Upload
modern-healthcare
View
788
Download
0
Tags:
Embed Size (px)
Citation preview
WEBINAR WELCOME!Cybersecurity and the New Age of Hackers
Gary Barnes CIO
Medical Center Health System Odessa, Texas
Dr. John HalamkaCIO, Beth Israel Deaconess
Medical Center, BostonVice chair, federal Health Information Technology Standards Committee
Joseph Conn Reporter Modern
Healthcare
During today’s discussion, feel free to submit questions at any time by using the questions box.
A follow-up e-mail will be sent to all attendees with links to the presentation materials online.
Lillian AblonResearcher in cybersecurity
and computer network operations
RAND Corp. Santa Monica, Calif.
Panelists:
WEBINAR
NOW SPEAKING
Cybersecurity and the New Age of Hackers
Please use the questions box on your webinar dashboard to submit questions to our moderator
Joseph Conn Reporter
Modern Healthcare
WEBINAR
NOW SPEAKING
Cybersecurity and the New Age of Hackers
Please use the questions box on your webinar dashboard to submit questions to our moderator
Lillian AblonResearcher in cybersecurity and
computer network operations RAND Corp.
Santa Monica, Calif.
A Cyber Overview:black markets, threat actors, and our increasingly digital landscape
Lillian Ablon
[email protected]@LilyAblon
Data often appears within Data often appears within Data often appears within Data often appears within
days on black market sitesdays on black market sitesdays on black market sitesdays on black market sites
Ablon - 4
• How do cyber thievesget the tools to stealthe data?
• What happens to thedata after it’s stolen?
• What do the marketslook like?
• How mature are thesemarkets?
Report available at: http://www.rand.org/pubs/research_reports/RR610.html
Ablon - 5
• Growing and maturing• Increasingly sophisticated• Resilient and adaptive• Easy for buyers to get involved in
The markets for cybercrime are:
Image Credit: Juniper Networks
Report available at:
http://www.rand.org/pubs/research_reports/RR610.html
Ablon - 6
There are different types of cyber threat actors, each motivated by different things
Icons by The Noun Project: Money by Joe Mortelli; Protest by Jakob Vogel; Globe by Tyrus; Cyberterror by Luis Prado, via CC 2.0.
Hacktivists State-Sponsored CyberterroristsCybercriminals
Ablon - 7
Icons by The Noun Project: Money by Joe Mortelli; Globe by Tyrus
State-Sponsored
Cybercriminals
What can cyber actors do with our stolen health data?
Ablon - 8
Icons by The Noun Project: Money by Joe Mortelli; Globe by Tyrus
State-Sponsored
Cybercriminals
• Medical records on the black markets can be worth up to $50
• Harvest email addresses and contact list to conduct phishing attacks
• Exploit password re-use • Commit identity theft, tax or medical fraud• Resell prescription medication
• Build profiles of possible targets for follow-on surveillance, reconnaissance, and intelligence campaigns
• Use data for corporate extortion to blackmail companies who are responsible for data protection
What can cyber actors do with our stolen health data?
Reconsider convenience
Employ multifactor authentication, encryption, password best practices
Be vigilant of newly connected devices and the “Internet of Things”
Invest in security from the start
WEBINAR
NOW SPEAKING
Cybersecurity and the New Age of Hackers
Please use the questions box on your webinar dashboard to submit questions to our moderator
Gary BarnesCIO
Medical Center Health SystemOdessa, Texas
� Who is Responsible for Protecting Your Organization
against Cyber Attacks?
� Have you had a Full Security Audit for Your Organization?
And not just a HIPAA Audit!
� Your Organization has to Offense, not Defense!
