White Paper. Data Breach Mitigation in the Healthcare Industry

Save this PDF as:

Size: px
Start display at page:

Download "White Paper. Data Breach Mitigation in the Healthcare Industry"

Transcription

1 White Paper Data Breach Mitigation in the Healthcare Industry Thursday, October 08, 2015

2 Table of contents 1 Executive Summary 3 2 Personally Identifiable Information & Protected Health Information Medical Identity Theft and the Cost to Remediate 5 3 The Data Breach Problem 6 4 The PII, Data Storage, Usage and Access Problem Personally Identifiable Information in BI and Operations How PII Data is Stored Data Usage and Access 8 5 Clarity s Approach Strategy & In Depth Analysis Methodology Architectural Considerations & Designs Legacy Data Stores 10 6 Outcomes 11 7 About the Author 12 8 About Clarity Solution Group 13 Proprietary Clarity Solution Group, LLC 2

3 1 Executive Summary For the healthcare industry, the risk of being the target of a malicious data breach is higher than ever before. Since the U.S. Department of Health and Human Services started tracking unauthorized data breaches of Personally Identifiable Information (PII) and Protected Health Information (PHI) in 2009 there have been over 1200 major data breaches with over 135,000,000 individual records or health records lost or stolen. 1 In a recent poll, more than 90% of healthcare organizations responding to a survey claim they have been part of a data breach that exposed patient data within the past two years. 2 The healthcare industry as a whole lags far behind the retail and financial industries when it comes to cyber security. Even with the industry spending billions of dollars to catch up to the more advanced industries, the approaches and mitigation attempts to secure data from outside intruders may not be enough to avoid loss of these records. This paper outlines the technical designs that the healthcare industry as a whole and individual organizations must accept and drive toward in order to properly and safely secure the data of their patients and to ensure that the medical identity of these patients remains out of the hands of cyber criminals and those who would use this information for nefarious means. Keeping criminals from obtaining the data is the best case scenario, but securing, masking, normalizing and encrypting the data internally and keeping it so that all the data does not exist in one place for all users can ensure that those with malicious intent cannot tell a story with the data they obtain illegally. 1 Breaches Affecting 500 or More Individuals, HHS.gov. 2 Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, Ponemon Institute. Proprietary Clarity Solution Group, LLC 3

4 2 Personally Identifiable Information & Protected Health Information In U.S. privacy laws and related language, Personally Identifiable Information (PII) is any information that can be used on its own or in collaboration with other information to identify, contact or locate a single person. Similar to PII, Protected Health Information (PHI) is any information about health status, provision of health care, or payment for health care that can be linked to an individual, as defined by the HIPAA Privacy Rule. The major differences between PII and PHI are that PII is a legal definition of any information that can be used to uniquely identify an individual and PHI identifiers are a subset of PII that can be used to identify an individual related to a medical record. Within the classifications of what is considered PHI/PII, there are certain attributes which when either standing alone or combined with a minimal amount of other identifiers can be used to identify or give one the means to tell a story about an individual. These are sometimes referred to as Major Identifiers. Some of the major identifiers used in the health care industry with regards to PII/PHI include: First Name Last Name Social Security Number Home Address Date of Birth The Value of Health Records and the Cost of Identity Theft According to a recent study, the cost of data breaches in the healthcare industry as a whole are costing healthcare providers and insurers up to 6 billion dollars per year. The average cost of being part of a data breach is over 2.1 million dollars per healthcare organization. 3 The average cost of a healthcare breach worldwide is $363 per exposed record in contrast with an average cost of $398 per record in the U.S. alone. For comparison purposes, the average cost per record stolen in other industries comes in at $154. It should come as no surprise that a data breach in the healthcare industry would come in at double the average cost of other industries. Black market prices for medical records and health history can be worth ten times the value of PII from data breaches in other verticals. Whereas a stolen credit card number is worth roughly a dollar on the black market, a medical record is worth, on average, between ten and fifty dollars, with some specific records being valued at thousands of dollars. Why would a criminal care about a medical record when they can make actual purchases with a pilfered credit card? 3 Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, Ponemon Institute. Proprietary Clarity Solution Group, LLC 4

