SlideShare a Scribd company logo

Cybersecurity Challenges in Healthcare

Doug Copley
Doug Copley

This document discusses cybersecurity challenges in healthcare. It begins with an agenda covering healthcare cybersecurity headlines, trends, unique issues, practical remedies, where to begin, and building security collaboratively. It then covers each agenda item in more detail. The document emphasizes that healthcare data is highly valuable to hackers and outlines trends like increasing ransomware attacks and data breaches. It describes unique challenges for healthcare like medical devices and real-time access needs. Practical steps are outlined like risk assessments, policies, access controls, and partnering with groups like state agencies and information sharing organizations.

Health & Medicine
1 of 37
Download to read offline
Cybersecurity Challenges in Healthcare Doug Copley – Beaumont Health& Michigan Healthcare Cybersecurity Council
Take-Aways From This Session 1. Insight on specific cybersecurity threats healthcare organizations face on a daily basis 2. Practical advice for reducing the risk of cybersecurity threats 3. A perspective on reaching outside your organizational boundaries to reduce cybersecurity risk & improve preparedness
Agenda Healthcare Cybersecurity Headlines1 Healthcare Industry Cybersecurity Trends Cybersecurity Issues Unique to Healthcare Applying Practical Remedies to Reduce Risk Where to Begin Building Security Without Boundaries Question & Answer 2 4 3 6 5 7
Healthcare Headline 1
Healthcare Headline 2
Healthcare Headline 3
Healthcare Headline 4
Healthcare Headline 5
Healthcare Headline 6
Healthcare Headline 7
Healthcare Headline 8
Recent Headlines Nov. 13, 2015: OH Muhlenberg (Provider-KY) 84681 records – Hacking/IT Incident Oct. 28, 2015: Children's Medical Clinics of East Texas (Provider-TX) 16000 records – Unauthorized Access/Disclosure Sep. 9, 2015: Excellus Health Plan (NY) 10,000,000 records – Hacking/IT Incident
Data Breach Visual Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Agenda Healthcare Cybersecurity Headlines1 Healthcare Industry Cybersecurity Trends Cybersecurity Issues Unique to Healthcare Applying Practical Remedies to Reduce Risk Where to Begin Building Security Without Boundaries Question & Answer 2 4 3 6 5 7 Healthcare Industry Cybersecurity Trends
Healthcare Cyber Trends • Healthcare data most valuable • Phishing/email is easiest method of attack • Cyber defense improving, but still lagging • Medical facilities use credit cards nearly as much as retailers • More are purchasing cyber insurance • OCR and CMS doing more audits • Fines being issued for lack of “basics” • Likely we will get more regulations
Ponemon 2015 Cost of a Data Breach Study • Average cost per record across all industries in US: $217 • Average cost of data breach: $6.53MM Average cost per record by industry © Ponemon Institute
Ponemon 2015 Cost of a Data Breach Study © Ponemon Institute • Healthcare industry has second largest customer turnover rate at 6% Average customer turnover rate due to breaches
Agenda Healthcare Cybersecurity Headlines1 Healthcare Industry Cybersecurity Trends Cybersecurity Issues Unique to Healthcare Applying Practical Remedies to Reduce Risk Where to Begin Building Security Without Boundaries Question & Answer 2 4 3 6 5 7 Healthcare Industry Cybersecurity Trends
Understanding Healthcare Needs • Patient Care • Quality & Safety • Real-time Access to Information, Regardless of Where it is • Flow of Data Needs to be Seamless, to Providers, Payers and Patients • iPads, iPhones, Tablets are Required • Telemedicine • Accountable Care & Revenue
Cyber Challenges • Cyber education takes time from patients • Typing passwords slows down patient care • So much access to patient data, a malicious insider is difficult to detect • High volume of external data flows • Networked medical devices • Remote vendor support common • EHR access from anywhere (required) • Lack of maturity & high value of data
Connected Medical Devices 2007 – Vice President Dick Cheney feared terrorists had the technology to send a fatal shock to his pacemaker, so he had his doctors disable its wireless capability.
Agenda Healthcare Cybersecurity Headlines1 Healthcare Industry Cybersecurity Trends Cybersecurity Issues Unique to Healthcare Applying Practical Remedies to Reduce Risk Where to Begin Building Security Without Boundaries Question & Answer 2 4 3 6 5 7 Healthcare Industry Cybersecurity Trends
