with DLP Real World Scenarios My Journey into Patient Data - - PowerPoint PPT Presentation

with dlp
SMART_READER_LITE
LIVE PREVIEW

with DLP Real World Scenarios My Journey into Patient Data - - PowerPoint PPT Presentation

Sep 01, 2022 270 likes •609 views

Stopping PHI Theft with DLP Real World Scenarios My Journey into Patient Data Protection 10+ years in Data Loss Prevention Dozens of customer installations across the finance and healthcare industries Chris Leffel My story in

slide-1
SLIDE 1

Stopping PHI Theft with DLP

Real World Scenarios

slide-2
SLIDE 2

My Journey into Patient Data Protection

  • 10+ years in Data Loss

Prevention

  • Dozens of customer

installations across the finance and healthcare industries

  • My story in healthcare data

protection really starts 5 years ago… Chris Leffel

slide-3
SLIDE 3

Shiva Kashalkar Bio

  • Leads Product Marketing for DLP Managed

Services and Advanced Threat Protection

  • ~13 years of marketing, business development &

product management experience

  • Previously at Managed Service Providers and Big

Data Analytics companies

  • Wipro, Oracle, KPN, Empirix

3

Shiva Kashalkar

Director, Product Marketing Marketing Professional

slide-4
SLIDE 4

Foundations – Get to know your data

  • You know where most of the data is…
  • If you don’t… your AR team does!

Confidential 4

slide-5
SLIDE 5

Foundation – How fingerprinting works

Confidential 5 Email Web Network Monitoring Discovery Scanners Endpoint

Common Inspection Engine 600 file formats. Format Independent. Archive files. Language independent. Multibyte

CONTENT RULES

Keywords Regular Expressions Dictionaries File Metadata (Type, Size, Name) File Category DB Record Fingerprints Exact & Partial File Fingerprints

Record1: CustName,AcctNum,SSN Record2: CustName,AcctNum,SSN Record3: CustName,AcctNum,SSN . . .

Examples DB Record Matching CustName AND (AcctNum OR SSN) from Database Partial File Matching Paragraph match from fingerprinted file Patterns Credit Card Number, SSN, Passport Num Regular Expressions Medical Record Number, Email Address Dictionaries HIPAA Code Sets - NDC, LOINC, HCPCS US Addresses

slide-6
SLIDE 6

Foundation – Data Base Record Matching

  • Database Record Matching delivers unmatched PII/PHI

identification and control

Confidential 6

slide-7
SLIDE 7

Foundations – Where can your data go?

  • Anywhere?
  • Who have you signed a BAA with and what is their domain?

Confidential 7

slide-8
SLIDE 8

Confidential 8

Case Studies

Who let the PHI out?

Inspired by True Stories

slide-9
SLIDE 9

Who sent all that Patient Data to Gmail!

  • Suspect emailed a spreadsheet that contained
  • Patient Names, Patient MRNs, Patient Socials
  • And information about the Physician
  • How many minutes the visit took
  • Focused on physician efficiency… (time spent per patient, etc.)

Confidential 9

slide-10
SLIDE 10

Who sent all that Patient Data to Gmail!

  • Suspect emailed a spreadsheet that contained
  • Patient Names, Patient MRNs, Patient Socials
  • And information about the Physician
  • How many minutes the visit took
  • Focused on physician efficiency… (time spent per patient, etc.)
  • Who Dunnit?
  • The CEO hired a small external consulting firm to study physician

efficiency… that did not have their own domain and email address

Confidential 10

slide-11
SLIDE 11

How did we catch them?

Confidential 11

Internet

smtp

slide-12
SLIDE 12

Who uploaded file to the UK?

  • Suspect uploaded a spreadsheet of patient information to a

server in the UK

  • Contained patient name, Treatment dates, Amount owed
  • Account Aging report (i.e. 30 day, 60 days, 90 days, or more)

Confidential 12

slide-13
SLIDE 13

Who uploaded file to the UK?

  • Suspect uploaded a spreadsheet of patient information to a

server in the UK

  • Contained patient name, Treatment dates, Amount owed
  • Account Aging report (i.e. 30 day, 60 days, 90 days, or more)
  • Who dunnit?
  • The AR team was working with an external collections agency. Because

email was blocked the AR person decided to upload the data using a file sharing and collaboration service. The server for the service just happened to be in the UK

Confidential 13

slide-14
SLIDE 14

How did we catch them?

Confidential 14

Internet Secure Web Gateway

http/https http/https icap

slide-15
SLIDE 15

Who is sending data via FTP?

  • Suspect file upload via unsecured FTP detected
  • Data was in HL7 format
  • Patient Name, Patient SSN, Patient MRN
  • And More

Confidential 15

slide-16
SLIDE 16

Who is sending data via FTP?

  • Suspect file upload via unsecured FTP detected
  • Data was in HL7 format
  • Patient Name, Patient SSN, Patient MRN
  • And More
  • Who Dunnit?
  • A CT Scanner had been down for repair two weeks before.
  • As part of the diagnostics the technician turned on application logging.

