Adopting a Cybersecurity Framework for Governance and Risk Management
|
|
- Jennifer Roberts
- 8 years ago
- Views:
Transcription
1 The American Hospital Association s Center for Healthcare Governance 2015 Fall Symposium Adopting a Cybersecurity Framework for Governance and Risk Management Jim Giordano Vice Chairman & Chair of Finance Committee Ascension Health - Michigan Market Board President and CEO CareTech Solutions Jeff Bell CISSP, GSLC, CPHIMS, ACHE Manager, Cybersecurity and Privacy PwC 1
2 Disclosure Please note that the views expressed by the conference speakers do not necessarily reflect the views of the American Hospital Association, the Center for Healthcare Governance, or PricewaterhouseCoopers LLP. Presentation includes partial content from Cybersecurity: What the Board of Directors Needs to Ask, IIARF Research Report, The Institute of Internal Auditors Research Foundation: Permission has been obtained from the copyright holder, The Institute of Internal Auditors Research Foundation to publish this reproduction, which is the same in all material respects, as the original unless approved as changed. No parts of this document may be reproduced, stored in any retrieval system, or transmitted in any form, or by any means electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of IIARF. 2
3 Learning Objectives 1. Identify current healthcare privacy and cybersecurity threats and risks 2. Assess the readiness of healthcare providers, business associates, leadership and trustees to respond to current cybersecurity threats 3. Explain the role of the board in managing cybersecurity risks in the context of enterprise risk management 4. Explain the value of a cybersecurity framework for healthcare and hospital governance and enterprise risk management 3
4 Why is Cybersecurity a Board Oversite Issue? Financial / reputational loss at a level relevant to the Board s fiduciary responsibility to sustain corporate mission Data breach laws make response costly / fines Class-action lawsuits are costly Consideration of cyber liability insurance Cybersecurity incidents disrupt operations Attackers include nation-states and organized crime targeting theft of trade secrets and economic sabotage Risks of disruption of industrial controls (smart buildings) Threat to medical devices 4 US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey, PwC, July 2015
5 How Boards Participate in Security Data from The Global State of Information Security Survey % 36% 32% 25% Overall security strategy Security budget Security policies Review of security & privacy risks 24% 18% 15% Security technologies Review roles & responsibilities of security organization Review of security & privacy testing 5 The Global State of Information Security Survey 2015, PwC
6 2015: The Rise of Criminal Attacks on Healthcare Data for the first time, criminal attacks are the number-one cause of healthcare data breaches. Criminal attacks on healthcare organizations are up 125% compared to 5 years ago. In fact, 45% of healthcare organizations say the root cause of the data breach was a criminal attack, and 12% say it was due to a malicious insider. 6 Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, Sponsored by ID Experts Independently conducted by Ponemon Institute LLC, May 2015
7 Healthcare Data Breaches Are Costly 90% had a data breach in the past 2 years, 40% had more than 5 Average economic impact due to data breaches is 2.1 million dollars / healthcare organization and 1 million dollars / business associate organizations over 2 years Criminal attacks are now the #1 cause of data breaches 56% of healthcare organizations and 59% of business associates don t believe their incident response process has adequate funding and resources 7
8 Healthcare Data Breaches Are Costly Data breaches in healthcare are the most expensive to remediate In the U.S. healthcare industry, the average cost was $398 per record Average cost across all industries: $154 per record 8
9 FBI Cyber Division: Private Industry Notification Cyber actors will likely increase cyber intrusions again health care systems to include medical devices due to Mandatory transition from paper to electronic health records (EHR) Lax cybersecurity standards A higher financial payout for medical records in the black market The healthcare industry is not technically prepared to combat cybercriminals basic cyber intrusion tactics, techniques and procedures (TTPs), much less against more advanced persistent threats (APTs) 9
10 Healthcare Cybersecurity Risks: Cybercrime & Hacking Until the recently, cybercriminals didn't have healthcare data in their sight. Now healthcare data is considered a top criminal target by the FBI % of breaches identified in 2014 were in the medical/healthcare industry. Leading cause: Hacking incidents. 3 Cybercrime is a clear, present, and permanent danger. While it s a permanent condition, however, the actors, threats, and techniques are very dynamic. Tom Ridge CEO of Ridge Global 1 st Secretary of the US Department of Homeland Security US cybercrime: Rising risks, reduced readiness - Key findings from the 2014 US State of Cybercrime Survey, PwC 2 James Trainor, deputy assistant director of the FBI, Cyber Division (speaking at HIMSS15, April 2015) 3 Identity Theft Resource Center:
