western region conference
play

Western Region Conference Healthcare Security Readiness and - PowerPoint PPT Presentation

Jul 02, 2023 •101 likes •493 views

Western Region Conference Healthcare Security Readiness and Maturity Assessment Janice Ahlstrom and Ken Zoline 1 Your presenters Janice Ahlstrom Ken Zoline DIRECTOR SENIOR MANAGER 35+ years experience 35+ years experience FHIMSS, CPHIMS,

  1. Western Region Conference Healthcare Security Readiness and Maturity Assessment Janice Ahlstrom and Ken Zoline 1

  2. Your presenters Janice Ahlstrom Ken Zoline DIRECTOR SENIOR MANAGER 35+ years experience 35+ years experience FHIMSS, CPHIMS, CCSFP, RN, BSN CISSP phone: 612-876-4761 phone: 312-729-8346 email: janice.ahlstrom@bakertilly.com email: ken.zoline@bakertilly.com 2

  3. Agenda 1. Overview of healthcare cybersecurity news 2. Discuss security maturity in healthcare industry 3. Share security frameworks available 4. Discuss the various security frameworks 5. Wrap up 3

  4. Learning Objectives • Understand the impact of ransomware attacks in healthcare • Identify the reported security maturity of the healthcare industry • Recognize available frameworks and tools to assess security maturity and compliance 4

  5. What do you need to protect? HIPAA Security Rule says: Anyone who maintains or transmits health information shall: • Maintain reasonable and appropriate administrative, technical and physical safeguards These safeguards are needed to: • Ensure the integrity and confidentiality of information • Protect against any: o Anticipated threats o Hazards to the security or integrity of the information o Unauthorized use or disclosure of the information 5

  6. What do you really need to protect? Personal Network Security Collaboration Medical Devices Computing Application Architecture Data Infrastructure Infrastructure Infrastructure & Monitoring Infrastructure Security Policies E-Mail & LAN / WAN Desktop Financial Systems Practice Mgmt Medical Devices Databases Messaging Workstations Physical Security Servers ADT System Time Tracking Laptops, Tablets & Ancillary Intranet Portal SAN iPads Modalities Access Security Virtualization Electronic Health HRIS & Payroll Record Phone System / Firewall & Printers Data Warehouse Nurse Call System Telephony Intrusion Detection Storage Application Claims Processing Antivirus & Anti- Development Smart Phones Tapes & Discs Application Switches & Telemetry SPAM Interfaces Routers Inventory & VPN / Remote EDI Transactions Portable Storage Materials Systems Access Cabling Provider & Patient Devices Portals Transmission of Credentialing Quality Mgmt Secure Data Copiers & Fax 6

  7. Key risks we face

  8. Society is highly digital… Unintended consequence: Hyper-Connectivity A growing Hyper-Mobility attack surface ripe for Hyper-Sociability plundering 8

  9. HHS Publication of Cybersecurity Practices • December 28, 2018 (HHS) released voluntary cybersecurity practices to the healthcare industry • Goal: Provide practice guidelines to cost-effectively reduce cybersecurity risks ✓ The “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” report • A two year effort in response to a mandate set forth by the Cybersecurity Act of 2015 Section 405(d) • Over 150 cybersecurity and healthcare experts and the government contributed to the publication’s development Jan 2, 2019 Source: https://www.phe.gov/Preparedness/planning/405d/Pages/reportandtools.aspx 9

  10. HHS Cybersecurity Practices Report • Examines current cybersecurity threats affecting healthcare • Identifies specific weaknesses that make organizations more vulnerable to the threats • Provides selected practices that cybersecurity experts rank as the most effective to mitigate the threats Jan 2, 2019 Source: HHS Healthcare Industry Cybersecurity Practices Report: https://www.phe.gov/Preparedness/planning/405d/Pages/reportandtools.aspx 10

  11. HHS Cybersecurity Practices Report • HHS report indicates that the average breach costs a healthcare organization $2.2 million dollars • 4 in 5 physicians in the U.S. have experienced a cybersecurity attack • Provides practical education regarding the management of threats and vulnerabilities Jan 2, 2019 Source: HHS Healthcare Industry Cybersecurity Practices Report: https://www.phe.gov/Preparedness/planning/405d/Pages/reportandtools.aspx 11

  12. Most Common Healthcare Cyber Threats 1. Email phishing attack 2. Ransomware attack 3. Loss or theft of equipment or data 4. Attacks against connected medical devices that may affect patient safety 5. Insider attack: accidental or intentional data loss Jan 2, 2019 Source: HHS Healthcare Industry Cybersecurity Practices Report: https://www.phe.gov/Preparedness/planning/405d/Pages/reportandtools.aspx 12