Managing Cyber Risk • Key is appropriately managing the risks – Policies & procedures (administrative) – Technology tools (technical) – Control physical access (physical) • Risk/Cost decision: Do we need to: – Prevent it from happening? – Detect & respond when it happens? – Would it automatically get corrected? – Do we get cyber insurance?
Practical Steps To Security 1. Have a Plan – Decide on a framework (HiTrust, NIST, ISO, etc.) – Build relationships with Compliance, Audit, Risk – Prioritize efforts based on risk 2. Understand your environment – Understand your business – Users and equipment on the network – Understand data flows, particularly off-network 3. Manage your vendors and business associates
Practical Steps To Security 4. Write easy-to-understand policies and EDUCATE 5. Leverage virtualization (Citrix for abstraction) 6. Manage the data on personal phones & tablets 7. Deploy SSO with badge readers – Simpler & quicker for clinical users 8. Don’t let insecure devices on your corporate network – segment if needed, or leverage VDI (for example XP you can’t eliminate)
Practical Steps To Security 9. Medical devices… push vendors and use FDA guidance and partnerships as leverage 10.Blocking & tackling – Awareness & Education – make it relevant!! – Strong HW, SW, medical device asset mgmt – System scanning & PATCHING – Event monitoring & incident response • Watch outbound, not just inbound activity – Data loss prevention – Restrictions on removable media
Agenda Healthcare Cybersecurity Headlines1 Healthcare Industry Cybersecurity Trends Cybersecurity Issues Unique to Healthcare Applying Practical Remedies to Reduce Risk Where to Begin Building Security Without Boundaries Question & Answer 2 4 3 6 5 7 Healthcare Industry Cybersecurity Trends
6-Step Security Cycle Inventory Your PHI . Perform a Risk Assessment Develop a Security Strategy (Source: Healthcare IT News) Have an Incident Response Plan Ready Implement Policies, Processes, and Technologies Train Workforce
Where to Begin Regulators expect a risk assessment to drive privacy and security safeguards. Key questions from the guidance: 1. Have you identified the e-PHI within your organization? (create, receive, maintain or transmit) 2. What are the external sources of e-PHI? (vendors, consultants) 3. What are the threats to systems that contain e-PHI? Risk assessment results should help determine: 1. Appropriate personnel screening processes 2. Identify what data to backup and how 3. Decide whether to use encryption 4. Identify what data must be authenticated 5. Determine data transmission safeguards
Agenda Healthcare Cybersecurity Headlines1 Healthcare Industry Cybersecurity Trends Cybersecurity Issues Unique to Healthcare Applying Practical Remedies to Reduce Risk Where to Begin Building Security Without Boundaries Question & Answer 2 4 3 6 5 7 Healthcare Industry Cybersecurity Trends
Building Security Without Boundaries • Resources are ALWAYS constrained – Reason for risk-based prioritization – Outsource if necessary, but commodity functions • Encourage and reward innovation – May increase productivity – Can help improve morale • Look for external funding – Federal & State grants may be available – May be able to participate in outside initiatives
Leverage Key Partnerships Build partnerships outside your organization In healthcare, key resources are: 1. Peer organizations – non-profit and for-profit 2. State - Dept. of Community Health 3. State - Health Information Exchanges 4. State - Health & Hospital Association 5. HiTrust & NH-ISAC 6. Federal – Health & Human Services 7. Federal – FBI & InfraGard 8. Federal – Homeland Security
Michigan Healthcare Cybersecurity Council (www.mihcc.org) Goals of MHCC efforts: • Bring Michigan healthcare organizations together toward a common purpose • To protect MI critical healthcare infrastructure • To leverage public/private partnerships to improve healthcare cybersecurity preparedness • Apply best practices and consistent protections to common challenges • Deliver actionable materials all healthcare entities can use
Michigan Healthcare Cybersecurity Council Participating Organizations
Agenda Healthcare Cybersecurity Headlines1 Healthcare Industry Cybersecurity Trends Cybersecurity Issues Unique to Healthcare Applying Practical Remedies to Reduce Risk Where to Begin Building Security Without Boundaries Question & Answer 2 4 3 6 5 7 Healthcare Industry Cybersecurity Trends
Questions?
Thank You! Doug Copley doug.copley@mihcc.org

