Cyber Security An Exercise in Predicting the Future

Similar documents

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

Cybersecurity. Are you prepared?

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box Portland, OR Fax

HIPAA Compliance Guide

Network Security & Privacy Landscape

PREP Course #25: Hot Topics in Cyber Security and Database Security. Presented by: Joe Baskin Manager, Information Security, OCIO

HIPAA Compliance Guide

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

How-To Guide: Cyber Security. Content Provided by

An Independent Member of Baker Tilly International

Protecting What Matters Most. Terry Ray Chief Product Strategist Trending Technologies Session 11

5 Tools For Passing a

FACT SHEET: Ransomware and HIPAA

September 20, 2013 Senior IT Examiner Gene Lilienthal

ALERT LOGIC FOR HIPAA COMPLIANCE

Healthcare Insurance Portability & Accountability Act (HIPAA)

Information Security for the Rest of Us

Average annual cost of security incidents

Understanding Layered Security and Defense in Depth

AUDIT TAX SYSTEMS ADVISORY

7 VITAL FACTS ABOUT HEALTHCARE BREACHES.

CONNECTED HEALTHCARE. Trends, Challenges & Solutions

Intro. Tod Ferran, CISSP, QSA. SecurityMetrics. 2 years PCI and HIPAA security consulting, performing entity compliance audits

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

I ve been breached! Now what?

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

Compliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations

Information Security Services

How To Secure An Extended Enterprise

Overview. Figure 1 - Penetration testing screenshot examples showing (i) PACS image and (ii) breached Electronic Health Record system

HIPAA Security Rule Compliance

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice

Healthcare to Go: Securing Mobile Healthcare Data

NATIONAL CYBER SECURITY AWARENESS MONTH

Cybersecurity Awareness. Part 1

What s New with HIPAA? Policy and Enforcement Update

Datto Compliance 101 1

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

Cyber Security. John Leek Chief Strategist

Anatomy of a Healthcare Data Breach

Checklist for Breach Readiness. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow

How To Protect Yourself From Cyber Threats

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

INDUSTRY OVERVIEW: HEALTHCARE

Overview of the HIPAA Security Rule

DATA SECURITY HACKS, HIPAA AND HUMAN RISKS

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

OCR UPDATE Breach Notification Rule & Business Associates (BA)

Big Data, Big Risk, Big Rewards. Hussein Syed

The Business Case for Security Information Management

SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION

11th AMC Conference on Securely Connecting Communities for Improved Health

Information Technology Security Review April 16, 2012

SecurityMetrics Vision whitepaper

Compromises in Healthcare Privacy due to Data Breaches

CHIS, Inc. Privacy General Guidelines

Think STRENGTH. Think Chubb. Cyber Insurance. Andrew Taylor. Asia Pacific Zone Product Manager Chubb Pro PI, Media, Cyber

Attachment A. Identification of Risks/Cybersecurity Governance

Managing Cyber & Privacy Risks

YOUR HIPAA RISK ANALYSIS IN FIVE STEPS

Internet threats: steps to security for your small business

KEY STEPS FOLLOWING A DATA BREACH

Achieving HIPAA Security Rule Compliance with Lumension Solutions

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

How To Understand The Health Insurance Portability And Accountability Act (Hipaa)

Top Ten Technology Risks Facing Colleges and Universities

CYBERSECURITY & EXPECTATIONS FOR INDEPENDENT GROCERS

V ISA SECURITY ALERT 13 November 2015

Evaluation Report. Office of Inspector General

Page 1 of 15. VISC Third Party Guideline

How To Find Out What People Think About Hipaa Compliance

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Managing data security and privacy risk of third-party vendors

Cyber Protection for Building Automation and Energy Management Systems

WHITE PAPER. Preventing Wireless Data Breaches in Retail

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

2015 VORMETRIC INSIDER THREAT REPORT

HOW TO REALLY IMPLEMENT HIPAA. Presented by: Melissa Skaggs Provider Resources Group

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP

PCI Compliance. Top 10 Questions & Answers

Franchise Data Compromise Trends and Cardholder. December, 2010

Hot Topics in IT Security PREP#28 May 1, David Woska, Ph.D. OCIO Security

Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. rny@crlaw.com Phone: (336)

Practical Storage Security With Key Management. Russ Fellows, Evaluator Group

Cybersecurity: What CFO s Need to Know

4 Ways an Information Security Analyst Improves Business Productivity

Healthcare Challenges in the Era of Transformational Technologies

HIPAA and Health Information Privacy and Security

Impact of Data Breaches

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

White Paper. Identifying Network Security and Compliance Challenges in Healthcare Organizations

