Rhode Island Corporate Cybersecurity Initiative

Cybersecurity and Healthcare

Why is Cybersecurity Important?

Hospital Hacks on the Rise

• In 2014, 40 percent of healthcare organizations reported being attacked by malware designed to steal data.

• In 2015 the stats are closer to 90 percent.

• In August 2015 , Websense reported a 600 percent increase in cyber attacks on hospitals over the previous 10 months.

• Under federal law, hospitals are only required to report potential medical data breaches involving more than 500 people.

http://www.latimes.com/business/technology/la-me-ln-hollywood-hospital-bitcoin-20160217-story.htmlhttps://www.technologyreview.com/s/533631/2015-could-be-the-year-of-the-hospital-hack/http://www.insurancejournal.com/news/national/2015/05/07/367165.htm

Why the Increase in Attacks?

• Medical organizations across the world are switching to electronic medical records, and computer security is not always a high priority.

• Health care providers in the US have a monetary incentive to switch to digital medical records under The Health Information Technology for Economic and Clinical Health (HITECH) Act.

• But with all of this progress the healthcare sector is "woefully behind" in terms of cyber preparedness. - Forrester Analyst Stephanie Balaouras

https://www.technologyreview.com/s/533631/2015-could-be-the-year-of-the-hospital-hack/http://www.medicalrecords.com/physicians/the-national-digital-medical-records-mandate-arrahttp://blog.trendmicro.com/why-is-the-health-care-industry-so-behind-on-cyber-security-part-1-of-2/

Incentives for Attackers?

• Experts at Reuters suggest that medical information is 10 times more valuable than a credit card number on the black market.

• Hackers use stolen data to create fake IDs to buy medical equipment or drugs that they can resell.

• Hackers also may use a patient number with a false provider number to file fraudulent claims with payers.

http://www.beckershospitalreview.com/healthcare-information-technology/medical-records-10x-more-valuable-to-hackers-than-credit-card-information.html

Siemens Healthcare Customer Advisory Board

• In October of 2015 Siemens Healthcare Diagnostics invited the heads of cybersecurity from 20 different hospital organizations both large and small to the Siemens VIP Center in Disney.

We Asked a Simple Question

• “What can we do to help your organization be more secure?”

• What we learned was profound.

• The hospital security team was unsure where their responsibility ended and Siemens began.

• Are they responsible for securing our medical devices?

• Is Siemens responsible for securing their networks?

Who’s Responsible for Keeping us Safe?

• The Answer – We all are!

Why Are We Here Today?

• Security is the responsibly of every individual at the hospital from Nurse to CIO to third party vendor.

• We are entering a turbulent time merging the needs of the healthcare industry with the security needs of the digital age.

• We can wait for someone to tell us how to secure our private health information or we can step up, work together and shoulder that responsibility ourselves.

• That is why we are here today to open up lines of communication, to start a dialogue about security and to drive our industry into the digital age.