Recommended

Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and HealthcareJonathon Coulter
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber securityBrian Matteson, CISSP CISA
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareCompTIA
 
Health information system security
Health information system securityHealth information system security
Health information system securitykristinleighclark
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in HealthcareQuick Heal Technologies Ltd.
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 

Recommended

Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and HealthcareJonathon Coulter
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber securityBrian Matteson, CISSP CISA
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareCompTIA
 
Health information system security
Health information system securityHealth information system security
Health information system securitykristinleighclark
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in HealthcareQuick Heal Technologies Ltd.
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 
Data security
Data securityData security
Data securitySoumen Mondal
 
Breakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesBreakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesHealthegy
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Introduction: CISSP Certification
Introduction: CISSP CertificationIntroduction: CISSP Certification
Introduction: CISSP CertificationSam Bowne
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxRambilashTudu
 
Tcs cybersecurity for healthcare
Tcs cybersecurity for healthcareTcs cybersecurity for healthcare
Tcs cybersecurity for healthcareComtech TCS
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Health information security system
Health information security systemHealth information security system
Health information security systemDiana Fernandez
 
Securing the digital front door
Securing the digital front doorSecuring the digital front door
Securing the digital front doorRyan Coleman
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsNasir Bhutta
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)Hussein Al-Sanabani
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesTam Nguyen
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and ChallengesHappiest Minds Technologies
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityANGIEPAEZ304
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
Detroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDetroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDoug Copley
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggonermihinpr
 

More Related Content

What's hot

Breakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesBreakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesHealthegy
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Introduction: CISSP Certification
Introduction: CISSP CertificationIntroduction: CISSP Certification
Introduction: CISSP CertificationSam Bowne
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxRambilashTudu
 
Tcs cybersecurity for healthcare
Tcs cybersecurity for healthcareTcs cybersecurity for healthcare
Tcs cybersecurity for healthcareComtech TCS
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Health information security system
Health information security systemHealth information security system
Health information security systemDiana Fernandez
 
Securing the digital front door
Securing the digital front doorSecuring the digital front door
Securing the digital front doorRyan Coleman
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsNasir Bhutta
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesTam Nguyen
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 

What's hot (20)

Data security
Data securityData security
Data security
 
Breakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical DevicesBreakout Session: Cybersecurity in Medical Devices
Breakout Session: Cybersecurity in Medical Devices
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
 
Introduction: CISSP Certification
Introduction: CISSP CertificationIntroduction: CISSP Certification
Introduction: CISSP Certification
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptx
 
Tcs cybersecurity for healthcare
Tcs cybersecurity for healthcareTcs cybersecurity for healthcare
Tcs cybersecurity for healthcare
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
Health information security system
Health information security systemHealth information security system
Health information security system
 
Securing the digital front door
Securing the digital front doorSecuring the digital front door
Securing the digital front door
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security laws
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and Challenges
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 

Similar to Cybersecurity Challenges in Healthcare

Detroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDetroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDoug Copley
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggonermihinpr
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?Stephen Cobb
 
Webinar: Overcoming it challenges
Webinar: Overcoming it challengesWebinar: Overcoming it challenges
Webinar: Overcoming it challengesModern Healthcare
 
Why FIDO Matters: Healthcare Services
Why FIDO Matters: Healthcare ServicesWhy FIDO Matters: Healthcare Services
Why FIDO Matters: Healthcare ServicesFIDO Alliance
 
Critical Care: The Importance of Stronger Authentication in Health Care
Critical Care: The Importance of Stronger Authentication in Health CareCritical Care: The Importance of Stronger Authentication in Health Care
Critical Care: The Importance of Stronger Authentication in Health CareFIDO Alliance
 
Network Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudyNetwork Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudySophiaPalmira
 
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Hybrid Cloud
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...Health IT Conference – iHT2
 
Healthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALHealthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALSteve Knapp
 
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...IT Network marcus evans
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical DevicesSecurityMetrics
 
Hot Topics in Privacy and Security
Hot Topics in Privacy and SecurityHot Topics in Privacy and Security
Hot Topics in Privacy and SecurityPYA, P.C.
 