� Daily Huddle to discuss issues, including Malware
Response Reports
Reasons to be Concerned
• Private or sensitive data exposed
• Denial of service attacks
• Financial losses
• Customer records compromised or stolen
• Your Organizations Reputation can be effected
� External Access – Organization and Contractors
� Blocking and Thwarting Workstation Infections
� Safeguarding External Facing Servers� Safeguarding Internal Servers� Keeping the Workstation Clean� Staying Compliant
Knowledge Sharing
VPN and NAT Access Validated Yearly
• Good time to Check BAA (Business AssociateAgreements) current and up-to-date
• Close access to/from outside entities that no longerhave an association
• Catch any NAT'ed resources that are no longer used
External Access – Org to Org
• Block Dangerous World Region traffic from coming in or going out - Russia, China
– Both on Firewall and Email systems
– Outgoing is important to block - keeps already infected devices from contacting Master Controllers in those regions
• DNS Firewall
– Keeps devices from going to malware websites or clicking on malicious links
– Preventing infections from happening
– Disrupting infected clients ability to communicate with Master Controllers
Blocking and Thwarting Workstation Infections
Safeguarding Externally Facing Servers
• Incorporate regular external vulnerability scans into security routine
• Stay on top of new vulnerabilities - POODLE, ShellShock
• Regularly scan for new devices in external ranges� Teams sometimes implement new devices without
following procedures
• Keeping workstations clean!� Patch all software (3rd Party) as well as OS
o Cyber-attacks are going after software thatusually remains unpatched - Adobe, Java
� Manage and monitor for patch/antivirus compliance
� Put mechanism in place to push emergency patches/fixes out quickly
Keeping Workstations Clean!
Safeguarding Internal Devices
Why it’s important!
• Internal Cyber-Attacks are increasing!� Running regular internal vulnerability scans
should be as robust as external vulnerabilityscans
• Put procedures in place to build hardened secure servers
• Tune IPS alerts as tightly as possible� Send real-time alerts� Feel for what is going on in environment
WEBINAR
NOW SPEAKING
Cybersecurity and the New Age of Hackers
Please use the questions box on your webinar dashboard to submit questions to our moderator
Dr. John HalamkaCIO, Beth Israel Deaconess
Medical Center, BostonVice chair, federal Health Information Technology
Standards Committee
Major National Incidents
• Community Health Systems, Anthem, JP Morgan,Home Depot, Target
• Vulnerabilities include Heartbleed, Shellshock,Poodle
• In a world of healthcare mergers and acquisitions,you are as vulnerable as your weakest link
BIDMC Incidents
• 2012 stolen laptop/attorney general consent judgement
• 2013 infected radiology workstation/OCR investigation
• Our own social engineering efforts
Evolving technologies
• Malware detection
• Analytics - Security Incident and Event Management (SIEM)
• Consumer technologies - strong encryption built into endpoints
• Ricoh’s healthcare camera
• Secure texting applications
Building Maturity• The attacks are increasing in number and
sophistication
• People, Process and Technologies must be addressedin combination
• Education is key
• Budgets and staff must be increased
• Healthcare is behind but enforcement is motivatingBoards to prioritize security
WEBINAR
TODAY’S PANELISTS
Cybersecurity and the New Age of Hackers
During today’s discussion, feel free to submit questions at any time by using the questions box
Gary Barnes CIO
Medical Center Health System Odessa, Texas
Dr. John HalamkaCIO, Beth Israel Deaconess
Medical Center, BostonVice chair, federal Health Information Technology Standards Committee
Joseph Conn Reporter Modern
Healthcare
Lillian AblonResearcher in cybersecurity
and computer network operations
RAND Corp. Santa Monica, Calif.
Expect a follow-up email within two weeks with links to presentation materials and information about how to offer feedback.
For more information about upcoming webinars, please visit ModernHealthcare.com/webinars
WEBINAR THANK YOU FOR ATTENDINGCybersecurity and the New Age of HackersThanks also to our panelists:
Gary Barnes CIO
Medical Center Health System Odessa, Texas
Dr. John HalamkaCIO, Beth Israel Deaconess
Medical Center, BostonVice chair, federal Health Information Technology Standards Committee
Joseph Conn Reporter Modern
Healthcare
Lillian AblonResearcher in cybersecurity
and computer network operations
RAND Corp. Santa Monica, Calif.