with dlp
play

with DLP Real World Scenarios My Journey into Patient Data - PowerPoint PPT Presentation

Sep 01, 2022 •270 likes •603 views

Stopping PHI Theft with DLP Real World Scenarios My Journey into Patient Data Protection 10+ years in Data Loss Prevention Dozens of customer installations across the finance and healthcare industries Chris Leffel My story in

  1. Stopping PHI Theft with DLP Real World Scenarios

  2. My Journey into Patient Data Protection  10+ years in Data Loss Prevention  Dozens of customer installations across the finance and healthcare industries Chris Leffel  My story in healthcare data protection really starts 5 years ago …

  3. Shiva Kashalkar Bio • Leads Product Marketing for DLP Managed Shiva Kashalkar Services and Advanced Threat Protection Director, Product Marketing Marketing Professional • ~13 years of marketing, business development & product management experience • Previously at Managed Service Providers and Big Data Analytics companies • Wipro, Oracle, KPN, Empirix 3

  4. Foundations – Get to know your data  You know where most of the data is …  If you don’t… your AR team does! Confidential 4

  5. Foundation – How fingerprinting works Keywords CONTENT RULES Common Inspection Engine Regular Expressions 600 file formats. Format Independent. Archive files. Dictionaries Language independent. Multibyte File Metadata (Type, Size, Name) File Category Email Network Web Discovery Endpoint Exact & Partial File DB Record Monitoring Scanners Fingerprints Fingerprints Examples DB Record Matching CustName AND (AcctNum OR SSN) from Database Partial File Matching Paragraph match from fingerprinted file Patterns Credit Card Number, SSN, Passport Num Regular Expressions Medical Record Number, Email Address Record1: CustName,AcctNum,SSN Record2: CustName,AcctNum,SSN Dictionaries HIPAA Code Sets - NDC, LOINC, HCPCS Record3: CustName,AcctNum,SSN US Addresses . . . Confidential 5

  6. Foundation – Data Base Record Matching  Database Record Matching delivers unmatched PII/PHI identification and control Confidential 6

  7. Foundations – Where can your data go?  Anywhere?  Who have you signed a BAA with and what is their domain? Confidential 7

  8. Case Studies Who let the PHI out? Inspired by True Stories Confidential 8

  9. Who sent all that Patient Data to Gmail!  Suspect emailed a spreadsheet that contained • Patient Names, Patient MRNs, Patient Socials • And information about the Physician • How many minutes the visit took • Focused on physician efficiency … (time spent per patient, etc.) Confidential 9

  10. Who sent all that Patient Data to Gmail!  Suspect emailed a spreadsheet that contained • Patient Names, Patient MRNs, Patient Socials • And information about the Physician • How many minutes the visit took • Focused on physician efficiency … (time spent per patient, etc.)  Who Dunnit? • The CEO hired a small external consulting firm to study physician efficiency … that did not have their own domain and email address Confidential 10

  11. How did we catch them? Internet smtp Confidential 11

  12. Who uploaded file to the UK?  Suspect uploaded a spreadsheet of patient information to a server in the UK • Contained patient name, Treatment dates, Amount owed • Account Aging report (i.e. 30 day, 60 days, 90 days, or more) Confidential 12

  13. Who uploaded file to the UK?  Suspect uploaded a spreadsheet of patient information to a server in the UK • Contained patient name, Treatment dates, Amount owed • Account Aging report (i.e. 30 day, 60 days, 90 days, or more)  Who dunnit? • The AR team was working with an external collections agency. Because email was blocked the AR person decided to upload the data using a file sharing and collaboration service. The server for the service just happened to be in the UK Confidential 13

  14. How did we catch them? http/https http/https Secure Web Internet Gateway icap Confidential 14

  15. Who is sending data via FTP?  Suspect file upload via unsecured FTP detected • Data was in HL7 format • Patient Name, Patient SSN, Patient MRN • And More Confidential 15

  16. Who is sending data via FTP?  Suspect file upload via unsecured FTP detected • Data was in HL7 format • Patient Name, Patient SSN, Patient MRN • And More  Who Dunnit? • A CT Scanner had been down for repair two weeks before. • As part of the diagnostics the technician turned on application logging. This caused the CT to log the full patient record in the system log. • The system log was uploaded to the vendor as matter of routine ‘health monitoring’ provided by the CT Vendor. Confidential 16

  17. How did we catch them? tcp/ip tcp/ip Internet Switch Confidential 17

  18. What files can the janitor see?  Suspect in question placed several large files on an internal file share without adequate access control • File was very large. Contained almost every patient the organization had ever treated • Contained full patient records in CSV file format Confidential 18