Ann Cavoukian Presentation
Ann Cavoukian PresentationAnn Cavoukian Presentation
Ann Cavoukian PresentationCityAge
 
Adequate directions for use "In the Age of AI and Watson"
Adequate directions for use "In the Age of AI and Watson"Adequate directions for use "In the Age of AI and Watson"
Adequate directions for use "In the Age of AI and Watson"Stephen Allan Weitzman
 
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Lawley Insurance
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach riskLivingstone Advisory
 
Big Data Analytics - Opportunities, Enablers, Challenges and Risks to Conside...
Big Data Analytics - Opportunities, Enablers, Challenges and Risks to Conside...Big Data Analytics - Opportunities, Enablers, Challenges and Risks to Conside...
Big Data Analytics - Opportunities, Enablers, Challenges and Risks to Conside...Innovation Enterprise
 
Hitech for HIPAA
Hitech for HIPAAHitech for HIPAA
Hitech for HIPAAdkarpinsky
 

Similar to Cybersecurity Challenges in Healthcare (20)

Detroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDetroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare Cybersecurity
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggoner
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?
 
Webinar: Overcoming it challenges
Webinar: Overcoming it challengesWebinar: Overcoming it challenges
Webinar: Overcoming it challenges
 
Why FIDO Matters: Healthcare Services
Why FIDO Matters: Healthcare ServicesWhy FIDO Matters: Healthcare Services
Why FIDO Matters: Healthcare Services
 
Critical Care: The Importance of Stronger Authentication in Health Care
Critical Care: The Importance of Stronger Authentication in Health CareCritical Care: The Importance of Stronger Authentication in Health Care
Critical Care: The Importance of Stronger Authentication in Health Care
 
Network Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudyNetwork Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case Study
 
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
 
Healthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALHealthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINAL
 
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
 
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
 
Hot Topics in Privacy and Security
Hot Topics in Privacy and SecurityHot Topics in Privacy and Security
Hot Topics in Privacy and Security
 
Ann Cavoukian Presentation
Ann Cavoukian PresentationAnn Cavoukian Presentation
Ann Cavoukian Presentation
 
Adequate directions for use "In the Age of AI and Watson"
Adequate directions for use "In the Age of AI and Watson"Adequate directions for use "In the Age of AI and Watson"
Adequate directions for use "In the Age of AI and Watson"
 
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 
Big Data Analytics - Opportunities, Enablers, Challenges and Risks to Conside...
Big Data Analytics - Opportunities, Enablers, Challenges and Risks to Conside...Big Data Analytics - Opportunities, Enablers, Challenges and Risks to Conside...
Big Data Analytics - Opportunities, Enablers, Challenges and Risks to Conside...
 
Hitech for HIPAA
Hitech for HIPAAHitech for HIPAA
Hitech for HIPAA
 

More from Doug Copley

Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecurityDoug Copley
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDoug Copley
 
Improving Security Metrics
Improving Security MetricsImproving Security Metrics
Improving Security MetricsDoug Copley
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017Doug Copley
 
Improving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & SecurityImproving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & SecurityDoug Copley
 
2015 Secureworld_effectively_managing_information_risk
2015 Secureworld_effectively_managing_information_risk2015 Secureworld_effectively_managing_information_risk
2015 Secureworld_effectively_managing_information_riskDoug Copley
 

More from Doug Copley (6)

Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of Security
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program Effectiveness
 
Improving Security Metrics
Improving Security MetricsImproving Security Metrics
Improving Security Metrics
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
 
Improving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & SecurityImproving Cloud Visibility, Accountability & Security
Improving Cloud Visibility, Accountability & Security
 
2015 Secureworld_effectively_managing_information_risk
2015 Secureworld_effectively_managing_information_risk2015 Secureworld_effectively_managing_information_risk
2015 Secureworld_effectively_managing_information_risk
 

Recently uploaded

Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...narwatsonia7
 
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service ChennaiCall Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service ChennaiNehru place Escorts
 
Call Girls Kanakapura Road Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Kanakapura Road Just Call 7001305949 Top Class Call Girl Service A...Call Girls Kanakapura Road Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Kanakapura Road Just Call 7001305949 Top Class Call Girl Service A...narwatsonia7
 
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...narwatsonia7
 
High Profile Call Girls Jaipur Vani 8445551418 Independent Escort Service Jaipur
High Profile Call Girls Jaipur Vani 8445551418 Independent Escort Service JaipurHigh Profile Call Girls Jaipur Vani 8445551418 Independent Escort Service Jaipur
High Profile Call Girls Jaipur Vani 8445551418 Independent Escort Service Jaipurparulsinha
 