5 2.1 Medical Identity Theft and the Cost to Remediate Aside from the first and last name, billing address, and potential billing information that may be obtained within a medical record the record also contains policy and account numbers, birth date, insurance and policy numbers, social security numbers and diagnosis codes that are related to the patient/member. So while this information can be used for traditional identity theft to make purchases, it is even more valuable to utilize this information to conduct medical fraud. This fraud can be extremely profitable and harder to detect. Medical identity theft is many times undetected for years by a patient, insurer or provider. Criminals use these medical records to buy medical equipment or prescription drugs which are then resold or they utilize insurance information coupled with false or stolen provider numbers and file false claims with healthcare payers. In some cases, fraudsters create fake credentials based on stolen records and obtain expensive healthcare which then is billed to the real member. The financial identity theft can lead to overages in medical expenses and denial of services or claims due to these medical procedures that were procured under false identity. Not only does this contain the hassle of having to clear up financial obligations and burdens, but there is a life threatening risk that the member s health record is contaminated with someone else s medical history and diagnoses. If this false data is not properly identified by the patient or medical care professional there can be life threatening consequences caused by incorrect bio-metrical data or prescription information or allergies. There is also the looming threat of having one s personal health information available. There can be negative stigmas associated with certain diagnoses or procedures. Unlike financial identity theft, there is no canceling or reissuing of cards that will clear this information from being out there. If the data is breached and the medical history leaked, it is out there forever. Insurers and providers lag behind other industries in identifying and fixing health records and helping identity theft victims manage the consequences of identity theft. As of 2014 many medical identity theft victims reported that they spent on average $13,500 to restore their credit, reimburse and clear up healthcare claims and correct inaccuracies in their health care records. 4 4 Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, Ponemon Institute. Proprietary Clarity Solution Group, LLC 5

6 3 The Data Breach Problem The healthcare industry and its organizations are being targeted by cyber criminals like never before. With the large amount of records taken in the Premera Blue Cross and Anthem Health cyberattacks in 2015, cyberattacks and intentional criminal activity have officially surpassed employee or insider negligence actions as the number one cause of data breach in healthcare organizations. Medical records are often more easily obtained than traditional bank, financial services and retail operations as these entities have been stepping up their online security for many years to stay ahead of hackers. With all of the major attacks occurring and the healthcare industry being a top target for criminals and internal breachers, half of all healthcare organizations have little to no confidence that they can identify whether or not they have had patient/member data taken. Even with billions spent on preventing cyberattacks and unwanted external exposure as well as remedies in the case of a malicious breach, the industry and all the patients they serve are still at risk from exposure and identity theft. Only 50% of organizations have procedures and policies in place to effectively prevent and detect unauthorized access. 5 Cyberattacks may make up the majority of data breaches, but cybersecurity alone will not fully protect patients and members from identity theft. Lost or stolen computing devices containing identifying information and medical records and employee mistakes such as lost print out or PHI information being improperly disposed of make up nearly the same percentage of data breach reasons as malicious attacks. In fact, healthcare organizations are almost twice as likely to respond that they have concerns with employee negligence being a cause for breach as they are with cyber attackers. Besides negligence, cyber hacks, and phishing scams to steal employee passwords healthcare organizations have to deal with malicious insiders who have access to the data (in some cases whether they need access or not). Internal technical security initiatives can help prevent some of these reasons for breach and help log who accessed what data, but it cannot 100% safeguard PII/PHI data by itself. How else can an organization protect its members from identity theft in the inevitable case that someone gets access to personal health records? 5 Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, Ponemon Institute. Proprietary Clarity Solution Group, LLC 6

7 4 The PII, Data Storage, Usage and Access Problem 4.1 Personally Identifiable Information in BI and Operations Healthcare payers and providers rely on personally identifiable information for not only reporting, but in order to match customers internally throughout time and externally in order to match up the same patient / member as they relate to third party services. Most of the current and legacy reporting and operational systems in place in healthcare organizations today were built around personally identifiable information. Major Identifiers such as Social Security numbers, names, and date of birth are used to tie a member s history together. While these identifiers were never intended by the SSA to be used to identify an individual, they are so slowly changing that they were natural candidates to be used to identify a person across a multitude of systems within one organization. Unfortunately these systems that utilized these major identifiers for matching and identification are now the systems that are most at risk and easily targets for hackers. Due to the propagation of these major identifiers throughout host systems and the fact that these systems were built around PII in many cases, it is extremely hard for stewards of these systems to reengineer to remove or replace these identifiers without a major impact to performance and stability of legacy operating and BI systems. At this point in time, many healthcare organizations have implemented tokenization by assigning an arbitrary internal identifier to an individual in order to track this person s activity in an easier way. Tokens such a patient number and healthcare ID are widely used internally within organizations across systems. While this way to track a member over time could be applied in data security, in many instances it is only a supplement to the current structures for ease of use. The underlying major identifiers that are tied to these surrogate numbers are often still exposed in the same structures where the unique identifier resides. Furthermore, many systems are designed so that patients may not have continuity across their tokens if there is ever a break in coverage or a change in information, making reporting on BI difficult, therefore forcing the identity matching to be performed using the major identifiers noted earlier. 4.2 How PII Data is Stored Throughout the healthcare industry s landscape, much of this PII and PHI data is located in multiple marts and stored in almost every single operational system and potentially in multiple tables per systems wherever membership or patient data exists. Given the current landscape and the emphasis on protecting data sensitive data, many organizations are trying to get away from this propagation of PII, however due to the years of this data not being considered a risk many of these organizations are in no position to identify where all of the data resides let alone address how to remedy how the data should be stored to enable security and performance. Proprietary Clarity Solution Group, LLC 7

