Webinar: Cybersecurity and the New Age of Hackers

WEBINAR WELCOME!Cybersecurity and the New Age of Hackers

Gary Barnes CIO

Medical Center Health System Odessa, Texas

Dr. John HalamkaCIO, Beth Israel Deaconess

Medical Center, BostonVice chair, federal Health Information Technology Standards Committee

Joseph Conn Reporter Modern

Healthcare

During today’s discussion, feel free to submit questions at any time by using the questions box.

A follow-up e-mail will be sent to all attendees with links to the presentation materials online.

Lillian AblonResearcher in cybersecurity

and computer network operations

RAND Corp. Santa Monica, Calif.

Panelists:

WEBINAR HOUSEKEEPING

WEBINAR

NOW SPEAKING

Cybersecurity and the New Age of Hackers

Please use the questions box on your webinar dashboard to submit questions to our moderator

Joseph Conn Reporter

Modern Healthcare

WEBINAR

NOW SPEAKING



Lillian AblonResearcher in cybersecurity and

computer network operations RAND Corp.

Santa Monica, Calif.

A Cyber Overview:black markets, threat actors, and our increasingly digital landscape

Lillian Ablon

[email protected]@LilyAblon

Data often appears within Data often appears within Data often appears within Data often appears within

days on black market sitesdays on black market sitesdays on black market sitesdays on black market sites

Ablon - 4

• How do cyber thievesget the tools to stealthe data?

• What happens to thedata after it’s stolen?

• What do the marketslook like?

• How mature are thesemarkets?

Report available at: http://www.rand.org/pubs/research_reports/RR610.html

Ablon - 5

• Growing and maturing• Increasingly sophisticated• Resilient and adaptive• Easy for buyers to get involved in

The markets for cybercrime are:

Image Credit: Juniper Networks

Report available at:

http://www.rand.org/pubs/research_reports/RR610.html

Ablon - 6

There are different types of cyber threat actors, each motivated by different things

Icons by The Noun Project: Money by Joe Mortelli; Protest by Jakob Vogel; Globe by Tyrus; Cyberterror by Luis Prado, via CC 2.0.

Hacktivists State-Sponsored CyberterroristsCybercriminals

Ablon - 7

Icons by The Noun Project: Money by Joe Mortelli; Globe by Tyrus

State-Sponsored

Cybercriminals

What can cyber actors do with our stolen health data?

Ablon - 8

Icons by The Noun Project: Money by Joe Mortelli; Globe by Tyrus

State-Sponsored

Cybercriminals

• Medical records on the black markets can be worth up to $50

• Harvest email addresses and contact list to conduct phishing attacks

• Exploit password re-use • Commit identity theft, tax or medical fraud• Resell prescription medication

• Build profiles of possible targets for follow-on surveillance, reconnaissance, and intelligence campaigns

• Use data for corporate extortion to blackmail companies who are responsible for data protection

What can cyber actors do with our stolen health data?

Ablon - 9

Our worlds are digital

Ablon - 10

How can we protect ourselves?

Reconsider convenience

Employ multifactor authentication, encryption, password best practices

Be vigilant of newly connected devices and the “Internet of Things”

Invest in security from the start

Ablon - 12

Lillian Ablon

[email protected]@LilyAblon

WEBINAR

NOW SPEAKING



Gary BarnesCIO

Medical Center Health SystemOdessa, Texas

Why do we have that information on the Internet?

� Who is Responsible for Protecting Your Organization

against Cyber Attacks?

� Have you had a Full Security Audit for Your Organization?

And not just a HIPAA Audit!

� Your Organization has to Offense, not Defense!

� Daily Huddle to discuss issues, including Malware

Response Reports

Reasons to be Concerned

• Private or sensitive data exposed

• Denial of service attacks

• Financial losses

• Customer records compromised or stolen

• Your Organizations Reputation can be effected

Cyber Security Life Cycle Yearly

� External Access – Organization and Contractors

� Blocking and Thwarting Workstation Infections

� Safeguarding External Facing Servers� Safeguarding Internal Servers� Keeping the Workstation Clean� Staying Compliant

Knowledge Sharing

VPN and NAT Access Validated Yearly

• Good time to Check BAA (Business AssociateAgreements) current and up-to-date

• Close access to/from outside entities that no longerhave an association

• Catch any NAT'ed resources that are no longer used

External Access – Org to Org

• Block Dangerous World Region traffic from coming in or going out - Russia, China

– Both on Firewall and Email systems

– Outgoing is important to block - keeps already infected devices from contacting Master Controllers in those regions

• DNS Firewall

– Keeps devices from going to malware websites or clicking on malicious links

– Preventing infections from happening

– Disrupting infected clients ability to communicate with Master Controllers

Blocking and Thwarting Workstation Infections

Safeguarding Externally Facing Servers

• Incorporate regular external vulnerability scans into security routine

• Stay on top of new vulnerabilities - POODLE, ShellShock

• Regularly scan for new devices in external ranges� Teams sometimes implement new devices without

following procedures

• Keeping workstations clean!� Patch all software (3rd Party) as well as OS

o Cyber-attacks are going after software thatusually remains unpatched - Adobe, Java

� Manage and monitor for patch/antivirus compliance

� Put mechanism in place to push emergency patches/fixes out quickly

Keeping Workstations Clean!

Safeguarding Internal Devices

Why it’s important!

• Internal Cyber-Attacks are increasing!� Running regular internal vulnerability scans

should be as robust as external vulnerabilityscans

• Put procedures in place to build hardened secure servers

• Tune IPS alerts as tightly as possible� Send real-time alerts� Feel for what is going on in environment

Cyber Security Life Cycle Yearly

WEBINAR

NOW SPEAKING




Medical Center, BostonVice chair, federal Health Information Technology

Standards Committee

Security UpdateMarch 2015

Major National Incidents

• Community Health Systems, Anthem, JP Morgan,Home Depot, Target

• Vulnerabilities include Heartbleed, Shellshock,Poodle

• In a world of healthcare mergers and acquisitions,you are as vulnerable as your weakest link

BIDMC Incidents

• 2012 stolen laptop/attorney general consent judgement

• 2013 infected radiology workstation/OCR investigation

• Our own social engineering efforts

14 Workstreams

Evolving technologies

• Malware detection

• Analytics - Security Incident and Event Management (SIEM)

• Consumer technologies - strong encryption built into endpoints

• Ricoh’s healthcare camera

• Secure texting applications

Building Maturity• The attacks are increasing in number and

sophistication

• People, Process and Technologies must be addressedin combination

• Education is key

• Budgets and staff must be increased

• Healthcare is behind but enforcement is motivatingBoards to prioritize security

WEBINAR

TODAY’S PANELISTS


During today’s discussion, feel free to submit questions at any time by using the questions box

Gary Barnes CIO





Healthcare




Expect a follow-up email within two weeks with links to presentation materials and information about how to offer feedback.

For more information about upcoming webinars, please visit ModernHealthcare.com/webinars

WEBINAR THANK YOU FOR ATTENDINGCybersecurity and the New Age of HackersThanks also to our panelists:

Gary Barnes CIO





Healthcare