  19. What files can the janitor see?  Suspect in question placed several large files on an internal file share without adequate access control • File was very large. Contained almost every patient the organization had ever treated • Contained full patient records in CSV file format  Who Dunnit? • The IT team was migrating patient data between systems. The file was too large for the internal IT file share and the main EMC filer was used as a temporary repository. • The file was more than 10 years old. Nobody currently working at the organization owned the file or even knew it was there Confidential 19

  20. How did we catch them? File Shares Data Bases Laptops Confidential 20

  21. Summary  Understand where your data is (EHR, AR)  Understand where it can go (and white list those destinations)  Work with legal / compliance to come up with your risk framework  Apply detective controls  Discuss results and set objectives with your peers  Apply corrective controls Confidential 21

  22. Digital Guardian • Founded 2003 to protect all data Magic Quadrant against theft Leader • Began with protecting IP on the endpoint - the most challenging use case • Simplified compliance and cloud data protection with DG appliance • Launched industry’s first Managed Security Program for DLP Wave Leader Confidential 22

  23. Threat Aware Data Protection Deepest Visibility Real-Time Analytics Flexible Controls  Network  Endpoint  Filters out the noise  Controls that don’t slow down your business  Cloud  Accelerates investigation  Controls across network,  Databases/Shares  Delivers incident storage, cloud and e ndpoints discovery  Structured and  Controls that are enforceable Unstructured Data on all OS’s Confidential 23

  24. Digital Guardian’s Data Protection Program Framework

  25. Data Protection Program Framework VISIBILITY ANALYTICS CONTROL Enforce & Understand Build Assess & Improve Educate Confidential 25

  26. Understand: What Data to Protect Upload/Download Source/Destination User Application Mac Joe Smith Computer Network State 462-81-5406 DWG Classification Operation 42 Wallaby Cook 200+ Email Drive Type Parameters Classified Session Time of Day Content-based Context-based User-Based File inspection to identify, tag Identify & tag sensitive data Enable users to classify and fingerprint sensitive data for (structured and unstructured) sensitive data based on lowest false positives even before you develop policies business requirements Most comprehensive data discovery & classification on the market today Confidential 26

  27. Understand: When Data is at Risk View & Open Attach to Email Email Network Upload Cut & Paste Cloud Application USB Devices Delete & Recycle Remote Drives Application Launch File Encrypt Save to Local Drive Burn to CD DVD File Create Send to Printer Print Screen Connect Device Confidential 27

  28. Build: Smart Policies & Controls Based on Your Real Data Usage Total Egress – 90 Days Total Files Total GB 10,000,000 1,000,000 6,801,689 1,708,903 100,000 145,968 10,000 39,976 14,241 1,000 SMART Policies Share with 100 614 10 76 52 & Controls Business Leaders 1 Removable Printing Uploads Emails “Digital Guardian helped us change the conversation with business unit leaders.” - John Graham, Chief Information Security Officer, Jabil Confidential 28

  29. Enforce & Educate: Flexible & Automated Controls You have attempted to transfer PST file(s) to removable drive. Please provide a justification for moving PST file(s) to removable drive Content, context and behavior based rules can automatically prompt or block insider and outsider threats Confidential 29

  30. Assess: Analytics & Reports that Drive Continuous Improvement 1000 800 Incidents Per Week 600 400 200 Understand Build Enforce & Educate Assess & Improve 0 Risk Reduction Over Time Confidential 30

  31. Summary  You can’t protect what you can’t see. The deepest visibility enables you to go from reactive to proactive  Identifying and focusing on your most important data dramatically increases your security program’s effectiveness  Automated and flexible controls that won’t slow down your business 31

  32. Thank You Any Questions? 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

PQM4000 PQM4000 and PQM4000RGW Class A DIN 192x144 power quality analyzer for CTs or current

PQM4000 PQM4000 and PQM4000RGW Class A DIN 192x144 power quality analyzer for CTs or current

PQM4000 PQM4000 and PQM4000RGW Class A DIN 192x144 power quality analyzer for CTs or current clamps Class A certified in compliance with IEC/EN 61000-4-30:2015 Ed. 3 APPLICATIONS PQM4000 is connected to networks and facilities to monitor:

258 views • 15 slides
Security in Smart Cities: Adapting Castalia to Simulate Attacks on Deployed Heterogeneous WSNs

Security in Smart Cities: Adapting Castalia to Simulate Attacks on Deployed Heterogeneous WSNs

Introduction Background and Related Work Development Analysis and Results Conclusions and Further Work Acknowledgements Security in Smart Cities: Adapting Castalia to Simulate Attacks on Deployed Heterogeneous WSNs Jaume Guasch 1 1Master

1.57k views • 115 slides
Repo porting Requ quirements 1 Upload and Download Links Do not send information via email;

Repo porting Requ quirements 1 Upload and Download Links Do not send information via email;