8 4.3 Data Usage and Access As stated earlier, employee negligence is the greatest concern for healthcare organizations, however many organizations have reporting and operational environments were all PII data is exposed to all users of that data. Even without malicious intentions being factored in, allowing all employees to have access to all data, whether they need that data to perform their work tasks or not allows for more risk of exposure in the event of a data breach. A user having a password stolen via a phishing scam or just having that user be negligent to best practices on data security such as leaving a laptop open or downloading data to an unencrypted machine means that a user that had no need for that data in the first place can be the reason for a healthcare organization to end up on the Human Health & Services Wall of Shame. The same approach for data access to users can apply to operational applications and BI reporting data stores. In many cases the underlying tables contain all of the data about all of the members/patients, even if that data is not actually necessary to complete the functional of the operation system or if the data mart that feeds a certain user group has no need for member birth date or social security number. Once again in the event of a data breach, having all of these identifying attributes in one place, easily accessible under one log in allows fraudsters to tell a story with someone else s data, leading to identity theft and in some cases, irreparable harm. Proprietary Clarity Solution Group, LLC 8

9 5 Clarity s Approach 5.1 Strategy & In Depth Analysis Methodology A full assessment of all pertinent data sources would first be performed of all systems where personal identifiers and PHI information exist. This would allow for a high level overview of the health organization s IT architecture as a whole and will serve as the foundation for the strategy to identify and prioritize where the most information lives and assess which systems are at greatest risk of a data breach. A risk assessment will be performed to determine which identifying attributes are of the greatest risk in the event of a breach. Combinations and locations of these major identifiers will be documented and a strategic decision will have to be reached how best to remove or better secure these identifiers. Once a strategic approach is agreed upon and mapped out a more tactical method will be applied to each of the IT systems where identifying information exists. Full profiling of each of these sources will be performed in order to better understand and fully document where all PII information exists. Impact analysis will follow to determine all extracts, stored procedures, ETL jobs, reports, etc. and to identify the downstream impacts of modifying data architecture. A strategy to modify these impacted jobs will then have to be developed. Interviews with the business community and consumers of any and all data affected will have to be performed. A partnership with the teams in charge of data security and access should be forged so that any enterprise wide initiatives around security or data security are accounted for in any designs and releases. 5.2 Architectural Considerations & Designs The architectural designs to protect PII and PHI have to take into account the ability to minimize and secure data, while still ensuring that data continues to be readily available for reasonable business needs and analytical purposes. In the case of highly de-normalized data structures with multiple identifiers available, segmentation of this data may be applied. Certain identifiers can be removed from underlying tables and replaced with a token that allows for the tracking of a member throughout time to establish continuity, if desired. In the case that tokenization and unique identification are not established at an organization, a program to implement this should be considered for not only security purposes, but also for accuracy in tracking membership over time and if there are ever changes to customer data. Once this unique identifier is established and validated, the identifying information can be removed as desired and replaced with this meaningless token. Aggregated analytics can be performed as before, but with secure data. Data that can be used to identify individuals but is also useful for reporting can be altered to still allow analytics, but with better security measures in place. An example of this is birth date. Birth date may be useful to an analytics team trying to group members by age, however, having the birth date readily available can also be a cause for concern, as birth date is commonly used as a validation question to Proprietary Clarity Solution Group, LLC 9

10 confirm identity. The member Date of Birth could be transformed during ETL to be age banded, or have birth year if that is useful for analytics. This is just one example of how attributes can be altered to be secure but still be readily available for business purposes. In the case where more detailed information containing PII or PHI is necessary, encryption and decryption views can be applied with appropriate security measures taken into account. Examples of this could include extracts that need Social Security numbers, or specific birthdates coupled with first and last name. 5.3 Legacy Data Stores Another consideration around data security is in regards to legacy data stores and IT systems. Identifying information lives throughout many legacy systems and in some cases these legacy systems are not utilized or used for a minor amount of reporting/operations. Patching and security processes are not properly applied in some cases and the data is considered out of sight out of mind, but the data contained within these tables contain the same PII as modern systems and can be used maliciously if they fall into the wrong hands. An approach should be developed at the enterprise level on how to decommission, archive and encrypt legacy data stores so that identifying information is not set to open security and is not unencrypted in the instance of a data breach. This data can be secured and removed from data access, but still retained in a secure matter in order to meet legal obligations for data retention. In the special instance where this data needs to be accessed for any purpose, the data can be temporarily restored and decrypted and put into a temporary space with special security granted to the users who need to access this data. The data should then once again be decommissioned, archived, and re-encrypted and special security be stripped from the users once the special case analysis has been completed. Proprietary Clarity Solution Group, LLC 10

11 6 Outcomes Clarity s extensive background in the Healthcare & Life Sciences industry coupled with its exclusive focus on data and analytics led to the current approach we leverage to assess and mitigate any of the data storage design and user access faults that can lead to problems in the event of a breach. Healthcare organizations should begin to look at their own internal IT systems and evaluate data risk and how it can better protect its members and patients. Clarity s implementation experience has led us to believe that a clearly defined strategy, approach and implementation allows for performance while leveraging techniques to better secure data. To learn more about Clarity s approach to data breach risk mitigation, please contact us at Proprietary Clarity Solution Group, LLC 11

