1 What to Do When Hacktivists Target Your Health System A Complimentary Webinar From healthsystemcio.com Sponsored by Proofpoint Your Line Will Be Silent Until Our Event Begins at 12:00 ET Thank You!
2 Housekeeping Moderator Anthony Guerra, editor-in-chief, healthsystemcio.com Ask A Question We will be holding a Q&A session after the formal presentations. You may submit your questions at any time by clicking on the QA panel located in the lower right corner of your screen, type in your questions in the text field and hit send. Please keep the send to default as All Panelists. Download the Deck Go to Download today's deck at: Shortened URL at bottom of all slides View the Archive You will receive an when our archive recording is ready. Separate registration is required.
3 Agenda Approximately 45 Minutes 30 minutes: Daniel Nigrin, MD, CIO, Boston Children's Hospital 5 minutes: A Word From Our Sponsor: Patrick Wheeler, Director, Product Marketing, Proofpoint 10 minutes: Q&A w/daniel Nigrin
4 What to Do When Hacktivists Target Your Health System
5 Case Study What happened? How did we respond What did we learn? Could it happen again?
6 A Shot Across Our Bow March 20, 2014 notified by external cyber intelligence group about Twitter/Pastebin posting by Anonymous, threatening attack result of highly publicized child custody case Anonymous: loose and decentralized group of hacktivist individuals d0x of staff and presiding judge posted Details of BCH external web site posted
8 Was This the Real Anonymous? Not hard to get details they posted Not hard to post a video on YouTube Should we just discount it then?
9 Was This the Real Anonymous? Should we just discount it then? NO!! Convened Hospital s Incident Response Team, began forming contingency plans Especially focused on potential need to go dark, cutting ourselves off from Internet if necessary Message to entire organization emphasizing vigilance, security best practices Contacted authorities
10 It Begins About 3 weeks later... low volume DDoS attack starts Mitigated by network changes Cat and mouse we address attack, they change tactic/increase volume 1 week later, Easter/Patriot Day weekend (Boston Marathon bombing 1 year anniversary) Massive uptick in DDoS volume Engaged 3 rd party vendor to assist in filtering traffic
11 Internet Traffic During DDoS Attack Nigrin, NEJM, July 31, 2014
12 *** ***
13 Not Just DDoS Direct penetration attacks on exposed ports, web sites Proactively took down virtually all externally facing sites: research, philanthropy, patient and provider portals, etc Massive influx of malware laden s Proactively shut down entire system for ~24 hrs Re-emphasized to staff to not open suspicious mails/attachments Ensured no malware made it through filters
17 It Ends About 1 week after high volume DDoS started, it abruptly declined, to a low trickle Only gradually brought externally facing sites back online, after extensive 3 rd party (re)penetration testing Took a deep breath!
18 Out of all bad things... good things come
20 What Did We Learn DDoS countermeasures are critical! Know what systems (or features within systems) depend on Internet access, and have contingency plans for those Recognize importance of , and need for alternate forms of communication Need to push through security initiatives no excuses anymore Securing teleconference meetings Separating signal from noise
21 And Most Importantly As an industry, we ve got to pay closer attention to these threats, and prioritize our efforts against them, far more than we have done in the past
22 What to Do When Hacktivists Target Your Health System Patrick Wheeler, Director, Product Marketing, Proofpoint
23 is Arguably the #1 Threat Vector There is ample evidence that is the preferred channel to launch advanced targeted attacks. - GARTNER, JULY 2013 Criminals who pursue a career in phishing can reap millions of dollars a year, even if they only manage to snag just a few victims per scam. - Brian Krebs, KrebsOnSecurity and investigator who revealed Target breach Users WILL be phished, and they WILL eventually click. - Verizon 2014 Data Breach Investigations Report A BUSINESS REPUTATION CAN BE AFFECTED IMMENSELY BY A PHISHING ATTACK... IRRELEVANT OF A COMPANY S SIZE, IT CAN TAKE A LONG TIME FOR PEOPLE TO REGAIN CONFIDENCE IN A BUSINESS - Rachel Ark, Hacksurfer
24 The Limits of User Education Attackers continually refine and try new phishing templates
25 The User Challenge
26 New Threat Landscape, New Requirements TRADITIONAL ANTI-SPAM Traditional Reputation and Signature Systems 99% effectiveness good enough Black-box TODAY S THREATS Mass customization and botnets increasingly bypass Every message matters Real-time, end-to-end insight and rich policy are critical
28 Proofpoint (NASDAQ: PFPT) Security-as-Service Leader What We Do Protect the Most Sensitive Data of the World s Most Successful Companies Comprehensive Data Protection Portfolio Scalable Security-as-a-Service platform Advanced Threat Protection Demonstrated Success Key Partners 3 of the 5 largest US Retailers 5 of the 5 largest US Banks 3 of the 5 largest US Defense Contractors 2 of the 5 largest Global Pharmaceuticals Companies Select Partners & Customers Accolades Leaders Quadrant: Magic Quadrant for Secure Gateways & Enterprise Information Archive Champions Quadrant & Innovation Award, 2012
29 Gartner Positions Proofpoint in the Leaders Quadrant 2014 Magic Quadrant for Secure Gateways Gartner positions Proofpoint in the Leaders Quadrant Evaluation based on Completeness of Vision and Ability to Execute Magic Quadrant for Secure Gateways by Peter Firstbrook and Brian Lowans Gartner, Inc., July 1, 2014 This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available from Proofpoint upon request. Read the full report:
30 Q&A Click on the Q&A panel located in the lower right corner of your screen, type in your questions in the text field and hit send. Please keep the send to default as All Panelists.