11 What Makes Healthcare Data So Valuable to Cybercriminals? Healthcare records are a rich set of data: Financial, medical, family, and personal data Healthcare data can be used to: Obtain healthcare services Obtain drugs or medical devices Insurance fraud Financial fraud (open financial accounts) A healthcare record can be worth $50 to $1,000 Credit card data typically sells for $1 each Healthcare fraud detection is poor 11 Managing cyber risks in an interconnected world, Key findings from The Global State of Information Security Survey 2015, PwC
12 Healthcare Cybersecurity Risks: Medical Identity Theft More than 2.3 million Americans have been victims How victims learn of the crime: Hospital invoice Collection letter Insurance statement Errors in health record Credit report Difficult for victims to prove the theft 65% of victims spent money to resolve: Average cost: $13,453 Incorrect medical records could jeopardize safety 12 Fifth Annual Study on Medical Identity Theft, Sponsored by the Medical Identity Fraud Alliance, Independently conducted by Ponemon Institute LLC, February 2015 Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, Sponsored by ID Experts, Independently conducted by Ponemon Institute LLC, May 2015 See also: Medical Identity Fraud Alliance:
13 Healthcare Cybersecurity Risks: Insider Threats Insiders refers to your workforce who are trusted with access to your systems They make mistakes They violate policies (snooping, shortcuts) A few have criminal intentions Huge problem in healthcare! Solutions Security awareness training Monitor / manage / discipline Access controls Data Leak Prevention User Activity Monitoring 13
14 Healthcare Cybersecurity Risks: Third Party Risks Third parties were the #2 cause of breaches in Healthcare providers need to manage third party risks Evaluate whether third parties have access to PHI Evaluate the level of risk For high-risk third parties evaluate the security program Before contracting Ongoing Contract terms to manage third party risks 14 1 Identity Theft Resource Center:
15 15 Healthcare Cybersecurity Risks: Medical Device Vulnerabilities
16 Recent Breaches & Settlement Agreements May 20, ,100,000 June 10, 2015 August 18, 2014 May 5, ,900,000 4,500,000 4,500,000 March 17, ,000,000 Breaches due to hackers Anthem is the largest healthcare data breach in US history Medical Informatics Engineering is an EMR vendor with some very large customers 16 March 15, , 800,000 patient records
17 Recent Breaches & Settlement Agreements June 14, ,000 Est. cost: $13.5M November 30, Settlement agreement: $1.7M SRMH: Stolen unencrypted USB drive Concentra: Stolen unencrypted laptop March 4, ,000 Est. cost: $6M Third-party: Transcriptionist lacked technical safeguards on server Patient records accessible on Internet 17
18 Recent Breaches & Settlement Agreements March 3, ,743 patient records Settlement agreement: $150K September 24, 2010 Settlement agreements: $3.5M NYP 6,800 $1.5M CUMC ACMHS: Due to malware, fined for unpatched / unsupported systems NYP / CUMC: Server data accessible on the Internet due to lack of technical safeguards - Server installed and managed by a physician, not an IT professional 18
19 Five Guiding Principles for the Board 1. Directors need to understand and approach cybersecurity as an enterprise-wide risk management issue, not just an IT issue. 2. Directors should understand the legal implications of cyber risks as they relate to their company s specific circumstances. 3. Boards should have adequate access to cybersecurity expertise, and discussions about cyber-risk management should be given regular and adequate time on the board meeting agenda. 4. Directors should set the expectation that management will establish an enterprise-wide management framework with adequate staffing and budget. 5. Board-management discussion of cyber risk should include identification of which risks to avoid, accept, mitigate, or transfer through insurance, as well as specific plans associated with each approach. 19 Cyber-Risk Oversight Executive Summary, Director s Handbook Series 2014 Edition [National Association of Corporate Directors (NACD) in collaboration with AIG and Internet Security Alliance (ISA); Washington, DC; 2014]
20 Principle 1: Approach Not Just an IT Issue Board must assume role of fourth line of defense to protect against cyber risks within the whole organization 20 Cybersecurity: What the Board of Directors Needs to Ask, Copyright 2015 by The Institute of Internal Auditors Research Foundation, ( IIARF ) strictly reserved. No parts of this material may be reproduced in any form without the written permission of IIARF.