Repo porting Requ quirements 1 Upload and Download Links Do not send information via email; send using the secure link provided in your invitation email 2 Upload and Download Links Do not send information via email; send using the secure

344 views • 16 slides
ANDERSON ELECTRIC CONTROLS, INC. Solar Simulation with AC2000P Power Supplies Est. 1969

ANDERSON ELECTRIC CONTROLS, INC. Solar Simulation with AC2000P Power Supplies Est. 1969

ANDERSON ELECTRIC CONTROLS, INC. Solar Simulation with AC2000P Power Supplies Est. 1969 ANDERSON ELECTRIC CONTROLS, INC. Standalone Power Supply ANDERSON ELECTRIC CONTROLS, INC. Problem - Static current command ANDERSON ELECTRIC CONTROLS,

450 views • 11 slides
Process Data Logging 4 June 2019 DTU Nanolab A flexible equipment process datalog and sample

Process Data Logging 4 June 2019 DTU Nanolab A flexible equipment process datalog and sample

Jesper Hanberg, Henrik Nyholt, Thger Eskildsen A flexible equipment process datalog and sample tracking system Process Data Logging 4 June 2019 DTU Nanolab A flexible equipment process datalog and sample tracking system 2 Cleanroom process

253 views • 22 slides
http://golang.org Thursday, July 22, 2010 Go Rob Pike Emerging Languages OSCON July 21, 2010

http://golang.org Thursday, July 22, 2010 Go Rob Pike Emerging Languages OSCON July 21, 2010

http://golang.org Thursday, July 22, 2010 Go Rob Pike Emerging Languages OSCON July 21, 2010 http://golang.org Thursday, July 22, 2010 Concurrency Where did Go's concurrency model come from? It's got a long history. 2 Thursday, July 22,

294 views • 28 slides
Scripting Languages Preparing for the exercises and exam Vincent Nys September 21, 2016 The

Scripting Languages Preparing for the exercises and exam Vincent Nys September 21, 2016 The

Scripting Languages Preparing for the exercises and exam Vincent Nys September 21, 2016 The command line Windows: PowerShell 1 OS X: Terminal 2 The command line vs. the REPL Installed programs and utilities can be run using the command line

846 views • 55 slides
Selective Colleges Brandon Mack Senior Assistant Director of Admission Filling out the Common

Selective Colleges Brandon Mack Senior Assistant Director of Admission Filling out the Common

Common Application and Selective Colleges Brandon Mack Senior Assistant Director of Admission Filling out the Common Application List Recommenders Submit for School Forms Payment Fill out the Writing Fill out the Supplement

204 views • 7 slides
Highlights of Prescribing Information Eric Brodsky, M.D. Associate Director, Labeling

Highlights of Prescribing Information Eric Brodsky, M.D. Associate Director, Labeling

Regulatory Education for Industry (REdI): PRESCRIPTION DRUG LABELING - CHALLENGES AND ISSUES Bethesda Marriott | Pooks Hill, MD | November 3-4, 2015 Highlights of Prescribing Information Eric Brodsky, M.D. Associate Director,

460 views • 29 slides
20160322 DEFENSE LANGUAGE INSTITUTE FOREIGN LANGUAGE CENTER Agenda Mission, Vision, and

20160322 DEFENSE LANGUAGE INSTITUTE FOREIGN LANGUAGE CENTER Agenda Mission, Vision, and

DEFENSE LANGUAGE INSTITUTE FOREIGN LANGUAGE CENTER 20160322 DEFENSE LANGUAGE INSTITUTE FOREIGN LANGUAGE CENTER Agenda Mission, Vision, and Values DLIFLC Overview and Profile Current Focus and Way Ahead Worldwide Presence 2

746 views • 29 slides
2011 Gallaudet Senior Language Assessment Project Report: ASL Presentation Dirksen Bauman,

2011 Gallaudet Senior Language Assessment Project Report: ASL Presentation Dirksen Bauman,

2011 Gallaudet Senior Language Assessment Project Report: ASL Presentation Dirksen Bauman, Coordinator, Office of Bilingual Teaching and Learning Senda Benaissa, Gallaudet Research Institute October 2011 Summary In Spring 2011, the Office of

207 views • 6 slides
Haskal - a Haskell shell Mats Jansborg and Aleksandar Despotoski May 18, 2006 Why a new type of

Haskal - a Haskell shell Mats Jansborg and Aleksandar Despotoski May 18, 2006 Why a new type of

Haskal - a Haskell shell Mats Jansborg and Aleksandar Despotoski May 18, 2006 Why a new type of Shell? Limited functionality No type safety Unix shells as Monads Where | corresponds to >>= cat x to return x Related Work

452 views • 18 slides
Using Natural Language Processing and Machine Learning to Assist First-Level Customer Support for

