Emerging & Trending Cyber Security Threats to Healthcare Presented by: Mac McMillan CEO, CynergisTek

Transcription

1 Emerging & Trending Cyber Security Threats to Healthcare Presented by: Mac McMillan CEO, CynergisTek CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX

2 HIMSS Cyber Security Survey % Limited Disruption to Operations 21% 8% 8% Loss of Data/Information Significant Impact on IT Systems Damage to IT Systems 7% Other Impact CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX

3 Accidents, Mistakes & Deliberate Acts Phishing/hacking nets nearly $3M from six healthcare entities Vendor sells hospital s X-rays (films) to third party Resident loses track of USB with over 500 orthopedic patients information 2200 physicians victims of ID theft/tax fraud Stolen laptop from nurse s home with patient data Printers returned to leasing company compromise thousands of patient records 400 hospitals billings delayed as clearinghouse hit with ransomware Failure to apply fix to router results in compromise and loss of 4.5M records Mistake during software upgrade test results in 8000 letters mailed Physician held up at gunpoint, turns over passwords for computer and phone International hacking group uses phishing then hacking to steal information on 80M people Three hospital networks compromised by medical device hack called MedJack New York hospital hacked by Pro-ISIS supporters, website defaced redirected to ISIS propaganda And, on and on it goes CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX info@cynergistek.com 3

4 Increased Reliance More than 98% of all processes are automated, more than 98% of all devices are networkable, more than 95% of all patient information is digitized, accountable care/patient engagement rely on it. The enterprise is critical to delivering healthcare. Any outage, corruption of data, loss of information risks patient safety and care. Physician Alignment BYOD MU Research BAs HIPAA/HI TECH HIEs Patient Engagement Telemedicine ICD-10 ACOs FISMA CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX

5 Threat Actors & Motivation Organized Crime Hacktivists Cyber Thieves Malicious Insiders Careless Insiders Busy Insiders State Actors Financial Gain Intellectual Property Extortion ID/Med ID Theft Espionage Embarrassment Good Intentions CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX

6 Failed Solutions 90% of survey respondents said that their companies had spent money of technology scrapped before, or soon after, deployment. Reasons: complexity, lack of expertise, inadequate resources, other factors Most companies buy technology based on cost, not security. CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX

7 2015: Changing Risk Priorities The top four: Business Associates taking inadequate precautions Growing proliferation of mobile devices Mistakes by staff members Hackers attempting to access records Healthcareinfosec.com CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX

8 Hacking is an Industry Some hackers call the weeks of Black Hat USA and Def Con Summer Camp This year billed as more of everything as hacking explodes to more devices Pwnie Awards went to Shellshock, OPM & Thomas Dullen Miller & Valasek continue to hack cars Hacking long range precision guided rifles, oops don t tell DoD 11,000 attended this year, 73% said their organization would be hacked Workshops and capture the flag contests The Hack Fortress contest Rubbing elbows with the Pros CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX info@cynergistek.com 8

9 Monetizing Cyber Crime Darknets will be more active, participants will be vetted, cryptocurrencies will be used, greater anonymity in malware, more encryption in communications and transactions Black markets will help attackers outpace defenders Hyperconnectivity will create greater opportunity for incidents Exploitation of social networks and mobile devices will grow More hacking for hire, as-a-service, and brokering RAND Corporation 2014 CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX

10 Top Security Risks in Healthcare Theft & Loss Nearly half of all breaches involve some form of theft or loss of a device not properly protected. Insider Abuse Nearly 15% of breaches in healthcare are carried out by knowledgeable insiders for identity theft or some form of fraud. Unintentional Action Almost 12% of breaches are caused by mistakes or unintentional actions such as improper mailings, errant s, or facsimiles. Cyber Attacks There was almost a doubling of these types of attacks in Verizon 2014 Data Breach Investigations Report CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX info@cynergistek.com 10

11 Insider Abuse It is estimated that more than half of all security incidents involve internal staff witnessed an average 20% increase in medical identity theft year over year. Mistakes, snooping, theft, fraud, espionage, extortion, negligence, etc. CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX

12 Supply Chains That Fail Need for risk based approach to managing third parties Need greater due diligence in vetting vendors Security requirements in contracting should be SLA based Particular attention to cloud, SaaS, infrastructure support, critical service providers Life cycle approach to data protection Detailed breach and termination provisions CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX

13 Devices Threaten Safety & Information 2010/2011 successful hacks demonstrated. DHS tests 300 devices from 40 vendors. ALL failed multiple variants of a popular blood pump hacked MedJack hack exposes vulnerability of network from medical devices. FBI issues Alert on IoT threats pose opportunity for cyber crime By 2020 there will be 25 Billion connected devices. Gartner Research CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX info@cynergistek.com 13

14 Malware & Advance Persistent Threats Expectation of cyber compromise doubled in % of recipients in phishing exercises fall for scam/shift to business users Shift from URL based attacks to attachment based campaigns Social media campaigns targeting big events (Super Bowl/March Madness) Unsolicited mail campaigns, mostly foreign based DDOS attacks doubled from Q Unsupported systems present real risks Hardening, patching, configuration & change management all critical Tools to interrogate entity/source system, filter risky points of origin, etc. FBI alert warns healthcare not prepared Various: Symantec, IBM, Solutionary Annual Threat Reports CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX

15 Data On The Move Medical staff are turning to their mobile devices to communicate because its easier, faster, more efficient but it is not secure Sharing lab results, locating another physician for a consult, sharing radiology images, updating staff on patient condition, getting direction for treatment, transmitting trauma information to EDs, prescribing or placing orders Priority placed on the data first and the device second Restrict physical access where possible, encrypt the rest CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX info@cynergistek.com 15

16 ID Theft & Fraud ID theft and fraud costs billions each year, affecting everyone Identity theft incidents come from many different directions Insiders selling information to others Hackers exploiting systems Malware with directed payloads Phishing for the big ones CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX

17 Theft & Loss Still Prevalent More than half of healthcare data breaches due to loss or theft of devices 1 in 4 houses is burglarized, a B&E happens every 9 minutes, more than 20,000 laptops left in airports annually First rule of security: no one is immune 6 10%: the average shrinkage rate for mobile devices unencrypted laptops and mobile devices pose significant risk to the security of patient information. Sue McAndrew, OCR CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX info@cynergistek.com 17

18 Targeted Attacks Phishing Attacks Negligent Insiders APT Attacks Cyber Attacks 69% 65% 63% 59% Zero Day Attacks Exploit Known Software Vulnerabilities Malicious Insiders Social Engineering Attacks 53% 53% 50% 49% Denial of Services (DoS) Brute Force Attacks 34% 39% HIMSS 2015 Cyber Security Survey CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX

19 Barriers To Data Security Barriers to Successful Implementation of Data Security Percent Lack of Personnel 64% Lack of Financial Resources 60% Too Many Emerging/New Threats 42% Too Many Endpoints 32% Not Enough Cyber Threat Intelligence 28% Too Many Applications 25% Lack of Tools to Use/Deploy Cyber Threat Intel 20% HIMSS 2015 Cyber Security Survey CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX

20 The Cost of Security Grows Discovery, Notification & Response Civil Penalties Criminal Penalties VBP Payments Impacts Business Disruption Federal CAP/RA Insurance HCAPPS Score Impacts ID Theft Monitoring State Actions Degradation of Brand/Image Patient Confidence/Loyalty Investigation/Review Law Suit Defense Distraction of Staff Physician Alignment/Nurses and Staff Agreement CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX

21 Cybersecurity Insurance? Most cybersecurity insurance only covers a fraction of large breach costs Insurance providers are looking to increase premiums and enhance underwriting provisions to avoid losses associated with large incidents Additional exclusionary language emerges Right to investigate independently asserted Columbia Casualty vs. Cottage Health System CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX info@cynergistek.com 21

22 Priorities For Healthcare Implement continuous program of risk assessment and management Increase knowledge of threat actors Maintain a current environment Improve detection and reaction capabilities Implement data exfiltration controls Enhance user education and accountability Implement active vendor security management Address long term challenges around medical devices Plan for incidents CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX info@cynergistek.com 22

23 Healthcare Needs A New Focus Healthcare security teams must move past compliance and focus on security. Forester Research 2015 CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX info@cynergistek.com 23

24 Questions? Questions? Mac McMillan CynergisTek, Inc Jollyville Road, Suite 2201, Austin TX