Call Girl Surat Madhuri 7001305949 Independent Escort Service Surat
Call Girl Surat Madhuri 7001305949 Independent Escort Service SuratCall Girl Surat Madhuri 7001305949 Independent Escort Service Surat
Call Girl Surat Madhuri 7001305949 Independent Escort Service Suratnarwatsonia7
 
Aspirin presentation slides by Dr. Rewas Ali
Aspirin presentation slides by Dr. Rewas AliAspirin presentation slides by Dr. Rewas Ali
Aspirin presentation slides by Dr. Rewas AliRewAs ALI
 
Call Girl Lucknow Mallika 7001305949 Independent Escort Service Lucknow
Call Girl Lucknow Mallika 7001305949 Independent Escort Service LucknowCall Girl Lucknow Mallika 7001305949 Independent Escort Service Lucknow
Call Girl Lucknow Mallika 7001305949 Independent Escort Service Lucknownarwatsonia7
 
Call Girls Jayanagar Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Jayanagar Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Jayanagar Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Jayanagar Just Call 7001305949 Top Class Call Girl Service Availablenarwatsonia7
 
VIP Call Girls Mumbai Arpita 9910780858 Independent Escort Service Mumbai
VIP Call Girls Mumbai Arpita 9910780858 Independent Escort Service MumbaiVIP Call Girls Mumbai Arpita 9910780858 Independent Escort Service Mumbai
VIP Call Girls Mumbai Arpita 9910780858 Independent Escort Service Mumbaisonalikaur4
 
Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...
Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...
Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...Miss joya
 
Artifacts in Nuclear Medicine with Identifying and resolving artifacts.
Artifacts in Nuclear Medicine with Identifying and resolving artifacts.Artifacts in Nuclear Medicine with Identifying and resolving artifacts.
Artifacts in Nuclear Medicine with Identifying and resolving artifacts.MiadAlsulami
 
Call Girls Hebbal Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hebbal Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Hebbal Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hebbal Just Call 7001305949 Top Class Call Girl Service Availablenarwatsonia7
 
Call Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service Availablenarwatsonia7
 
Ahmedabad Call Girls CG Road 🔝9907093804 Short 1500 💋 Night 6000
Ahmedabad Call Girls CG Road 🔝9907093804 Short 1500 💋 Night 6000Ahmedabad Call Girls CG Road 🔝9907093804 Short 1500 💋 Night 6000
Ahmedabad Call Girls CG Road 🔝9907093804 Short 1500 💋 Night 6000aliya bhat
 
Sonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Sonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call NowSonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Sonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call NowRiya Pathan
 
Call Girls Service Jaipur Grishma WhatsApp ❤8445551418 VIP Call Girls Jaipur
Call Girls Service Jaipur Grishma WhatsApp ❤8445551418 VIP Call Girls JaipurCall Girls Service Jaipur Grishma WhatsApp ❤8445551418 VIP Call Girls Jaipur
Call Girls Service Jaipur Grishma WhatsApp ❤8445551418 VIP Call Girls Jaipurparulsinha
 
Housewife Call Girls Hoskote | 7001305949 At Low Cost Cash Payment Booking
Housewife Call Girls Hoskote | 7001305949 At Low Cost Cash Payment BookingHousewife Call Girls Hoskote | 7001305949 At Low Cost Cash Payment Booking
Housewife Call Girls Hoskote | 7001305949 At Low Cost Cash Payment Bookingnarwatsonia7
 
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort ServiceCollege Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort ServiceNehru place Escorts
 
Kesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls Service
Kesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls ServiceKesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls Service
Kesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls Servicemakika9823
 

Recently uploaded (20)

Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
 
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service ChennaiCall Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
 
Call Girls Kanakapura Road Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Kanakapura Road Just Call 7001305949 Top Class Call Girl Service A...Call Girls Kanakapura Road Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Kanakapura Road Just Call 7001305949 Top Class Call Girl Service A...
 