  13. Recent Breach • San Diego Unified School District Data Breach (December 21, 2018) • Personal data for more than 500,000 students and staff, including health information, may have been compromised • The hacker gained access to staff credentials using a targeted phishing attack that used emails that appeared to be authentic, but redirected users to fake login pages where hackers collected the credentials • Hackers had access to the network for nearly a year Jan to Nov 2018 ✓ Stole the data from as far back as the 2008-2009 school year ✓ Discovered in October 2018 Dec 26, 2018 Source: https://healthitsecurity.com/news/san-diego-school-distract-phishing-hack-includes-health-data 13

  14. Poorly managed access and access monitoring • 41 data breaches were reported to OCR in April 2018 o 894,874 electronic health records were exposed or stolen Records Exposed By Data Breach Category (April 2018) 2% Theft 13,430 19% Hacking / IT Incident 172,865 79% Unauthorized Access / Disclosure 708,579 0 100,000 200,000 300,000 400,000 500,000 600,000 700,000 800,000 Source: May 18, 2018 https://www.hipaajournal.com/category/healthcare-cybersecurity/ 14

  15. Key risks are not well documented and managed 15

  16. MediPro Survey State of Privacy and Security Awareness Report 70% of employees in numerous industries lack awareness to stop preventable cybersecurity attacks However, 78% of healthcare employees lack preparedness with common privacy and security threat scenarios Feb. 6, 2018 Source:https://healthitsecurity.com/news/78-of-healthcare- workers-lack-data-privacy-security-preparedness 16

  17. Polling Question Of the nearly 900,000 health records exposed or stolen that were reported to OCR in April 2018, what was the top cause? 1. Theft 2. Hacking / IT Incident 3. Unauthorized Access / Disclosure 17

  18. Security Maturity in Healthcare

  19. Healthcare Security Maturity – Intel Study (2017) Percent of organizations with baseline, enhanced and advanced security measures implemented See appendix for detailed results. 19

  20. Security Maturity Measurement Challenges • How should security maturity be measured? • What are key metrics? For example, 1. Is a policy or standard in place? 2. Is there a process or procedure to support the policy? 3. Has the process or procedure been implemented? 4. Is process or procedure being measured and tested by management to ensure effective operation? 5. Are the measured results being managed to ensure corrective actions are taken as needed? 20

  21. Security Frameworks

  22. Security Frameworks What are they? • The essential supporting structure for enterprise (cyber)security that enables the consistent definition of policies, standards and procedures, and the implementation of supporting controls and processes Why are they important? • Security frameworks strive to address the full gamut of risk areas that need to be identified and controlled • They help an organization create their security program 22

  23. Security Frameworks enable Security Programs 23

  24. HITRUST Common Security Framework • Risk based definition of what is reasonable and appropriate • Healthcare industry focus • Evolves as the industry changes • Provides certification 24

  25. NIST Cybersecurity Framework • Discusses cybersecurity functions, activities and outcomes in plain English; provides informative references • Enables organizations to do the following: 1) Describe their current cybersecurity posture 2) Describe their target state for cybersecurity 3) Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process 4) Assess progress toward the target state 5) Communicate among internal and external stakeholders about cybersecurity risk Source: https://www.nist.gov/cyberframework 25

  26. NIST 800-53 Framework • Security controls for federal information systems and organizations • Documents security controls for all federal information systems, except those designed for national security • Controls are the management, operational, and technical safeguards to protect the confidentiality, integrity, and availability of a system and its information • Addresses security control selection for federal information systems in accordance with the security requirements in the Federal Information Processing standard (FIPS) 200 Source: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CONNECTING AND TRANSFORMING CALIFORNIA Design-Build Institute of America, Western Pacific Region

CONNECTING AND TRANSFORMING CALIFORNIA Design-Build Institute of America, Western Pacific Region

ANNUAL WESTERN PACIFIC REGION CONFERENCE & PASADENA, CA AWARDS PROGRAM CONNECTING AND TRANSFORMING CALIFORNIA Design-Build Institute of America, Western Pacific Region Conference, May 18, 2017 Ofelia Alcantara, PE Acting Director of

691 views • 54 slides
Polyoxin D Zinc Salt IR-4 / BPIA Western Region Biopesticides Conference April 26, 2017, Ft.

Polyoxin D Zinc Salt IR-4 / BPIA Western Region Biopesticides Conference April 26, 2017, Ft.