21 Principle 1: Approach Not Just an IT Issue Board must require an internal audit for a comprehensive report that covers all domains of cybersecurity Conducted by internal audit staff or external security program Board must monitor whether risk levels are improving or deteriorating and must evaluate the adequacy / severity of the pace of improvement / deterioration 21 Cybersecurity: What the Board of Directors Needs to Ask, Copyright 2015 by The Institute of Internal Auditors Research Foundation, ( IIARF ) strictly reserved. No parts of this material may be reproduced in any form without the written permission of IIARF.
22 Principle 2: Legal Implications Board must understand cyber risks associated with thirdparty service providers IT outsourcing Business process outsourcing Cloud solution SOC 1 and SOC 2 assurance reports performed Chain of trust Agreements with providers that cover responsibility Agreements with any downstream providers of that thirdparty provider Note: HIPAA mandates Business Associate Agreements and Business Associate Compliance, but this is not enough. 22 Cybersecurity: What the Board of Directors Needs to Ask, Copyright 2015 by The Institute of Internal Auditors Research Foundation, ( IIARF ) strictly reserved. No parts of this material may be reproduced in any form without the written permission of IIARF.
23 Principle 2: Legal Implications Understand what constitutes a data breach and what notifications are required by state and federal law HIPAA/HITECH breach notification requirements In which states does the organization conduct business? Are there states where the data breach and privacy laws may be stricter than others (e.g., Mass. and Cali. are perceived to be strict )? What constitutes a data breach in those states? What are the reporting requirements? Under some state laws, if breached data is encrypted, reporting is not required or is minimized Board should be made aware of all major data breaches and security incidents 23 Cybersecurity: What the Board of Directors Needs to Ask, Copyright 2015 by The Institute of Internal Auditors Research Foundation, ( IIARF ) strictly reserved. No parts of this material may be reproduced in any form without the written permission of IIARF.
24 Principle 2: Legal Implications Federal Breach Notification (Omnibus rule of 2013) Covered Entities must report security breaches directly to individuals Without unreasonable delay and in no case later than 60 days following the discovery If the individual cannot be contacted notice must be posted on the hospital website or notify local media Large security breaches (500 or more records) must be reported to the U.S. Department of Health and Human Services and prominent media outlets HHS will post all large breaches to their website Small breaches (under 500 records) must be reported to HHS annually 24
25 Principle 2: Legal Implications an acquisition, access, use or disclosure of [PHI] in a manner not permitted under [the HIPAA Privacy rule] is presumed to be a breach unless the covered entity or business associate, as applicable, demonstrate that there is a low probability that the [PHI] has been compromised based on a risk assessment of at least the four following factors: 1. Nature and extent of the PHI 2. The unauthorized person who used or received the PHI 3. Whether the PHI was actually acquired or viewed 4. The extent to which the risk to the PHI has been mitigated Safe harbor (no breach) if the data was properly encrypted or destroyed 25
26 Principle 3: Discuss with Experts Board should take time to meet with the Chief Information Security Officer (CISO) Understand key issues from CISO s perspective Discuss security strategy and current projects Identify roadblocks (e.g., budget, political agenda, arrogance) Understand data breaches occurring within the industry Verify that management has established relationships with local and national authorities Annual meetings with local FBI FBI actively involved in cybersecurity (Infragard formed in 1996) 26 Cybersecurity: What the Board of Directors Needs to Ask, Copyright 2015 by The Institute of Internal Auditors Research Foundation, ( IIARF ) strictly reserved. No parts of this material may be reproduced in any form without the written permission of IIARF.
27 Principle 4: Enterprise-Wide Management Framework Board must require management to communicate the enterprise risk management organization structure and provide staffing and budget details Enterprise risk management comprised of several risks: Operational, credit, regulatory, legal, medical errors / liability, cybersecurity Board should review security budget metrics What percentage of the total revenue is the IT budget? What percentage of the IT budget is the security budget? How many security dollars being spent per employee within the organization? Beyond corporate IT, what other departments maintain security budgets? 27 Cybersecurity: What the Board of Directors Needs to Ask, Copyright 2015 by The Institute of Internal Auditors Research Foundation, ( IIARF ) strictly reserved. No parts of this material may be reproduced in any form without the written permission of IIARF.