This caused the CT to log the full patient record in the system log.

  • The system log was uploaded to the vendor as matter of routine ‘health

monitoring’ provided by the CT Vendor.

Confidential 16

slide-17
SLIDE 17

How did we catch them?

Confidential 17

Internet

tcp/ip tcp/ip Switch

slide-18
SLIDE 18

What files can the janitor see?

  • Suspect in question placed several large files on an internal file

share without adequate access control

  • File was very large. Contained almost every patient the organization had

ever treated

  • Contained full patient records in CSV file format

Confidential 18

slide-19
SLIDE 19

What files can the janitor see?

  • Suspect in question placed several large files on an internal file

share without adequate access control

  • File was very large. Contained almost every patient the organization had

ever treated

  • Contained full patient records in CSV file format
  • Who Dunnit?
  • The IT team was migrating patient data between systems. The file was

too large for the internal IT file share and the main EMC filer was used as a temporary repository.

  • The file was more than 10 years old. Nobody currently working at the
  • rganization owned the file or even knew it was there

Confidential 19

slide-20
SLIDE 20

How did we catch them?

Confidential 20

File Shares Data Bases Laptops

slide-21
SLIDE 21

Summary

  • Understand where your data is (EHR, AR)
  • Understand where it can go (and white list those destinations)
  • Work with legal / compliance to come up with your risk

framework

  • Apply detective controls
  • Discuss results and set objectives with your peers
  • Apply corrective controls

Confidential 21

slide-22
SLIDE 22

Digital Guardian

Confidential 22

  • Founded 2003 to protect all data

against theft

  • Began with protecting IP on the

endpoint - the most challenging use case

  • Simplified compliance and cloud

data protection with DG appliance

  • Launched industry’s first

Managed Security Program for DLP

Magic Quadrant Leader Wave Leader

slide-23
SLIDE 23

Threat Aware Data Protection

Confidential 23

Deepest Visibility Real-Time Analytics Flexible Controls

  • Network
  • Endpoint
  • Cloud
  • Databases/Shares
  • Structured and

Unstructured Data

  • Filters out the noise
  • Accelerates investigation
  • Delivers incident

discovery

  • Controls that don’t slow

down your business

  • Controls across network,

storage, cloud and endpoints

  • Controls that are enforceable
  • n all OS’s
slide-24
SLIDE 24

Digital Guardian’s Data Protection Program Framework

slide-25
SLIDE 25

Data Protection Program Framework

Confidential 25

Understand Build Enforce & Educate Assess & Improve CONTROL VISIBILITY ANALYTICS

slide-26
SLIDE 26

Understand: What Data to Protect

Confidential 26

Content-based Context-based User-Based

File inspection to identify, tag and fingerprint sensitive data for lowest false positives Identify & tag sensitive data (structured and unstructured) even before you develop policies Enable users to classify sensitive data based on business requirements

Classified

Mac Joe Smith 462-81-5406 42 Wallaby Cook Source/Destination Application Network State Operation Drive Type Time of Day Upload/Download User Computer Classification Email Session

DWG

200+ Parameters

Most comprehensive data discovery & classification on the market today

slide-27
SLIDE 27

Understand: When Data is at Risk

Confidential 27

Burn to CD DVD View & Open Network Upload USB Devices Application Launch Email Cloud Application Remote Drives Save to Local Drive Attach to Email Cut & Paste Delete & Recycle File Encrypt File Create Send to Printer Print Screen Connect Device

slide-28
SLIDE 28

Build: Smart Policies & Controls Based

  • n Your Real Data Usage

Confidential 28

“Digital Guardian helped us change the conversation with business unit leaders.”

  • John Graham, Chief Information Security Officer, Jabil

Total Egress – 90 Days

Removable Printing Uploads Emails

10,000,000 1,000,000 100,000 10,000 1,000 100 10 1 Total Files Total GB

Share with Business Leaders SMART Policies & Controls

6,801,689 14,241 1,708,903 614 39,976 145,968 52 76

slide-29
SLIDE 29

Enforce & Educate: Flexible & Automated Controls

Confidential 29

You have attempted to transfer PST file(s) to removable drive. Please provide a justification for moving PST file(s) to removable drive

Content, context and behavior based rules can automatically prompt or block insider and outsider threats

slide-30
SLIDE 30

Understand Enforce & Educate Assess & Improve Build

Assess: Analytics & Reports that Drive Continuous Improvement

Confidential 30

1000 800 600 400 200 Incidents Per Week Risk Reduction Over Time

slide-31
SLIDE 31

Summary

  • You can’t protect what you can’t see. The deepest visibility

enables you to go from reactive to proactive

  • Identifying and focusing on your most important data

dramatically increases your security program’s effectiveness

  • Automated and flexible controls that won’t slow down your

business

31

slide-32
SLIDE 32

Thank You

Any Questions?

32