12 7 About the Author Kevin Knoll Senior Consultant at Clarity Solution Group Kevin Knoll brings years of delivering reporting and analytics solutions with a specialization in Healthcare and Life Sciences. Kevin has been key in delivering data strategies and full lifecycle implementation for healthcare payers and major players within the pharmaceutical industry. Before joining Clarity Solution Group, Kevin worked in finance with a background in healthcare and manufacturing, later becoming a consultant in the financial consolidation space and with a heavy background in government, pharmaceuticals, manufacturing and non-profit organizations. Proprietary Clarity Solution Group, LLC 12

13 8 About Clarity Solution Group Clarity Solution Group is the largest on-shore consulting company in the US whose sole focus is data and analytics. Clarity delivers enterprise-scale solutions with boutique focus, helping Fortune 1000 clients leverage data to drive superior business outcomes. For more information, visit Proprietary Clarity Solution Group, LLC 13

CYBERSECURITY IN HEALTHCARE: A TIME TO ACT

CYBERSECURITY IN HEALTHCARE: A TIME TO ACT share: TM CYBERSECURITY IN HEALTHCARE: A TIME TO ACT Why healthcare is especially vulnerable to cyberattacks, and how it can protect data and mitigate risk At a time of well-publicized incidents of cybersecurity

More information

CYBERCRIME AND THE HEALTHCARE INDUSTRY

CYBERCRIME AND THE HEALTHCARE INDUSTRY CYBERCRIME AND THE HEALTHCARE INDUSTRY Access to data and information is fast becoming a target of scrutiny and risk. Healthcare professionals are in a tight spot. As administrative technologies like electronic

More information

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

CYBERCRIME AND THE HEALTHCARE INDUSTRY

CYBERCRIME AND THE HEALTHCARE INDUSTRY CYBERCRIME AND THE HEALTHCARE INDUSTRY Executive Summary Healthcare professionals are in a tight spot. As administrative technologies like Electronic Health Records (EHRs) and patient and provider portals

More information

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed

More information

Compromises in Healthcare Privacy due to Data Breaches

Compromises in Healthcare Privacy due to Data Breaches Compromises in Healthcare Privacy due to Data Breaches S. Srinivasan, PhD Distinguished Professor of Information Systems Jesse H. Jones School of Business Texas Southern University, Houston, Texas, USA

More information

Cyber Security Protecting critical health care information

Cyber Security Protecting critical health care information OnTrend APRIL 2016 ISSUE Cyber Security Protecting critical health care information The trend Cyber Security As health care data security breaches proliferate, putting members data at risk for fraud or

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

Big Data, Big Risk, Big Rewards. Hussein Syed

Big Data, Big Risk, Big Rewards. Hussein Syed Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data

More information

Healthcare Information Security Today

Healthcare Information Security Today Healthcare Information Security Today 2015 Survey Analysis: Evolving Threats and Health Info Security Efforts WHITE PAPER SURVEY BACKGROUND The Information Security Media Group conducts an annual Healthcare

More information

2015 CENTRI Data Breach Report:

2015 CENTRI Data Breach Report: INDUSTRY REPORT 2015 CENTRI Data Breach Report: An Analysis of Enterprise Data Breaches & How to Mitigate Their Impact P r o t e c t y o u r d a t a Introduction This industry report attempts to answer

More information

Healthcare Utilizing Trusted Identity Credentials

Healthcare Utilizing Trusted Identity Credentials Healthcare Utilizing Trusted NextgenID - Headquarters 10226 San Pedro Ave, Suite 100 San Antonio, TX 78216 (210) 530-9991 NextgenID - Washington DC 13454 Sunrise Valley Drive, Suite 430 Herndon, VA 20171

More information

Medical Information Breaches: Are Your Records Safe?

Medical Information Breaches: Are Your Records Safe? Medical Information Breaches: Are Your Records Safe? Learning Objectives At the conclusion of this presentation the learner will be able to: Recognize the growing risk of data breaches Assess the potential

More information

BEFORE THE BREACH: Why Penetration Testing is Critical to Healthcare IT Security

BEFORE THE BREACH: Why Penetration Testing is Critical to Healthcare IT Security BEFORE THE BREACH: Why Penetration Testing is Critical to Healthcare IT Security August 2014 w w w.r e d s p in.c o m Introduction This paper discusses the relevance and usefulness of security penetration

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies

More information

I ve been breached! Now what?