28 Principle 5: Avoiding & Accepting Risks Board should meet with the Chief Risk Officer (CRO) or equivalent annually to review all risks that were avoided and accepted Be aware of decisions made in the Risk Acceptance Report Board must verify that cyber insurance coverage is sufficient Ask management to provide cost per record of a data breach Understand the impact of a major data breach 28 Cybersecurity: What the Board of Directors Needs to Ask, Copyright 2015 by The Institute of Internal Auditors Research Foundation, ( IIARF ) strictly reserved. No parts of this material may be reproduced in any form without the written permission of IIARF.
29 Six Questions the Board Should Ask 1. Does the organization have a security framework? 2. What are the top risks the organization has related to cybersecurity? 3. How are employees made aware of their role relating to cybersecurity? 4. Are external and internal threats considered when planning cybersecurity activities? 5. How is security governance managed within the organization? 6. In the event of a serious breach, has management developed a robust response protocol? 29 Cybersecurity: What the Board of Directors Needs to Ask, Copyright 2015 by The Institute of Internal Auditors Research Foundation, ( IIARF ) strictly reserved. No parts of this material may be reproduced in any form without the written permission of IIARF.
30 Six Questions the Board Should Ask 1. Does the organization have a security framework? HIPAA / HITECH, HITRUST (healthcare) PCI-DSS for credit card acceptance The National Institute of Standards and Technology (NIST) Cybersecurity Framework President issued Executive Order 13636, Improving Critical Infrastructure Cybersecurity, in Feb ISO 27001, NIST , COBIT 30 Cybersecurity: What the Board of Directors Needs to Ask, Copyright 2015 by The Institute of Internal Auditors Research Foundation, ( IIARF ) strictly reserved. No parts of this material may be reproduced in any form without the written permission of IIARF.
31 HIPAA Requires A Risk-Based Approach to Security Protect against any reasonably anticipated threats or hazards (a) Conduct a risk analysis: Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of [ephi] held by the covered entity (a)(1)(ii)(A) Risk management: Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level (a)(1)(ii)(B) 31
32 National Institute of Standards & Technology (NIST) Cybersecurity Framework Identify: Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy Protect: Access Control, Awareness and Training, Data Security, Information Protection Processes and Procedures Detect: Anomalies and Events, Security Continuous Monitoring, Detection Processes Respond: Response Planning, Communications, Analysis, Mitigation, Improvements Recover: Recovery Planning, Improvements, Communications 32 Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, National Institute of Standards and Technology, February 12, 2014
33 NIST Cybersecurity Framework FRAMEWORK CORE Framework Core: a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. 33 Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, National Institute of Standards and Technology, February 12, 2014
34 NIST Cybersecurity Framework Framework Implementation Tiers: Tiers describe the degree to which an organization s cybersecurity risk management practices exhibit the characteristics defined in the Framework. These Tiers reflect a progression from informal, reactive responses to approaches that are agile and risk-informed. Tier 1 Tier 2 Tier 3 Tier 4 Partial Risk Informed Repeatable Adaptive Risk management is ad hoc, with limited awareness of risks and no collaboration with others Risk management processes and program are in place but are not integrated enterprise-wide; collaboration is understood but organization lacks formal capabilities Formal policies for risk management processes and programs are in place enterprise-wide, with partial external collaboration Risk management processes and programs are based on lessons learned and embedded in culture, with proactive collaboration 34 Why you should adopt the NIST Cybersecurity Framework, PwC, May 2014
35 NIST Cybersecurity Framework Framework Profile: ( Profile ) represents the [security] outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories Profiles can be used to identify opportunities for improving cybersecurity posture by comparing a Current Profile (the as is state) with a Target Profile (the to be state). The Current Profile can then be used to support prioritization and measurement of progress toward the Target Profile, while factoring in other business needs including cost-effectiveness and innovation. Profiles can be used to conduct self-assessments and communicate within an organization or between organizations. 35 Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, National Institute of Standards and Technology, February 12, 2014
36 NIST Cybersecurity Framework Benefits of using the Cybersecurity Framework: Improve cybersecurity: The NIST Framework core is up to date in terms of cyber threats / risks / effective controls with an emphasis on Detect, Respond, Recover not just Protect. It is much more up to date and comprehensive than the HIPAA rule. Reduce legal exposure: This process can demonstrate due care in case of a breach and federal / state investigation or even law suit. The NIST Framework is founded on a presidential order and represents best practices. Improve collaboration and communication of security posture with executives and others 36 Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, National Institute of Standards and Technology, February 12, 2014
37 Six Questions the Board Should Ask 2. What are the top risks the organization has related to cybersecurity? Potential areas of risk (examples): Bring your own device (BYOD) and smart devices Cloud computing Outsourcing critical business controls to third parties (and lack of controls around third-party services) Disaster recovery and business continuity Hacking / malware / Advanced Persistent Threats Insider risks Medical device vulnerabilities 37 Cybersecurity: What the Board of Directors Needs to Ask, Copyright 2015 by The Institute of Internal Auditors Research Foundation, ( IIARF ) strictly reserved. No parts of this material may be reproduced in any form without the written permission of IIARF.
