!
• Thanks to our featured speaker: Daniel Nigrin, MD
• Thanks to our sponsor: Proofpoint
• You will receive an email when our archive recording is ready. (Separate registration is required)
• CHIME CHCIO Credits – Attending our Webinars = 1 CEU
• Questions/Comments – Anthony Guerra [email protected]
Go to www.healthsystemCIO.com/webinars to view our upcoming schedule and see the last 12 months of archived events.