Emerging & Trending Cyber Security Threats to Healthcare Presented by: Mac McMillan CEO, CynergisTek CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek
HIMSS Cyber Security Survey 2015 62% Limited Disruption to Operations 21% 8% 8% Loss of Data/Information Significant Impact on IT Systems Damage to IT Systems 7% Other Impact CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 2
Accidents, Mistakes & Deliberate Acts Phishing/hacking nets nearly $3M from six healthcare entities Vendor sells hospital s X-rays (films) to third party Resident loses track of USB with over 500 orthopedic patients information 2200 physicians victims of ID theft/tax fraud Stolen laptop from nurse s home with patient data Printers returned to leasing company compromise thousands of patient records 400 hospitals billings delayed as clearinghouse hit with ransomware Failure to apply fix to router results in compromise and loss of 4.5M records Mistake during software upgrade test results in 8000 letters mailed Physician held up at gunpoint, turns over passwords for computer and phone International hacking group uses phishing then hacking to steal information on 80M people Three hospital networks compromised by medical device hack called MedJack New York hospital hacked by Pro-ISIS supporters, website defaced redirected to ISIS propaganda And, on and on it goes CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 3
Increased Reliance More than 98% of all processes are automated, more than 98% of all devices are networkable, more than 95% of all patient information is digitized, accountable care/patient engagement rely on it. The enterprise is critical to delivering healthcare. Any outage, corruption of data, loss of information risks patient safety and care. Physician Alignment BYOD MU Research BAs HIPAA/HI TECH HIEs Patient Engagement Telemedicine ICD-10 ACOs FISMA CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 4
Threat Actors & Motivation Organized Crime Hacktivists Cyber Thieves Malicious Insiders Careless Insiders Busy Insiders State Actors Financial Gain Intellectual Property Extortion ID/Med ID Theft Espionage Embarrassment Good Intentions CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 5
Failed Solutions 90% of survey respondents said that their companies had spent money of technology scrapped before, or soon after, deployment. Reasons: complexity, lack of expertise, inadequate resources, other factors Most companies buy technology based on cost, not security. CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 6
2015: Changing Risk Priorities The top four: Business Associates taking inadequate precautions Growing proliferation of mobile devices Mistakes by staff members Hackers attempting to access records Healthcareinfosec.com CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 7
Hacking is an Industry Some hackers call the weeks of Black Hat USA and Def Con Summer Camp This year billed as more of everything as hacking explodes to more devices Pwnie Awards went to Shellshock, OPM & Thomas Dullen Miller & Valasek continue to hack cars Hacking long range precision guided rifles, oops don t tell DoD 11,000 attended this year, 73% said their organization would be hacked Workshops and capture the flag contests The Hack Fortress contest Rubbing elbows with the Pros CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 8
Monetizing Cyber Crime Darknets will be more active, participants will be vetted, cryptocurrencies will be used, greater anonymity in malware, more encryption in communications and transactions Black markets will help attackers outpace defenders Hyperconnectivity will create greater opportunity for incidents Exploitation of social networks and mobile devices will grow More hacking for hire, as-a-service, and brokering RAND Corporation 2014 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 9
Top Security Risks in Healthcare Theft & Loss Nearly half of all breaches involve some form of theft or loss of a device not properly protected. Insider Abuse Nearly 15% of breaches in healthcare are carried out by knowledgeable insiders for identity theft or some form of fraud. Unintentional Action Almost 12% of breaches are caused by mistakes or unintentional actions such as improper mailings, errant emails, or facsimiles. Cyber Attacks There was almost a doubling of these types of attacks in 2014. Verizon 2014 Data Breach Investigations Report CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 10
Insider Abuse It is estimated that more than half of all security incidents involve internal staff. 2010-2015 witnessed an average 20% increase in medical identity theft year over year. Mistakes, snooping, theft, fraud, espionage, extortion, negligence, etc. CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek
Supply Chains That Fail Need for risk based approach to managing third parties Need greater due diligence in vetting vendors Security requirements in contracting should be SLA based Particular attention to cloud, SaaS, infrastructure support, critical service providers Life cycle approach to data protection Detailed breach and termination provisions CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 12