38 Six Questions the Board Should Ask 3. How are employees made aware of their role relating to cybersecurity? Security awareness training program Review and annual test for employees Communication plan from CEO or other top executive 38 Cybersecurity: What the Board of Directors Needs to Ask, Copyright 2015 by The Institute of Internal Auditors Research Foundation, ( IIARF ) strictly reserved. No parts of this material may be reproduced in any form without the written permission of IIARF.
39 Six Questions the Board Should Ask 4. Are external and internal threats considered when planning cybersecurity activities? 39 US cybercrime: Rising risks, reduced readiness: Key findings from the 2014 US State of Cybercrime Survey, PwC Cybersecurity: What the Board of Directors Needs to Ask, Copyright 2015 by The Institute of Internal Auditors Research Foundation, ( IIARF ) strictly reserved. No parts of this material may be reproduced in any form without the written permission of IIARF.
40 Six Questions the Board Should Ask 5. How is security governance managed within the organization? 1 st Line of Defense IT operations function Implements policies and standards Day-to-day monitoring of networks and infrastructure 2 nd Line of Defense Perform majority of governance functions related to cybersecurity Headed by CISO, who defines policies, standards, and technical configurations Ensure that IT performs monitoring, reporting, and tracking 3 rd Line of Defense Internal audit ensures that 1 st and 2 nd lines of defense are functioning as designed 40 Cybersecurity: What the Board of Directors Needs to Ask, Copyright 2015 by The Institute of Internal Auditors Research Foundation, ( IIARF ) strictly reserved. No parts of this material may be reproduced in any form without the written permission of IIARF.
41 Six Questions the Board Should Ask 6. In the event of a serious breach, has management developed a robust response protocol? Incident response program / team / skills / tools Crisis management program Crisis management team and their responsibilities 41 Cybersecurity: What the Board of Directors Needs to Ask, Copyright 2015 by The Institute of Internal Auditors Research Foundation, ( IIARF ) strictly reserved. No parts of this material may be reproduced in any form without the written permission of IIARF.
42 Board of Directors Responsibility A primary responsibility of every board of directors is to secure the future of the organization. The very survival of the organization depends on the ability of the board and management not only to cope with future events but to anticipate the impact those events will have on both the company and the industry as a whole. -Tom Horton, Directors & Boards 42
43 The American Hospital Association s Center for Healthcare Governance 2015 Fall Symposium Questions? Jim Giordano Vice Chairman & Chair of Finance Committee Ascension Health - Michigan Market Board President and CEO CareTech Solutions Jeff Bell CISSP, GSLC, CPHIMS, ACHE Manager, Cybersecurity and Privacy PwC 43
Privacy & Security. Risk Management Strategies for Healthcare Data. Ohio Hospital Association Centennial Annual Meeting.
Ohio Hospital Association Centennial Annual Meeting Privacy & Security Risk Management Strategies for Healthcare Data Chris Allman, JD Director of Risk Management, Compliance & Insurance Garden City Hospital
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationGreenway Marketplace. Hear from GSG Compliance & White Plume November 14, 2013
Greenway Marketplace Hear from GSG Compliance & White Plume November 14, 2013 Marketplace Mission Statement To enhance the Greenway customer user experience by offering innovative, forwardthinking technologies
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationHITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
More informationHealthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council
Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council Presented by Doug Copley, Chairman Michigan Healthcare Cybersecurity Council Mr. Chairman and Committee Members,
More informationMedical Information Breaches: Are Your Records Safe?