Polyoxin D Zinc Salt IR-4 / BPIA Western Region Biopesticides Conference April 26, 2017, Ft. Collins, CO Kaken Pharmaceutical Co., Ltd. Agrochemicals & Animal Health Products Group Presented by Cynthia Smith, Conn & Smith, Inc. 1

273 views • 26 slides
NACo Western Powering Local Economies and Interstate Region Forging the Future Conference of

NACo Western Powering Local Economies and Interstate Region Forging the Future Conference of

NACo Western Powering Local Economies and Interstate Region Forging the Future Conference of a Smart, Resilient Energy Grid May 17, 2019 1 2 3 4 5 6 Utility Dive (12.08.2018) Resource Adequacy in the Pacific Northwest Energy and

804 views • 19 slides
6/22/2016 Region IX Western Clinicians Network Conference Harveys Lake Tahoe, Nevada June 14,

6/22/2016 Region IX Western Clinicians Network Conference Harveys Lake Tahoe, Nevada June 14,

6/22/2016 Region IX Western Clinicians Network Conference Harveys Lake Tahoe, Nevada June 14, 2016 The Built Environment & Health Design Avein Saaty-T afoya, MD MBA HCM EDAC President & Chief Executive Officer Adelante Healthcare

656 views • 32 slides
Klaipeda region about the region Klaipda region the right location Klaipda region is

Klaipeda region about the region Klaipda region the right location Klaipda region is

Welcome to Klaipeda region about the region Klaipda region the right location Klaipda region is located on Western coast of Lithuania Klaipda city, the regions capital is home to the EUs most northerly ice -free port, providing

454 views • 30 slides
PHMSA CATS Western Region Tom Finch 720-963-3175 thomas.finch@dot.gov

PHMSA CATS Western Region Tom Finch 720-963-3175 thomas.finch@dot.gov

PHMSA CATS Western Region Tom Finch 720-963-3175 thomas.finch@dot.gov Western Region Focus Areas Public Complaints/Whistleblowers Technical Support Re: Pipeline

110 views • 8 slides
Western Area Power Administration Upper Great Plains Region (Western-UGP) Transmission &

Western Area Power Administration Upper Great Plains Region (Western-UGP) Transmission &

Western Area Power Administration Upper Great Plains Region (Western-UGP) Transmission & Ancillary Services Formula Rates 2016 Update Customer Information Meeting October 29, 2015 9 a.m. MDT, Billings, MT and via Webex Introductions

1.13k views • 43 slides
Western Water Resources, Climate, and Science Kevin Werner Western Region Climate Service

Western Water Resources, Climate, and Science Kevin Werner Western Region Climate Service

Western Water Resources, Climate, and Science Kevin Werner Western Region Climate Service Director March 2, 2015 NOAAs Climate Stewards Presentation Outline Western Water Resources Colorado River Basin California Impacts of

602 views • 36 slides
the Western Region: Focus on Capacity Presenter: Dr. Kim Lemky, Acting Director Rural Development

the Western Region: Focus on Capacity Presenter: Dr. Kim Lemky, Acting Director Rural Development

18 th National Metropolis Conference Toronto, ON, March 3 rd , Block B, 4:00 PM - 5:30 PM Immigration Settlement Services & Gaps in the Western Region: Focus on Capacity Presenter: Dr. Kim Lemky, Acting Director Rural Development Institute

478 views • 14 slides
Working Across Cultures Western Region Tribal IPM Work Group Nina Hapner, Kashia Band of Pomo

Working Across Cultures Western Region Tribal IPM Work Group Nina Hapner, Kashia Band of Pomo

Working Across Cultures Western Region Tribal IPM Work Group Nina Hapner, Kashia Band of Pomo Indians Western Region National Plant Board / USDA APHIS Plant Protection & Quarantine Annual Meeting Denver, CO Tuesday, May 12, 2015 1

382 views • 20 slides
Public Process Western Area Power Administration Sierra Nevada Region Monday, June 8, 2020 9:00

Public Process Western Area Power Administration Sierra Nevada Region Monday, June 8, 2020 9:00

WAPA-SN Rates Informal Public Process Western Area Power Administration Sierra Nevada Region Monday, June 8, 2020 9:00 AM 12:00 PM Web Conference 1 WebEx Housekeeping Items All participants are muted on entry to ensure a smooth remote

929 views • 60 slides
Public Process Western Area Power Administration Sierra Nevada Region Thursday, June 25, 2020

Public Process Western Area Power Administration Sierra Nevada Region Thursday, June 25, 2020

WAPA-SN Rates Informal Public Process Western Area Power Administration Sierra Nevada Region Thursday, June 25, 2020 9:00 AM 12:00 PM Web Conference 1 WebEx Housekeeping Items All participants are muted on entry to ensure a smooth

749 views • 37 slides
Public Process Western Area Power Administration Sierra Nevada Region Friday, July 10, 2020 9:00

