View
1
Download
0
Category
Preview:
Citation preview
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek
Current State of Privacy & Security in HealthcarePresented by:Mac McMillanCEO | CynergisTek, Inc.
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 2
• CEO CynergisTek, Inc.
• Recognized as one of the top 50 Leading
Health IT Experts of 2016
• Former Chair, HIMSS P&S Policy Task Force
• HIT Exchange Editorial Advisory Board
• HCPro Editorial Advisory Board
• Director of Security, DoD Agency
• Excellence in Government Fellow
• U.S. Marine Intelligence Officer, Retired
Today’s Presenter
Mac McMillanCEO - CynergisTek, Inc.
mac.mcmillan@cynergistek.com512.402.8555
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek
Cybersecurity
3
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek
Theft & Loss
No change. Nearly half of all breaches involve some form of theft or loss of a device not properly protected.
4
Breaches in healthcare continue to be carried out by knowledgeable insiders for identity theft, tax fraud, and financial fraud.
Breaches caused by mistakes or unintentional actions such as improper mailings, errant emails, or facsimiles are still prevalent.
More than 30% of the breaches reported involved some form of hacking and represented nearly 99% of the records compromised.
Top Security Risks in Healthcare
Insider Abuse
Unintentional Action
Cyber Attacks
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 5
The Cyber Threat Spectrum
Hacktivism Crime Insiders Espionage Terrorism Warfare
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 6
Cyber Incidents
2009 - 2011 2012 - 2014 2015 2016 2017*
BCBS Tenn1.02M
Stolen HD
AvMed1.2MStolen
Laptops
NYC Health & Hospitals
1.7MStolen Backup Tapes
Advocate Medical4.03M
Computer Theft
Utah DHHS780K
HackingBoston
ChildrenHacktivism
Anonymous
Nemours1.6MLost
Backups
Health Net1.9M
Lost HD
Mn.PH1.3M
Hacking
CHS4.5M
Hacking
Anthem BCBS80M
Hacking
PremeraBCBS11M
Hacking
UCLA4.5M
Hacking
Beacon Health225K
Hacking
CareFirst1.1M
Hacking
Haley VA5 Days
Hacking
Titus 6 Days
Hacking
HPMC10 DaysHacking
Hurley6 Days
Hacking
St. Francis 6K
Extortion
Appalachian Regional Hospitals3 WeeksHacking
Orleans Medical
Clinic7K
Hacking
Banner Health 2.7M
Hacking
MultipleDDOS
Hacking
Evolving Healthcare Threat Landscape
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 7
The Cost of Insecurity
“Cybercrime damage costs will hit
$6 trillion annually by 2021” CSO Dec. 2016
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek
• By the end of 2016, 99% of U.S. acute-care hospitals had adopted an EHR system, compared to 12% in 2009
• According to HHS, the healthcare industry suffered a record 92 privacy breaches attributed to hacking in the first 11 months of 2016, a 64% increase from 2015
• In 2016 there were nearly 300 reportable breaches involving inappropriate access by an insider or business partner
Modern Healthcare, Dec. 2016
8
Convergence
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek
• Cyber extortion
• Cyber espionage
• Hacktivism
• Targeted attacks
• Cyber terrorism
• APTs & malware
9
The Stakes Are Higher
Motivated, Persistent & Disruptive
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek
All threat centers agree;
• “Anti-virus systems are seeing or
recognizing less than 50% of the
malicious traffic across the net”
• The number of new variants of
malware jumped to well over 400
Million last year
• The number of “zero day” attacks
increased to more than one new
attack a week
• Moreover hackers are now using
“machine learning” technology to
enhance their chances of not being
detected
10
The Onslaught of Malware
“The perfect storm is brewing that will pummel our Nation’s public and private critical infrastructures with wave upon wave of devastating cyberattacks.” – ICIT
2016
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek
Cyber espionage is being carried out by nation-state actors for political purposes• Large breaches such as Anthem,
Premera, Community Health Systems, UCLA are suspected cases of espionage
• A case example is the OPM intrusion presumed by a Chinese group that captured security clearance documents
• But…they are also targeting industrial control systems that control and manage critical infrastructure
Cyber Espionage: Intelligence
11
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 12
Hacktivism: Causes
Attacking for a cause
• U.S. government databases were breached in 2013 by Edward Snowden who released hundreds of classified documents in an “act of conscience”
• GhostShell attacked several U.S. universities in 2015 leaking sensitive information
• Anonymous hacked Boston Children’s and Hurley Medical Center for ideological reasons
• Pro ISIS group hacks hospital website
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 13
Targeted Attacks: Multiple Motivations
Typically nation-state attack groups
• “APTs are known for being highly sophisticated, using multiple vectors to attack a target network, and having unrelenting tenacity”
• Many attacks go undetected for considerable periods of time –estimated 280 days on average
• Phishing, zero day attacks, ransomware have increased dramatically since the end of 2015
“There is widespread agreement that advanced attacks are bypassing our traditional signature-based
security controls and persisting undetected on our systems for extended periods of time. The threat is
real. You are compromised; you just don’t know it.” –Gartner Inc., 2012
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 14
FBI Alert for Anon. FTP
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 15
• 8 months ago the “Shadow Brokers” leaked a gigabyte worth of
NSA weaponized software exploits.