Medical Information Breaches: Are Your Records Safe? Learning Objectives At the conclusion of this presentation the learner will be able to: Recognize the growing risk of data breaches Assess the potential
More informationHans Henrik Berthing, CPA, CISA, CGEIT, CRISC, CIA
Hans Henrik Berthing, CPA, CISA, CGEIT, CRISC, CIA HANS HENRIK BERTHING Married with Louise and dad for Dagmar and Johannes CPA, CRISC, CGEIT, CISA and CIA ISO 9000 Lead Auditor Partner and owner for Verifica
More informationOverview of the HIPAA Security Rule
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationArt Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches
Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Speakers Phillip Long CEO at Business Information Solutions Art Gross President & CEO of HIPAA
More informationFACT SHEET: Ransomware and HIPAA
FACT SHEET: Ransomware and HIPAA A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000
More informationWho s next after TalkTalk?
Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationCybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response
Cybersecurity and Hospitals What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response This resources was prepared exclusively for American Hospital Association members by Mary
More informationMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis Meeting the Measure Security in Transition Executive Summary Is your organization adopting Meaningful Use, either to gain incentive payouts or to avoid penalties?
More informationHealthcare and IT Working Together. 2013 KY HFMA Spring Institute
Healthcare and IT Working Together 2013 KY HFMA Spring Institute Introduction Michael R Gilliam Over 7 Years Experience in Cyber Security BA Telecommunications Network Security CISSP, GHIC, CCFE, SnortCP,
More informationCYBERSECURITY IN HEALTHCARE: A TIME TO ACT
share: TM CYBERSECURITY IN HEALTHCARE: A TIME TO ACT Why healthcare is especially vulnerable to cyberattacks, and how it can protect data and mitigate risk At a time of well-publicized incidents of cybersecurity
More informationAHLA. N. HIPAA Security Breaches: What Should We Be Doing to Keep Us Out of the Headlines? Diane E. Felix Armstrong Teasdale LLP Saint Louis, MO
AHLA N. HIPAA Security Breaches: What Should We Be Doing to Keep Us Out of the Headlines? Diane E. Felix Armstrong Teasdale LLP Saint Louis, MO Anthony J. Munns Brown Smith Wallace LLC Saint Louis, MO
More information6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013
Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,
More informationManaging data security and privacy risk of third-party vendors
Managing data security and privacy risk of third-party vendors The use of third-party vendors for key business functions is here to stay. Routine sharing of critical information assets, including protected
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationCybersecurity for Meaningful Use. 2013 FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013
Cybersecurity for Meaningful Use 2013 FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013 Healthcare Sector Vulnerable to Hackers By Robert O Harrow Jr.,
More informationCybersecurity Issues for Community Banks
Eastern Massachusetts Compliance Network Cybersecurity Issues for Community Banks Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L Gates LLP State Street
More informationAre You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.
Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP
More information4/9/2015. One Year After the HIPAA Omnibus Rule: Lessons Learned in Breach Notification. Agenda
One Year After the HIPAA Omnibus Rule: Lessons Learned in Breach Notification Adam H. Greene, JD, MPH Partner Davis Wright Tremaine HCCA Compliance Institute April 22, 2015 Doug Pollack Chief Strategy
More informationAalborg Universitet. Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus. Publication date: 2014
Aalborg Universitet Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication
More information2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security
2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationBridging the HIPAA/HITECH Compliance Gap
CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationWhat s New with HIPAA? Policy and Enforcement Update
What s New with HIPAA? Policy and Enforcement Update HHS Office for Civil Rights New Initiatives Precision Medicine Initiative (PMI), including Access Guidance Cybersecurity Developer portal NICS Final
More informationData Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked
Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed
More informationHIPAA/HITECH Privacy and Security for Long Term Care. Association of Jewish Aging Services 1
HIPAA/HITECH Privacy and Security for Long Term Care 1 John DiMaggio Chief Executive Officer, Blue Orange Compliance Cliff Mull Partner, Benesch, Healthcare Practice Group About the Presenters John DiMaggio,
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More information2015 PIAA Corporate Counsel Workshop October 22 23, 2015 Considerations in Cyber Liability Coverage
2015 PIAA Corporate Counsel Workshop October 22 23, 2015 Considerations in Cyber Liability Coverage Chris Reese Vice President, Director of Underwriting Connie Rivas Asst. Vice President, Contracts and
More information8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice
Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone
More informationWhite Paper #6. Privacy and Security
The Complexity of America s Health Care Industry White Paper #6 Privacy and Security www.nextwavehealthadvisors.com 2015 Next Wave Health Advisors and Lynn Harold Vogel, Ph.D. The Complexity of America
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationCyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014
Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A. Puplava
More informationProtecting What Matters Most. Terry Ray Chief Product Strategist Trending Technologies Session 11
Protecting What Matters Most Terry Ray Chief Product Strategist Trending Technologies Session 11 Cyber attacks are bad and getting Significant economic Stock price fell by 14% Impacted profits by 46% Total
More informationManaging Cyber & Privacy Risks
Managing Cyber & Privacy Risks NAATP Conference 2013 NSM Insurance Group Sean Conaboy Rich Willetts SEAN CONABOY INSURANCE BROKER NSM INSURANCE GROUP o Sean has been with NSM Insurance Group for the past
More informationThis presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in
This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American
More informationNine Network Considerations in the New HIPAA Landscape
Guide Nine Network Considerations in the New HIPAA Landscape The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Omnibus Final Rule, released January 2013, introduced some significant
More informationGuidance on Risk Analysis Requirements under the HIPAA Security Rule
Guidance on Risk Analysis Requirements under the HIPAA Security Rule Introduction The Office for Civil Rights (OCR) is responsible for issuing annual guidance on the provisions in the HIPAA Security Rule.