I ve been breached! Now what? I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have

More information

Anatomy of a Healthcare Data Breach

Anatomy of a Healthcare Data Breach BUSINESS WHITE PAPER Anatomy of a Healthcare Data Breach Prevention and remediation strategies Anatomy of a Healthcare Data Breach Table of Contents 2 Increased risk 3 Mitigation costs 3 An Industry unprepared

More information

Oakland Family Services Information Breach FAQs

Oakland Family Services Information Breach FAQs Oakland Family Services Information Breach FAQs 1. What happened? An unauthorized individual remotely gained access to the email account of one Oakland Family Services employee July 14, 2015 resulting

More information

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become

More information

DATA SECURITY HACKS, HIPAA AND HUMAN RISKS

DATA SECURITY HACKS, HIPAA AND HUMAN RISKS DATA SECURITY HACKS, HIPAA AND HUMAN RISKS MSCPA HEALTH CARE SERVICES SEMINAR Ken Miller, CPA, CIA, CRMA, CHC, CISA Senior Manager, Healthcare HORNE LLP September 25, 2015 AGENDA 2015 The Year of the Healthcare

More information

White Paper #6. Privacy and Security

White Paper #6. Privacy and Security The Complexity of America s Health Care Industry White Paper #6 Privacy and Security www.nextwavehealthadvisors.com 2015 Next Wave Health Advisors and Lynn Harold Vogel, Ph.D. The Complexity of America

More information

Transforming the Customer Experience When Fraud Attacks

Transforming the Customer Experience When Fraud Attacks Transforming the Customer Experience When Fraud Attacks About the Presenters Mike Young, VP, Product Team, Everbank Manages consumers and business banking products, as well as online and mobile banking

More information

Reducing Cyber Risk in Your Organization

Reducing Cyber Risk in Your Organization Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than

More information

Stay ahead of insiderthreats with predictive,intelligent security

Stay ahead of insiderthreats with predictive,intelligent security Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent

More information

The High Price of Medical Identity Theft and Fraud

The High Price of Medical Identity Theft and Fraud The High Price of Medical Identity Theft and Fraud Some Quick Facts 3 times more likely to be ID fraud victim if credit/debit card breached 1 New ID fraud victim every 2 seconds 2 Few adults are familiar

More information

Who Controls Your Information in the Cloud?

Who Controls Your Information in the Cloud? Who Controls Your Information in the Cloud? threat protection compliance archiving & governance secure communication Contents Who Controls Your Information in the Cloud?...3 How Common Are Information

More information

The Growing Threat of Medical Identity Fraud: A Call to Action. Presented by: Bill Barr, Development Coordinator, MIFA

The Growing Threat of Medical Identity Fraud: A Call to Action. Presented by: Bill Barr, Development Coordinator, MIFA The Growing Threat of Medical Identity Fraud: A Call to Action Presented by: Bill Barr, Development Coordinator, MIFA Agenda Review the challenge and cost of medical identity theft and resulting fraud

More information

Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council

Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council Presented by Doug Copley, Chairman Michigan Healthcare Cybersecurity Council Mr. Chairman and Committee Members,

More information

Teradata and Protegrity High-Value Protection for High-Value Data

Teradata and Protegrity High-Value Protection for High-Value Data Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:

More information

Stopping the Flow of Health Care Fraud with Technology, Data and Analytics

Stopping the Flow of Health Care Fraud with Technology, Data and Analytics White Paper and New Ways to Fight It Stopping the Flow of Health Care Fraud with Technology, Data and Analytics January 2014 Health care costs are rising and everyone is being affected, including patients,

More information

ALERT LOGIC FOR HIPAA COMPLIANCE

ALERT LOGIC FOR HIPAA COMPLIANCE SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

Access is power. Access management may be an untapped element in a hospital s cybersecurity plan. January 2016. kpmg.com

Access is power. Access management may be an untapped element in a hospital s cybersecurity plan. January 2016. kpmg.com Access is power Access management may be an untapped element in a hospital s cybersecurity plan January 2016 kpmg.com Introduction Patient data is a valuable asset. Having timely access is critical for

More information

Finding a Cure for Medical Identity Theft

Finding a Cure for Medical Identity Theft Finding a Cure for Medical Identity Theft A look at the rise of medical identity theft and what small healthcare organizations are doing to address threats October 2014 www.csid.com TABLE OF CONTENTS SUMMARY

More information

THE CHANGING FACE OF IDENTITY THEFT THE CURRENT AND FUTURE LANDSCAPE

THE CHANGING FACE OF IDENTITY THEFT THE CURRENT AND FUTURE LANDSCAPE THE CHANGING FACE OF IDENTITY THEFT THE CURRENT AND FUTURE LANDSCAPE Identity is the unique set of characteristics that define an entity or individual. Identity theft is the unauthorized use of an individual

More information

2012 Payment Card Threat Report

2012 Payment Card Threat Report 2012 Payment Card Threat Report The second annual study of unencrypted payment card storage Automated Attacks and Card Data Handling In 2011, data breaches increased 42% and as such, last year was reported

More information

Safeguard Your Hospital. Six Proactive Best Practices to Improve Healthcare Data Security