31 Thank You! Thanks to our featured speaker: Daniel Nigrin, MD Thanks to our sponsor: Proofpoint You will receive an when our archive recording is ready. (Separate registration is required) CHIME CHCIO Credits Attending our Webinars = 1 CEU Questions/Comments Anthony Guerra Go to to view our upcoming schedule and see the last 12 months of archived events.
Cyber-Security Essentials for State and Local Government Best Practices in Policy and Governance Operational Best Practices Planning for the Worst Case Produced by with content expertise provided by For
Current Trends in Corporate Criminal Activity 1:15 PM - 2:15 PM 4/28/2015 Presenters: John McCullough, Financial Crimes Service firstname.lastname@example.org Fred Laing, Upper Midwest Automated Clearing House Association
CYBERSECURITY A Resource Guide for BANK EXECUTIVES Executive Leadership of Cybersecurity CEO LETTER I am proud to present to you the CSBS Executive Leadership of Cybersecurity Resource Guide. The number
TELSTRA CYBER SECURITY REPORT 2014 Security insights, trends and impact to Australian organisations EXECUTIVE SUMMARY The internet presents a world of social connectivity, economic growth and endless opportunities
2014 DATA BREACH INVESTIGATIONS REPORT Executive Summary INSIDER MISUSE DOS ATTACKS MISCELLANEOUS ERRORS PHYSICAL THEFT AND LOSS CYBER-ESPIONAGE CRIMEWARE PAYMENT CARD SKIMMERS WEB APP ATTACKS 92 % THE
Nine Essential Requirements for Web Security Enabling safe, productive access to social media and other web applications Table of Contents Executive Summary...3 Introduction...4 Web Security Concerns....4
The Custom Defense Against Targeted Attacks A Trend Micro White Paper Contents Executive Summary...3 The Anatomy of a Targeted Attack...4 The Reality and Costs of Targeted Attacks...5 Strategic Choices
ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS Acknowledgements The ICC Cyber security guide for business was inspired by the Belgian Cyber security guide, an initiative of
A Trend Micro Research Paper Suggestions to Help Companies with the Fight Against Targeted Attacks Jim Gogolinski Forward-Looking Threat Research Team Contents Introduction...3 Targeted Attacks...4 Defining
Securosis, L.L.C. Best Practices for Endpoint Data Loss Prevention by Rich Mogull This Report Sponsored by: Securosis, L.L.C. http://securosis.com Author s Note The content in this report was developed
Home Digital Revolution I Combating Evasion & Fraud I Future Compliance Model I Required Capabilities I Our Solution: Trouve I Getting Started I Capgemini & SAS Trouve Our Solution to Combat Tax & welfare
1 Cisco: Addressing the Full Attack Continuum A New Security Model for Before, During, and After an Attack 2 3 9 12 Issue 1 Welcome Addressing the Full Attack Continuum: A New Security Model for Before,
SonicWALL 2010 Security Trends SonicWALL asdfsdadsafsadfsdafasdfds Contents Predictions for 2010 2 New Wave of Teleworkers Prompts Tighter Remote-Access Security 2 First Post-Recession Hires Will Be Temporary
Problem: You ve been hacked! Now what? Solution: Proactive, automated incident response from inside the network Things To Do After You ve Been Hacked Tube web share It only takes one click to compromise
Global Cyber Executive Briefing Lessons from the front lines Read more Global Cyber Sectors Executive Briefing Lessons from the front lines In a world increasingly driven by digital technologies and information,
A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Meeting the Cyber Risk Challenge Sponsored by ABOUT ZURICH INSURANCE GROUP Zurich Insurance Group (Zurich) is a leading multi-line insurance provider
APRIL 2015 VOLUME 20 INTERNET SECURITY THREAT REPORT 2 2015 Internet Security Threat Report MOBILE & IOT WEB THREATS SOCIAL MEDIA & SCAMS TARGETED ATTACKS 4 Introduction 5 Executive Summary 9 IN NUMBERS
MITSloan MANAGEMENT DIGITAL TRANSFORMATION: A ROADMAP FOR BILLION-DOLLAR ORGANIZATIONS FINDINGS FROM PHASE 1 OF THE DIGITAL TRANSFORMATION STUDY CONDUCTED BY THE MIT CENTER FOR DIGITAL BUSINESS AND CAPGEMINI
Cisco 2014 Annual Security Report 2 Cisco 2014 Annual Security Report Executive Summary The Trust Problem The exploitation of trust is a common mode of operation for online attackers and other malicious
Data Breach Response Guide By Experian Data Breach Resolution 2013-2014 Edition Trust the Power of Experience. 2013 ConsumerInfo.com, Inc. Table of Contents Introduction 3... Data Breach Preparedness 4...
1 MOBILITY IN FINANCIAL SERVICES A Checklist Towards Regulatory Compliance Whitepaper Whitepaper Brochure 2 A Checklist Towards Regulatory Compliance Like business leaders in every industry, decision makers
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
Social Media in Recruiting Using New Channels To Source Talent Benchmark Research White Paper Aligning Business and IT To Improve Performance Ventana Research 2603 Camino Ramon, Suite 200 San Ramon, CA