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationImplementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind
Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and
More informationIIARF Research Report CYBERSECURITY WHAT THE BOARD OF DIRECTORS NEEDS TO ASK
IIARF Research Report CYBERSECURITY WHAT THE BOARD OF DIRECTORS NEEDS TO ASK Copyright 2014 by The Institute of Internal Auditors Research Foundation (IIARF). All rights reserved. Published by The Institute
More informationData Breach Response Planning: Laying the Right Foundation
Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationOctober 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches
October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title
More informationRETHINKING CYBER SECURITY Changing the Business Conversation
RETHINKING CYBER SECURITY Changing the Business Conversation October 2015 Introduction: Diane Smith Michigan Delegate Higher Education Conference Speaker Board Member 2 1 1. Historical Review Agenda 2.
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationNew Privacy Laws Impacting the Health Care Work Place
New Privacy Laws Impacting the Health Care Work Place Presented by Thomas E. Jeffry, Jr., Esq. Arent Fox LLP Washington, DC New York, NY Los Angeles, CA November 12 & 19, 2009 Overview 1. Overview of California
More informationCYBERSECURITY: Is Your Business Ready?
CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring
More informationAccess is power. Access management may be an untapped element in a hospital s cybersecurity plan. January 2016. kpmg.com
Access is power Access management may be an untapped element in a hospital s cybersecurity plan January 2016 kpmg.com Introduction Patient data is a valuable asset. Having timely access is critical for
More informationAnatomy of a Healthcare Data Breach
BUSINESS WHITE PAPER Anatomy of a Healthcare Data Breach Prevention and remediation strategies Anatomy of a Healthcare Data Breach Table of Contents 2 Increased risk 3 Mitigation costs 3 An Industry unprepared
More informationFinding a Cure for Medical Identity Theft
Finding a Cure for Medical Identity Theft A look at the rise of medical identity theft and what small healthcare organizations are doing to address threats October 2014 www.csid.com TABLE OF CONTENTS SUMMARY
More informationSMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015
SMB Data Breach Risk Management Best Practices By Mark Pribish February 19, 2015 Presentation Agenda About Mark Pribish Information Governance The Threat Landscape Data Breach Trends Legislative and Regulatory
More informationRisky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015
Risky Business Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015 What We ll Cover About Me Background The threat Risks to your organization What your organization can/should
More informationCyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?
Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationInsulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015
Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact February 10, 2015 Overview 1 The Legal Risks And Issues/The Role Of Legal Counsel: The Breach Coach The Slippery
More informationCompliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations
Enabling a HITECH & HIPAA Compliant Organization: Addressing Meaningful Use Mandates & Ensuring Audit Readiness Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard Compliance Mandates Increased
More informationHIPAA Update. Presented by: Melissa M. Zambri. June 25, 2014
HIPAA Update Presented by: Melissa M. Zambri June 25, 2014 Timeline of New Rules 2/17/09 - Stimulus Package Enacted 8/24/09 - Interim Final Rule on Breach Notification 10/7/09 - Proposed Rule Regarding
More information2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.