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
 
High Profile Call Girls Jaipur Vani 8445551418 Independent Escort Service Jaipur
High Profile Call Girls Jaipur Vani 8445551418 Independent Escort Service JaipurHigh Profile Call Girls Jaipur Vani 8445551418 Independent Escort Service Jaipur
High Profile Call Girls Jaipur Vani 8445551418 Independent Escort Service Jaipur
 
Call Girl Surat Madhuri 7001305949 Independent Escort Service Surat
Call Girl Surat Madhuri 7001305949 Independent Escort Service SuratCall Girl Surat Madhuri 7001305949 Independent Escort Service Surat
Call Girl Surat Madhuri 7001305949 Independent Escort Service Surat
 
Aspirin presentation slides by Dr. Rewas Ali
Aspirin presentation slides by Dr. Rewas AliAspirin presentation slides by Dr. Rewas Ali
Aspirin presentation slides by Dr. Rewas Ali
 
Call Girl Lucknow Mallika 7001305949 Independent Escort Service Lucknow
Call Girl Lucknow Mallika 7001305949 Independent Escort Service LucknowCall Girl Lucknow Mallika 7001305949 Independent Escort Service Lucknow
Call Girl Lucknow Mallika 7001305949 Independent Escort Service Lucknow
 
Call Girls Jayanagar Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Jayanagar Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Jayanagar Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Jayanagar Just Call 7001305949 Top Class Call Girl Service Available
 
VIP Call Girls Mumbai Arpita 9910780858 Independent Escort Service Mumbai
VIP Call Girls Mumbai Arpita 9910780858 Independent Escort Service MumbaiVIP Call Girls Mumbai Arpita 9910780858 Independent Escort Service Mumbai
VIP Call Girls Mumbai Arpita 9910780858 Independent Escort Service Mumbai
 
Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...
Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...
Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...
 
Artifacts in Nuclear Medicine with Identifying and resolving artifacts.
Artifacts in Nuclear Medicine with Identifying and resolving artifacts.Artifacts in Nuclear Medicine with Identifying and resolving artifacts.
Artifacts in Nuclear Medicine with Identifying and resolving artifacts.
 
Call Girls Hebbal Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hebbal Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Hebbal Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hebbal Just Call 7001305949 Top Class Call Girl Service Available
 
Call Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service Available
 
Ahmedabad Call Girls CG Road 🔝9907093804 Short 1500 💋 Night 6000
Ahmedabad Call Girls CG Road 🔝9907093804 Short 1500 💋 Night 6000Ahmedabad Call Girls CG Road 🔝9907093804 Short 1500 💋 Night 6000
Ahmedabad Call Girls CG Road 🔝9907093804 Short 1500 💋 Night 6000
 
Sonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Sonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call NowSonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Sonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
 
Call Girls Service Jaipur Grishma WhatsApp ❤8445551418 VIP Call Girls Jaipur
Call Girls Service Jaipur Grishma WhatsApp ❤8445551418 VIP Call Girls JaipurCall Girls Service Jaipur Grishma WhatsApp ❤8445551418 VIP Call Girls Jaipur
Call Girls Service Jaipur Grishma WhatsApp ❤8445551418 VIP Call Girls Jaipur
 
Housewife Call Girls Hoskote | 7001305949 At Low Cost Cash Payment Booking
Housewife Call Girls Hoskote | 7001305949 At Low Cost Cash Payment BookingHousewife Call Girls Hoskote | 7001305949 At Low Cost Cash Payment Booking
Housewife Call Girls Hoskote | 7001305949 At Low Cost Cash Payment Booking
 
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort ServiceCollege Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
 
Kesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls Service
Kesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls ServiceKesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls Service
Kesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls Service
 