Using Natural Language Processing and Machine Learning to Assist First-Level Customer Support for

Using Natural Language Processing and Machine Learning to Assist First-Level Customer Support for Contract Management Master thesis Final presentation Michael Legenc Advisor: Daniel Braun Munich, 08.01.2018 Software Engineering

348 views • 23 slides
Ignite Group Presentation DUE Students will design and present Ignite presentations in groups of

Ignite Group Presentation DUE Students will design and present Ignite presentations in groups of

Ignite Group Presentation DUE Students will design and present Ignite presentations in groups of 3-5 in accordance with the following adapted formula: 3 students, 3 minutes, 12 slides, 15 seconds per slide (on auto-advance) 4 students, 4

494 views • 3 slides
Using Imperatives (a language technique) Introduction The purpose of this PowerPoint is to

Using Imperatives (a language technique) Introduction The purpose of this PowerPoint is to

Using Imperatives (a language technique) Introduction The purpose of this PowerPoint is to introduce the use of imperatives as a language technique. By the end of this PowerPoint you will have the knowledge and understanding of how to identify

172 views • 16 slides
User feedback of Kamu voice experiment Susanne Miessner Service Designer 9.04.2019 Technical

User feedback of Kamu voice experiment Susanne Miessner Service Designer 9.04.2019 Technical

User feedback of Kamu voice experiment Susanne Miessner Service Designer 9.04.2019 Technical solution (target) Twilio Migri cloud Speech- Additional services: to-text - Logging - Conversation Kamu- Phone storage Voice- platform

1.12k views • 16 slides
Computer-Delivered IELTS Its here, so whats changed and what hasnt and how to assist

Computer-Delivered IELTS Its here, so whats changed and what hasnt and how to assist

ieltscanadatest.com Computer-Delivered IELTS Its here, so whats changed and what hasnt and how to assist your students for success ielts.org Aims of todays presentation Student Support IDP and IELTS Take-Aways Security

679 views • 40 slides
MAELIA Multimodal M Application for Extensible Lego Intelligent Agent Friday, August 23,

MAELIA Multimodal M Application for Extensible Lego Intelligent Agent Friday, August 23,

MAELIA Multimodal M Application for Extensible Lego Intelligent Agent Friday, August 23, 2002 Guillaume Barraud & Priam Pierret 1 Problem Definition Lego MindStorms System Communication with user aspect Environnement

525 views • 29 slides
We enjoy it very much to be here, together with you and to have the opportunity to share our

We enjoy it very much to be here, together with you and to have the opportunity to share our

We enjoy it very much to be here, together with you and to have the opportunity to share our ideas. Both of us are teachers and my regular subjects at school are Sports and German. My colleague is music teacher and beside school he is conducting

41 views • 3 slides
Oral Presentation Having so something mething to to say ay is is not not enough

Oral Presentation Having so something mething to to say ay is is not not enough

Oral Presentation Having so something mething to to say ay is is not not enough enough, you you mu must st also also kno know how how to to say say it it. Attributes of good delivery lies in good conversation

126 views • 11 slides
World Class Macros Ali Korkmaz, John Moore & Rick Shoup Our experience In the I.R.

World Class Macros Ali Korkmaz, John Moore & Rick Shoup Our experience In the I.R.

World Class Macros Ali Korkmaz, John Moore & Rick Shoup Our experience In the I.R. shop: Report generation for different departments annual, quarterly, monthly updates , q y, y p Ali Korkma Ali Korkmaz, John Moore z,

100 views • 6 slides
Human Resources Sample Faculty Evaluation Form For Presentations Candidate s Name :

Human Resources Sample Faculty Evaluation Form For Presentations Candidate s Name :

Human Resources Sample Faculty Evaluation Form For Presentations Candidate s Name : ___________________________________________________________________ Evaluator: 1. The candidate made students aware of expected learning outcomes for the

268 views • 4 slides
This presentation is for the project on US 51 between Iron Street and US 2 in the City of Hurley,

This presentation is for the project on US 51 between Iron Street and US 2 in the City of Hurley,

This presentation is for the project on US 51 between Iron Street and US 2 in the City of Hurley, Iron County A public involvement was scheduled for July 21, 2020. An in-person meeting is not planned based on public health guidance to limit

163 views • 15 slides
The Every Student Succeeds Act: Updates to Rhode Islands ESSA State Plan ESSA@ride.ri.gov

The Every Student Succeeds Act: Updates to Rhode Islands ESSA State Plan ESSA@ride.ri.gov

The Every Student Succeeds Act: Updates to Rhode Islands ESSA State Plan ESSA@ride.ri.gov www.ride.ri.gov/ESSA 1 ESSA State Planning Process We are here. Submit Draft to US Dept. of Education State Approval of (September 18 th ) Draft

152 views • 12 slides

More recommend