The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More informationThe Role of Security Monitoring & SIEM in Risk Management
The Role of Security Monitoring & SIEM in Risk Management Jeff Kopec, MS, CISSP Cyber Security Architect Oakwood Healthcare Jeff Bell, CISSP, GSLC, CPHIMS, ACHE Director, IT Security & Risk Services CareTech
More informationPatient Privacy and Security. Presented by, Jeffery Daigrepont
Patient Privacy and Security Presented by, Jeffery Daigrepont Jeffery Daigrepont, SVP No Financial Conflicts to Report Jeffery Daigrepont, Senior Vice President of The Coker Group, specializes in health
More informationReal World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services
Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationChecklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security
Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @ Agenda Review the
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationArchitecting Security to Address Compliance for Healthcare Providers
Architecting Security to Address Compliance for Healthcare Providers What You Need to Know to Help Comply with HIPAA Omnibus, PCI DSS 3.0 and Meaningful Use November, 2014 Table of Contents Background...
More informationManaging Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec
Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Jeremy Ong Divisional Vice-President Great American Insurance Company November 13, 2010 1 Agenda Overview of data breach statistics
More information3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?
HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationThe New Normal Healthcare s New Threat Profile. Matthew Sadler National Director, Healthcare Cyber Security KPMG November 2015
The New Normal Healthcare s New Threat Profile Matthew Sadler National Director, Healthcare Cyber Security KPMG November 2015 Recent Events Cybercriminals Today Cyber Threats Why Are We Such a Big Target?
More informationRSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS
RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS Security solutions for patient and provider access AT A GLANCE Healthcare organizations of all sizes are responding to the demands of patients, physicians,
More informationInformation Protection Framework: Data Security Compliance and Today s Healthcare Industry
Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement
More informationHow To Find Out What People Think About Hipaa Compliance
Healthcare providers attitudes towards HIPAA compliance in 2015 Created July, 27 2015 Healthcare providers attitudes towards HIPAA compliance in 2015 Over the course of this last year the healthcare industry
More informationCybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015
Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key
More informationStrategies for. Proactively Auditing. Compliance to Mitigate. Matt Jackson, Director Kevin Dunnahoo, Manager
Strategies for 1 Proactively Auditing HIPAA Security Compliance to Mitigate Risk Matt Jackson, Director Kevin Dunnahoo, Manager AHIA 32 nd Annual Conference August 25-28, 2013 Chicago, Illinois www.ahia.org
More informationCOMPLIANCE ALERT 10-12
HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment
More informationA s a covered entity or business associate, you have
Health IT Law & Industry Report VOL. 7, NO. 19 MAY 11, 2015 Reproduced with permission from Health IT Law & Industry Report, 07 HITR, 5/11/15. Copyright 2015 by The Bureau of National Affairs, Inc. (800-372-1033)
More informationAuditing Security: Lessons Learned From Healthcare Security Breaches
Auditing Security: Lessons Learned From Healthcare Security Breaches Adam H. Greene, J.D., M.P.H. Davis Wright Tremaine LLP Washington, D.C. Michael Mac McMillan CynergisTek, Inc. Austin, Texas DISCLAIMER:
More informationBUSINESS ASSOCIATE AGREEMENT. Recitals
BUSINESS ASSOCIATE AGREEMENT This Agreement is executed this 8 th day of February, 2013, by BETA Healthcare Group. Recitals BETA Healthcare Group consists of BETA Risk Management Authority (BETARMA) and
More informationLaw Firm Cyber Security & Compliance Risks
ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014
More informationRisk Management and Compliance: Healthcare Best Practices Guide
WHITE PAPER: RISK MANAGEMENT AND COMPLIANCE: HEALTHCARE............. BEST.... PRACTICES........... GUIDE............ Risk Management and Compliance: Healthcare Best Practices Guide Who should read this
More informationCybersecurity@RTD Program Overview and 2015 Outlook
Cybersecurity@RTD Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD Information Technology Department of Finance & Administration
More informationMANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS
MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS RRD Donnelley SEC Hot Topics Institute May 21, 2014 1 MANAGING CYBERSECURITY RISK AND DISCLOSURE OBLIGATIONS Patrick J. Schultheis Partner Wilson
More informationAm I a Business Associate? Do I want to be a Business Associate? What are my obligations?
Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Brought to you by Winston & Strawn s Health Care Practice Group 2013 Winston & Strawn LLP Today s elunch Presenters
More informationHosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE
Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE [ Hosting for Healthcare: Addressing the Unique Issues of Health IT & Achieving End-to-End Compliance
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More information