Devices Threaten Safety & Information 2010/2011 successful hacks demonstrated. DHS tests 300 devices from 40 vendors. ALL failed. 2014 multiple variants of a popular blood pump hacked. 2015 MedJack hack exposes vulnerability of network from medical devices. FBI issues Alert on IoT threats pose opportunity for cyber crime By 2020 there will be 25 Billion connected devices. Gartner Research CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 13
Malware & Advance Persistent Threats Expectation of cyber compromise doubled in 2015 20-40% of recipients in phishing exercises fall for scam/shift to business users Shift from URL based attacks to attachment based campaigns Social media campaigns targeting big events (Super Bowl/March Madness) Unsolicited mail campaigns, mostly foreign based DDOS attacks doubled from Q2 2014 Unsupported systems present real risks Hardening, patching, configuration & change management all critical Tools to interrogate entity/source system, filter risky points of origin, etc. FBI alert warns healthcare not prepared Various: Symantec, IBM, Solutionary Annual Threat Reports CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 14
Data On The Move Medical staff are turning to their mobile devices to communicate because its easier, faster, more efficient but it is not secure Sharing lab results, locating another physician for a consult, sharing radiology images, updating staff on patient condition, getting direction for treatment, transmitting trauma information to EDs, prescribing or placing orders Priority placed on the data first and the device second Restrict physical access where possible, encrypt the rest CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 15
ID Theft & Fraud ID theft and fraud costs billions each year, affecting everyone Identity theft incidents come from many different directions Insiders selling information to others Hackers exploiting systems Malware with directed payloads Phishing for the big ones CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 16
Theft & Loss Still Prevalent More than half of healthcare data breaches due to loss or theft of devices 1 in 4 houses is burglarized, a B&E happens every 9 minutes, more than 20,000 laptops left in airports annually First rule of security: no one is immune 6 10%: the average shrinkage rate for mobile devices unencrypted laptops and mobile devices pose significant risk to the security of patient information. Sue McAndrew, OCR CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 17
Targeted Attacks Phishing Attacks Negligent Insiders APT Attacks Cyber Attacks 69% 65% 63% 59% Zero Day Attacks Exploit Known Software Vulnerabilities Malicious Insiders Social Engineering Attacks 53% 53% 50% 49% Denial of Services (DoS) Brute Force Attacks 34% 39% HIMSS 2015 Cyber Security Survey CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 18
Barriers To Data Security Barriers to Successful Implementation of Data Security Percent Lack of Personnel 64% Lack of Financial Resources 60% Too Many Emerging/New Threats 42% Too Many Endpoints 32% Not Enough Cyber Threat Intelligence 28% Too Many Applications 25% Lack of Tools to Use/Deploy Cyber Threat Intel 20% HIMSS 2015 Cyber Security Survey CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 19
The Cost of Security Grows Discovery, Notification & Response Civil Penalties Criminal Penalties VBP Payments Impacts Business Disruption Federal CAP/RA Insurance HCAPPS Score Impacts ID Theft Monitoring State Actions Degradation of Brand/Image Patient Confidence/Loyalty Investigation/Review Law Suit Defense Distraction of Staff Physician Alignment/Nurses and Staff Agreement CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 20
Cybersecurity Insurance? Most cybersecurity insurance only covers a fraction of large breach costs Insurance providers are looking to increase premiums and enhance underwriting provisions to avoid losses associated with large incidents Additional exclusionary language emerges Right to investigate independently asserted Columbia Casualty vs. Cottage Health System CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 21
Priorities For Healthcare Implement continuous program of risk assessment and management Increase knowledge of threat actors Maintain a current environment Improve detection and reaction capabilities Implement data exfiltration controls Enhance user education and accountability Implement active vendor security management Address long term challenges around medical devices Plan for incidents CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 22
Healthcare Needs A New Focus Healthcare security teams must move past compliance and focus on security. Forester Research 2015 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 23
Questions? Questions? Mac McMillan mac.mcmillan@cynergistek.com 512.405.8555 @mmcmillan07 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 24