BSHSI Security Awareness Training

HIPAA: Protecting Your. Ericka L. Adler. Practice and Your Patients

Defending Against Data Beaches: Internal Controls for Cybersecurity

HIPAA and HITECH Compliance for Cloud Applications

HIPAA Compliance & Privacy. What You Need to Know Now

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Transcription:

Cyber Security An Exercise in Predicting the Future Paul Douglas, August 25, 2014 AUDIT & ACCOUNTING + CONSULTING + TAX SERVICES + TECHNOLOGY I www.pncpa.com I www.pntech.net

What is Cyber Security? Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack Merriam-Webster

How Do We Define Cyber Security in Healthcare? HIPAA Security Rule HITECH Breach Prevention PCI DSS Level of Sophistication

The Past Experience is simply the name we give our mistakes Oscar Wilde

The Past Data Breach Summary from September 2009 August 2014, impacting 500 or more individuals Total Reported Breaches: 1083 Involving a Business Associate: 310 (29%) Unauthorized Access/Disclosure 20% Unknown 1% Hacking/IT Incident 9% Theft 51% Loss 10% Other 9% Data Source: www.hhs.gov

The Past Data Breach Type % of Breach Type by Occurrence % of Individuals Affected Sum of Individuals Affected Hacking/IT Incident 9% 11% 3,636,888 Loss 10% 21% 7,232,870 Other 9% 3% 1,093,978 Theft 51% 51% 17,347,925 Unauthorized Access 20% 8% 2,527,422 Unknown 1% 6% 1,934,474 Total 100% 100% 33,773,557

The Past Over 30 Million Patient s Data

The Value of Protected Health Information PHI and Medical Records are valued at approximately $50 a patient record on the black market. Comparatively, credit card data is typically valued at $2 an account. Possible PHI Data Targets Social Security Number Identity theft Payment information Financial crime Tax Identification Number Tax fraud Beneficiaries Tax and financial fraud Diagnosis Information Marketing value and/or malicious intent Health insurance credentials Medical identity theft

The Future The future, according to some scientists, will be exactly like the past, only far more expensive. - John Sladeck

Welcome to the Future Healthcare Technology Trends Bring Your Own Devices (BYOD) Mobile Applications - Telemedicine Social Aspect Networked Medical Devices Big Data Cloud Computing Increasing Integration Points

Welcome to the Future Insurance Companies Companion Health Systems Reporting Services HIE ephi Patient Portal Outside Lab 3 rd Party Billing

Welcome to the Future Enhanced Medical Devices Insulin Pumps Wireless/Bluetooth Enable Surgical and anesthesia devices Ventilators Drug infusion pumps External defibrillators Patient monitors/telemetry systems Laboratory and analysis equipment https://ics-cert.us-cert.gov/alerts/ics-alert-13-164-01

Cyber Security Risk Management Adopting a Security Framework

Cyber Security Risk Management Risk Threat Agent Likelihood Impact Intensity Duration Identify Protect Recover Detect Respond

Cyber Security Risk Management Brute Force Attack Encryption Negligent Insider Rogue Devices Compromised Websites Employee Training Two Factor Authentication Third Party Contractor Phishing Social Engineering Vulnerability Scanning Patch Management Portable Devices Malicious Code Intrusion Detection / Prevention Systems

Negligent Insiders An employee that hackers exploit in order to gain entry to systems or physical locations A vulnerability that has been used to execute some of the largest data breaches Security Control Considerations Employee training Security awareness programs Social engineering reviews

Third Party Contractor Risk Third parties typically have elevated access, and a large security footprint Remote access capabilities increase risk Out of sight out of mind Security Control Considerations Vendor due diligence Strong Business Associate Agreement (BAA) Strengthen control over access Monitor access Third party security audits

Portable Devices Increasing amount of mobile/potable devices receiving, transmitting, and storing protected health information Can be easier targets for hackers and thieves Security Control Considerations Encryption Workstation port security Mobile and portable security policies Physical security ephi

Malware Malware has increasingly become more affordable, and available, to cyber criminals Cyber criminals may use negligent insiders to gain access, but will use malware to help execute the cyber theft Security Control Considerations Network vulnerability assessments Intrusion detection / prevention systems Two factor authentication Security patch management

Paul Douglas, Consulting Manager 225.408.4421 pdouglas@pncpa.com Connect with me on LinkedIn!