Safeguard Your Hospital. Six Proactive Best Practices to Improve Healthcare Data Security Safeguard Your Hospital Six Proactive Best Practices to Improve Healthcare Data Security April 2015 A Piece of Paper Can t Cause that Much Harm. Or Can It? Imagine a piece of paper arriving at ABC Hospital

More information

Where Do You Draw the Creepy Line? Privacy, Big Data Analytics and the Internet of Things

Where Do You Draw the Creepy Line? Privacy, Big Data Analytics and the Internet of Things Where Do You Draw the Creepy Line? Privacy, Big Data Analytics and the Internet of Things aisa.org.a u aisa.org.a u Rebecca Herold, CEO The Privacy Professor 1 rebeccaherold@rebeccaherold.com Agenda Technology

More information

Data Security in Development & Testing

Data Security in Development & Testing Data Security in Development & Testing Sponsored by Micro Focus Independently conducted by Ponemon Institute LLC Publication Date: July 31, 2009 Ponemon Institute Research Report Data Security in Development

More information

Choosing The Right Data Breach Response Services for Consumer Remediation

Choosing The Right Data Breach Response Services for Consumer Remediation Choosing The Right Data Breach Response Services for Consumer Remediation Authored by Brian Lapidus, Managing Director, InfoSec Practice Leader Kroll When a data breach exposes personal information to

More information

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons

More information

White Paper: Are there Payment Threats Lurking in Your Hospital?

White Paper: Are there Payment Threats Lurking in Your Hospital? White Paper: Are there Payment Threats Lurking in Your Hospital? With all the recent high profile stories about data breaches, payment security is a hot topic in healthcare today. There s been a steep

More information

2015 VORMETRIC INSIDER THREAT REPORT

2015 VORMETRIC INSIDER THREAT REPORT Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security HEALTHCARE EDITION #2015InsiderThreat RESEARCH BRIEF U.S. HEALTHCARE SPOTLIGHT ABOUT THIS RESEARCH

More information

THE COST OF A DATA BREACH FOR HEALTHCARE ORGANIZATIONS

THE COST OF A DATA BREACH FOR HEALTHCARE ORGANIZATIONS DATA SECURITY: THE COST OF A DATA BREACH FOR HEALTHCARE ORGANIZATIONS THE URGENCY OF IMPROVED SECURITY THE STORY OF A DATA BREACH S IMPACT SECURITY SUPPORT AND SERVICES SHARE THIS THE URGENCY OF IMPROVED

More information

Critical Issues in Fraud Analytics

Critical Issues in Fraud Analytics Critical Issues in Fraud Analytics ISACA - 2015 Presenter: Charles Faircloth, JD, CIG Faircloth Fraud Consulting Critical Issues in Fraud Analytics Introduction 1) Factors that drive fraud 2) Current fraud

More information

PCI Compliance for Healthcare

PCI Compliance for Healthcare PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper A BUSINESS CASE FOR BEHAVIORAL ANALYTICS White Paper Introduction What is Behavioral 1 In a world in which web applications and websites are becoming ever more diverse and complicated, running them effectively

More information

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Data Breach Cost. Risks, costs and mitigation strategies for data breaches Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,

More information

Combating Identity Theft: Tips to Reduce Your Cybersecurity Risks. September 16, 2015

Combating Identity Theft: Tips to Reduce Your Cybersecurity Risks. September 16, 2015 Combating Identity Theft: Tips to Reduce Your Cybersecurity Risks September 16, 2015 Current Cyber Threat Cyber criminals are not only targeting businesses, but individuals Stolen personally identifiable

More information

10 Smart Ideas for. Keeping Data Safe. From Hackers

10 Smart Ideas for. Keeping Data Safe. From Hackers 0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000

More information

Privacy Rights Clearing House

Privacy Rights Clearing House 10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights

More information

Verizon 2014 PCI Compliance Report

Verizon 2014 PCI Compliance Report Executive Summary Verizon 2014 PCI Compliance Report Highlights from our in-depth research into the current state of PCI Security compliance. In 2013, 64.4% of organizations failed to restrict each account

More information

The High Price of Medical Identity Theft and Fraud. Ann Patterson Medical Identity Fraud Alliance

The High Price of Medical Identity Theft and Fraud. Ann Patterson Medical Identity Fraud Alliance The High Price of Medical Identity Theft and Fraud The High Price of Medical Identity Theft and Fraud Ann Patterson Medical Identity Fraud Alliance Medical Identity Theft Primer Includes theft of Protected

More information

Cybersecurity Workshop

Cybersecurity Workshop Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153

More information

a new approach to IT security

a new approach to IT security REPRINT FEBRUARY 2013 healthcare financial management association hfma.org a new approach to IT security FEATURE STORY REPRINT FEBRUARY 2013 healthcare financial management association hfma.org a new approach

More information

The 2014 Bitglass Healthcare Breach Report

The 2014 Bitglass Healthcare Breach Report The 2014 Bitglass Healthcare Breach Report Is Your Data Security Due For a Physical? BITGLASS REPORT Executive Summary When hackers break into U.S. hospital health records to steal patient data, it s a