Public Process Western Area Power Administration Sierra Nevada Region Friday, July 10, 2020 9:00

WAPA-SN Rates Informal Public Process Western Area Power Administration Sierra Nevada Region Friday, July 10, 2020 9:00 AM 12:00 PM Web Conference 1 WebEx Housekeeping Items All participants are muted on entry to ensure a smooth

650 views • 41 slides
Jonathan Shuffield Associate Legislative Director WIR Staff Liaison Western Interstate Region

Jonathan Shuffield Associate Legislative Director WIR Staff Liaison Western Interstate Region

Jonathan Shuffield Associate Legislative Director WIR Staff Liaison Western Interstate Region Financial Report March 31, 2019 The Western Interstate Region (WIR) financial operations are separated into three distinct areas: operations, the

268 views • 12 slides
NASEO 2018 Western Region Meeting Rural Energy Affordability, Efficiency, and Economic

NASEO 2018 Western Region Meeting Rural Energy Affordability, Efficiency, and Economic

NASEO 2018 Western Region Meeting Rural Energy Affordability, Efficiency, and Economic Development Michael Leitman Strategic Analyst NRECA Business and Technology Strategies michael.leitman@nreca.coop Co-ops in NASEO Western Region 6

285 views • 13 slides
WAPA-SN Rates Informal Public Process Western Area Power Administration Sierra Nevada Region

WAPA-SN Rates Informal Public Process Western Area Power Administration Sierra Nevada Region

WAPA-SN Rates Informal Public Process Western Area Power Administration Sierra Nevada Region Monday, May 11, 2020 9:00 AM 12:00 PM Web Conference 1 Age genda 1. WebEx Host Tony Henriquez Autumn Wolfe, SN Rates 2. Rate Process

735 views • 49 slides
PRESENT NEW OPPORTUNITIES FOR INSURERS: LESSONS LEARNT - Simani Wadi IIZ Winter School (August

PRESENT NEW OPPORTUNITIES FOR INSURERS: LESSONS LEARNT - Simani Wadi IIZ Winter School (August

NEW CYBER VULNERABILITIES PRESENT NEW OPPORTUNITIES FOR INSURERS: LESSONS LEARNT - Simani Wadi IIZ Winter School (August 2018) Definition of Cyber Risks Lessons Learnt Opportunities Presentation Flow DEFINITION OF CYBER RISK What are

563 views • 27 slides
Social Science Perspectives and Countering Insider Threat The Framework Social science is

Social Science Perspectives and Countering Insider Threat The Framework Social science is

Social Science Perspectives and Countering Insider Threat Overview What is a Social Scientist? Why M ethods M atter The Application of Social Science Questions? 1 Social Science Perspectives and Countering Insider Threat The

294 views • 11 slides
2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor, Region VII Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD) FOUO / UNCLASS Cyber Security

333 views • 12 slides
Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz

Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz

Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz 1 Toni Masteli 2 Sebastian Pape 3 Wolter Pieters 4 Trajce Dimkov 5 1 IBM Research - Zurich 2 Vienna University of Technology 3 TU Dortmund 4 TU

683 views • 46 slides
The NCTRC Webinar Series Presented by The National Consortium of Telehealth Resource Centers

The NCTRC Webinar Series Presented by The National Consortium of Telehealth Resource Centers

July 18 th , 2019 The NCTRC Webinar Series Presented by The National Consortium of Telehealth Resource Centers Cybersecurity and Telehealth Julie Chua, Jordan Berg, Risk Management Branch Chief Telehealth Technology Assessment Specialist

477 views • 31 slides
Partnering with Pioneer Telephone What You Can Expect! AGENDA AGENDA Amazing Products Amazing

Partnering with Pioneer Telephone What You Can Expect! AGENDA AGENDA Amazing Products Amazing

Partner Presentation An Introduction Partnering with Pioneer Telephone What You Can Expect! AGENDA AGENDA Amazing Products Amazing Products UCaaS SIP Trunks Outstanding End-User Support Outstanding End-User Support Dedicated

400 views • 10 slides
(11-14) How much do you know about the internet? Make sure you stay SAFE AND SECURE ONLINE YOU

(11-14) How much do you know about the internet? Make sure you stay SAFE AND SECURE ONLINE YOU

(11-14) How much do you know about the internet? Make sure you stay SAFE AND SECURE ONLINE YOU KNOW EMAIL YOU KNOW SOCIAL NETWORKING YOU KNOW INSTANT MESSAGING YOU KNOW DOWNLOADS YOU KNOW GAMING MAKE SURE YOU Know Your World Make the

781 views • 28 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Toll Free No : 1800 425 6235 Ministry of

291 views • 10 slides

More recommend