• They continue to release access to more of these files.
• Multiple 0 Day attacks were included in these files.
• These tools can be used by anyone - complete, unredacted
computer code.
• Unpatched vulnerabilities in mainstream products: Cisco, Juniper,
Microsoft…
• Demonstrates the problem of anyone having access to this data.
Shadow Broker Hackers
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek
• First appeared around 2005
• Two forms: Crypto ransomware(data) and Locker ransomware(system)
• Sophisticated attacks use:
• New asymmetric keys for each infection
• Industrial strength & private/public key encryption
• Privacy enabling services like TOR and Bitcoin for payments
• Indifferent to target, everyone is a target (home/business)
• Malvertising, spam email, downloaders/botnets & social engineering
Cyber Extortion: Money/Embarrassment
The United States is the largest target worldwide by a huge margin.
SOCs worldwide report as much as a 10X increase in ransomware attacks from
December to January with no abatement.
16
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 17
“The targeting of organizations
relating to population welfare
maybe part of an intelligence-
collection effort intended to
support the aims of China’s 12th
FYP, which launched in 2011.” It
could also be cyber terrorism or
disruption of critical services.
Healthcare as a Critical Infrastructure
Source: Crowdstrike 2015 Global Threat Report.
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 18
Ubiquitous Is The New Paradigm
• Smart phones
• I0T
• Social media
• POS systems
• Medical devices
• Removable media
(USBs)
• SPAM & email
• ApplicationsThreats are introduced from all directions, simple compliance strategies will not suffice, an
integrated set of controls is needed.
• Smart TVs
• CCTV cameras
• Environmental
systems
• Downloads
• Attachments
• Browsers
• Wearables
• Telehealth
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 19
The Mirai botnet attack has enabled unsophisticated
attackers to:
• Adversaries stifled free speech on the Internet
• Delivered 1.1 Tbps of traffic to French ISP
• Overwhelmed Dyn’s DNS systems in U.S.
• Hindered heat distribution in Finland
• Launched politically motivated attacks
• Disrupted on-line banking in Russia
The Mirai Effect
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek
“There you are, I was tracking you.”
• The taxi-hailing commuter platform Uber had two breaches in 2014 that weren’t reported until 2015, gaining the ire of the New York SAG.
• What they did:
– First they allowed internal users access to riders’ PII and displayed it through a tracking system called “God View”.
– Second they had a breach of their riders’ data base that permitted a third party access to 50,000 riders’ PII on GitHub.
• The settlement requires Uber to employ encryption, better access controls and multi-factor authentication.
• Health Systems are partnering with Uber to help patients not miss appointments.
What are Vendors Doing with PHI?
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek
• Insider threats have continued to
grow year over year since 2010
• Many CIOs recognize people with
elevated privileges are a big risk
• Contractors/service providers
have become a big concern
• Most pharmacy data thefts and
fraud are the work of insider
• Most feel awareness training is
failing
• Traditional compliance/rule
based auditing is failing
21
Human Nature WILL NOT Change
29%
71%
Insiders are Responsible for 90% of Security
Incidents
Malicious Unintentional
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 22
• Nearly half of all entities do
not have a full-time CISO or
information security
manager
• Current estimates place
shortage of CISOs at 1.5M
• Education & Training vehicles
increasing, but time still a
factor
• Short term reliance on
external support is critical
Short Term Demand Outpaces Supply
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek
• HHS Security & Privacy guidance
does not fully address the important
controls outlined in federal guidance.
• HHS guidance does not fully align
with the NIST cybersecurity
framework.
• The HIPAA Security Rule covers only
19 of the 98 elements of the CSF.
• Being compliant with HIPAA does not
assure adequate protection of
information systems or patient
information.
23
Compliance as a Distraction
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek
• Understanding the business
• Gain executive involvement
• Threat awareness
• The people investment
• The process investment
• The technology investment
• Partnering for success
• Meeting other mandates
24
Compliance as a Distraction
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com @CynergisTek 25
Questions?
Mac McMillan
mac.mcmillan@cynergistek.com
512-402-8550
@mmcmillan07
Questions?
?
Recommended