More information

CYBERSPACE SECURITY CONTINUUM

CYBERSPACE SECURITY CONTINUUM CYBERSPACE SECURITY CONTINUUM A People, Processes, and Technology Approach to Meeting Cyber Security Challenges in the 21 st Century 1 InterAgency Board 1550 Crystal Drive Suite 601, Arlington VA 22202

More information

ITAR Compliance Best Practices Guide

ITAR Compliance Best Practices Guide ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations

More information

Aftermath of a Data Breach Study

Aftermath of a Data Breach Study Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath

More information

Workspace-as-a-Service Defining Security and Mobility for Healthcare. vertiscale.com

Workspace-as-a-Service Defining Security and Mobility for Healthcare. vertiscale.com Workspace-as-a-Service Defining Security and Mobility for Healthcare vertiscale.com Workspace-as-a-Service Defining Security and Mobility for Healthcare Introduction The healthcare industry continues to

More information

Overview. Figure 1 - Penetration testing screenshot examples showing (i) PACS image and (ii) breached Electronic Health Record system

Overview. Figure 1 - Penetration testing screenshot examples showing (i) PACS image and (ii) breached Electronic Health Record system Contents Overview... 3 Why Should We Hack Our Own Systems?... 4 Healthcare is a Soft Target... 4 How About Those Compliance Requirements... 5 Breach Avoidance: Compliance Is Not Enough... 6 Supporting

More information

Three Steps to Help Manage Security Alert Overload

Three Steps to Help Manage Security Alert Overload BEST PRACTICES GUIDE Patient Privacy Protection Three Steps to Help Manage Security Alert Overload Patient Privacy Protection 2 How many security alerts does your healthcare organization generate every

More information

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual

More information

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY An Inside Job Cyberthreats to your business are usually blamed on outsiders nefarious programmers writing malicious code designed to pilfer your

More information

THE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY

THE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY THE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY BY DR. BRIAN MCELYEA AND DR. EMILY DARRAJ Approved for Public Release: Case # 16-0276 NORTHROP GRUMMAN WHITE PAPER 2016 Northrop Grumman

More information

90% of health insurers surveyed have had a data breach 3. 72% increase in cyberattacks against healthcare companies occurred between 2013 and 2014 4

90% of health insurers surveyed have had a data breach 3. 72% increase in cyberattacks against healthcare companies occurred between 2013 and 2014 4 Health Savings Account (HSA) Data security and employee benefits providers by Elon Ginzburg, Information Security Officer, Wells Fargo Wholesale Banking Information security is a critical corporate responsibility.

More information

2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP

2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP 2010 AICPA Top Technology Initiatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter Partner-in-Charge, Habif,

More information

Impact of Data Breaches

Impact of Data Breaches Research Note Impact of Data Breaches By: Divya Yadav Copyright 2014, ASA Institute for Risk & Innovation Applicable Sectors: IT, Retail Keywords: Hacking, Cyber security, Data breach, Malware Abstract:

More information

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers

More information

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone

More information

Understanding Professional Liability Insurance

Understanding Professional Liability Insurance Understanding Professional Liability Insurance Definition Professional liability is more commonly known as errors & omissions (E&O) and is a form of liability insurance that helps protect professional

More information

SOLUTION BRIEF. Next Generation APT Defense for Healthcare

SOLUTION BRIEF. Next Generation APT Defense for Healthcare SOLUTION BRIEF Next Generation APT Defense for Healthcare Overview Next Generation APT Defense for Healthcare Healthcare records with patients personally identifiable information (PII) combined with their

More information

Information Security Addressing Your Advanced Threats

Information Security Addressing Your Advanced Threats Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?

More information

Preemptive security solutions for healthcare

Preemptive security solutions for healthcare Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare

More information

March 22, 2013. Tennessee State Employees Association 627 Woodland Street Nashville, TN 37206

March 22, 2013. Tennessee State Employees Association 627 Woodland Street Nashville, TN 37206 March 22, 2013 March 22, 2013 Tennessee State Employees Association 627 Woodland Street Nashville, TN 37206 InfoArmor is pleased to present the Tennessee State Employees Association (TSEA) with the following

More information

The Hidden Dangers of Public WiFi

The Hidden Dangers of Public WiFi WHITEPAPER: OCTOBER 2014 The Hidden Dangers of Public WiFi 2 EXECUTIVE SUMMARY 4 MARKET DYNAMICS 4 The Promise of Public WiFi 5 The Problem with Public WiFi 6 MARKET BEHAVIOR 6 Most People Do Not Protect

More information

Information Security Incident Management Guidelines

Information Security Incident Management Guidelines Information Security Incident Management Guidelines INFORMATION TECHNOLOGY SECURITY SERVICES http://safecomputing.umich.edu Version #1.0, June 21, 2006 Copyright 2006 by The Regents of The University of

More information

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in

More information

Collateral Effects of Cyberwar

Collateral Effects of Cyberwar Your texte here. Collateral Effects of Cyberwar by Ilia Kolochenko for Geneva Information Security Day 9 th of October 2015 Quick Facts and Numbers About Cybersecurity In 2014 the annual cost of global

More information

SMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015

SMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015 SMB Data Breach Risk Management Best Practices By Mark Pribish February 19, 2015 Presentation Agenda About Mark Pribish Information Governance The Threat Landscape Data Breach Trends Legislative and Regulatory

More information

The Department of Health and Human Services Privacy Awareness Training. Fiscal Year 2015

The Department of Health and Human Services Privacy Awareness Training. Fiscal Year 2015 The Department of Health and Human Services Privacy Awareness Training Fiscal Year 2015 Course Objectives At the end of the course, you will be able to: Define privacy and explain its importance. Identify

More information

Proofpoint HIPAA Breach Report:

Proofpoint HIPAA Breach Report: Proofpoint HIPAA Breach Report: An Analysis of HITECH Breach Notifications and Settlements, Q1 2013 Healthcare Industry Update threat protection compliance archiving & governance secure communication Contents

More information

Data Breaches and Trade Secrets: What to Do When Your Client Gets Hacked

Data Breaches and Trade Secrets: What to Do When Your Client Gets Hacked Data Breaches and Trade Secrets: What to Do When Your Client Gets Hacked R. Mark Halligan, FisherBroyles, LLP Andreas Kaltsounis, Stroz Friedberg Amy L. Carlson, Stoel Rives LLP Moderated by David A. Bateman,

More information

Data Breach Lessons Learned. June 11, 2015

Data Breach Lessons Learned. June 11, 2015 Data Breach Lessons Learned June 11, 2015 Introduction John Adams, CISM, CISA, CISSP Associate Director Security & Privacy 410.707.2829 john.adams@protiviti.com Powerful Insights. Proven Delivery. Kevin

More information

State of Security Survey GLOBAL FINDINGS

State of Security Survey GLOBAL FINDINGS 2011 State of Security Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing... 10 Finding

More information

LIGC-ACC Presentation November 9, 2015

LIGC-ACC Presentation November 9, 2015 Bryan Frank, DDIS Info Sec Corp, panelist Jennifer M. Mone, Deputy General Counsel, Hofstra University, panelist Keith J. Frank, Partner, Forchelli, Curto, Deegan, Schwartz, Mineo & Terrana,. LLP, moderator

More information

2H 2015 SHADOW DATA REPORT

2H 2015 SHADOW DATA REPORT 2H 20 SHADOW DATA REPORT Shadow Data Defined: All potentially risky data exposures lurking in cloud apps, due to lack of knowledge of the type of data being uploaded and how it is being shared. Shadow

More information

2015 VORMETRIC INSIDER THREAT REPORT

2015 VORMETRIC INSIDER THREAT REPORT Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security FINANCIAL SERVICES EDITION #2015InsiderThreat RESEARCH BRIEF US FINANCIAL SERVICES SPOTLIGHT ABOUT

More information

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you

More information

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper Safeguarding data through increased awareness November 2015 1 Contents Executive Summary 3 Introduction 4 Martime Security 5 Perimeters Breached

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Pam Townley, AVP / Eastern Zonal Manager AIG Professional Liability Division Jennifer Bolling, Account Executive Gallagher Management Liability Division

More information

INDUSTRY OVERVIEW: HEALTHCARE

INDUSTRY OVERVIEW: HEALTHCARE ii IBM MSS INDUSTRY OVERVIEW: HEALTHCARE RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: OCTOBER 7, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW/KEY FINDINGS...

More information

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand

More information

Cards at School. Why Banks View Campuses as High Risk Customers. Payments

Cards at School. Why Banks View Campuses as High Risk Customers. Payments Cards at School Why Banks View Campuses as High Risk Customers Dennis W. Reedy, CTP, Managing Director, Treasury Operations, Indiana University Walter Conway, Walter Conway Associates, LLC Accepting credit

More information

9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500

9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500 INFO 1500 9. Information Assurance and Security, Protecting Information Resources 11. ecommerce and ebusiness Janeela Maraj Tutorial 9 21/11/2014 9. Information Assurance and Security, Protecting Information

More information

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity

More information

Securing Today s Healthcare Enterprise Systems Time to Rethink Your Cybersecurity Strategy

Securing Today s Healthcare Enterprise Systems Time to Rethink Your Cybersecurity Strategy As seen in Securing Today s Healthcare Enterprise Systems Time to Rethink Your Cybersecurity Strategy Adam Hesse, Inc. Published June 26, 2015 Anyone following today s headlines is aware that cyberattacks

More information

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME: The Computerworld Honors Program Summary developed the first comprehensive penetration testing product for accurately identifying and exploiting specific network vulnerabilities. Until recently, organizations

More information