Cybersecurity Challenges in Healthcare

  • 1. Cybersecurity Challenges in Healthcare Doug Copley – Beaumont Health& Michigan Healthcare Cybersecurity Council
  • 2. Take-Aways From This Session 1. Insight on specific cybersecurity threats healthcare organizations face on a daily basis 2. Practical advice for reducing the risk of cybersecurity threats 3. A perspective on reaching outside your organizational boundaries to reduce cybersecurity risk & improve preparedness
  • 3. Agenda Healthcare Cybersecurity Headlines1 Healthcare Industry Cybersecurity Trends Cybersecurity Issues Unique to Healthcare Applying Practical Remedies to Reduce Risk Where to Begin Building Security Without Boundaries Question & Answer 2 4 3 6 5 7
  • 12. Recent Headlines Nov. 13, 2015: OH Muhlenberg (Provider-KY) 84681 records – Hacking/IT Incident Oct. 28, 2015: Children's Medical Clinics of East Texas (Provider-TX) 16000 records – Unauthorized Access/Disclosure Sep. 9, 2015: Excellus Health Plan (NY) 10,000,000 records – Hacking/IT Incident
  • 13. Data Breach Visual Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
  • 14. Agenda Healthcare Cybersecurity Headlines1 Healthcare Industry Cybersecurity Trends Cybersecurity Issues Unique to Healthcare Applying Practical Remedies to Reduce Risk Where to Begin Building Security Without Boundaries Question & Answer 2 4 3 6 5 7 Healthcare Industry Cybersecurity Trends
  • 15. Healthcare Cyber Trends • Healthcare data most valuable • Phishing/email is easiest method of attack • Cyber defense improving, but still lagging • Medical facilities use credit cards nearly as much as retailers • More are purchasing cyber insurance • OCR and CMS doing more audits • Fines being issued for lack of “basics” • Likely we will get more regulations
  • 16. Ponemon 2015 Cost of a Data Breach Study • Average cost per record across all industries in US: $217 • Average cost of data breach: $6.53MM Average cost per record by industry © Ponemon Institute
  • 17. Ponemon 2015 Cost of a Data Breach Study © Ponemon Institute • Healthcare industry has second largest customer turnover rate at 6% Average customer turnover rate due to breaches
  • 18. Agenda Healthcare Cybersecurity Headlines1 Healthcare Industry Cybersecurity Trends Cybersecurity Issues Unique to Healthcare Applying Practical Remedies to Reduce Risk Where to Begin Building Security Without Boundaries Question & Answer 2 4 3 6 5 7 Healthcare Industry Cybersecurity Trends
  • 19. Understanding Healthcare Needs • Patient Care • Quality & Safety • Real-time Access to Information, Regardless of Where it is • Flow of Data Needs to be Seamless, to Providers, Payers and Patients • iPads, iPhones, Tablets are Required • Telemedicine • Accountable Care & Revenue
  • 20. Cyber Challenges • Cyber education takes time from patients • Typing passwords slows down patient care • So much access to patient data, a malicious insider is difficult to detect • High volume of external data flows • Networked medical devices • Remote vendor support common • EHR access from anywhere (required) • Lack of maturity & high value of data
  • 21. Connected Medical Devices 2007 – Vice President Dick Cheney feared terrorists had the technology to send a fatal shock to his pacemaker, so he had his doctors disable its wireless capability.
  • 22. Agenda Healthcare Cybersecurity Headlines1 Healthcare Industry Cybersecurity Trends Cybersecurity Issues Unique to Healthcare Applying Practical Remedies to Reduce Risk Where to Begin Building Security Without Boundaries Question & Answer 2 4 3 6 5 7 Healthcare Industry Cybersecurity Trends
  • 23. Managing Cyber Risk • Key is appropriately managing the risks – Policies & procedures (administrative) – Technology tools (technical) – Control physical access (physical) • Risk/Cost decision: Do we need to: – Prevent it from happening? – Detect & respond when it happens? – Would it automatically get corrected? – Do we get cyber insurance?
  • 24. Practical Steps To Security 1. Have a Plan – Decide on a framework (HiTrust, NIST, ISO, etc.) – Build relationships with Compliance, Audit, Risk – Prioritize efforts based on risk 2. Understand your environment – Understand your business – Users and equipment on the network – Understand data flows, particularly off-network 3. Manage your vendors and business associates
  • 25. Practical Steps To Security 4. Write easy-to-understand policies and EDUCATE 5. Leverage virtualization (Citrix for abstraction) 6. Manage the data on personal phones & tablets 7. Deploy SSO with badge readers – Simpler & quicker for clinical users 8. Don’t let insecure devices on your corporate network – segment if needed, or leverage VDI (for example XP you can’t eliminate)
  • 26. Practical Steps To Security 9. Medical devices… push vendors and use FDA guidance and partnerships as leverage 10.Blocking & tackling – Awareness & Education – make it relevant!! – Strong HW, SW, medical device asset mgmt – System scanning & PATCHING – Event monitoring & incident response • Watch outbound, not just inbound activity – Data loss prevention – Restrictions on removable media
  • 27. Agenda Healthcare Cybersecurity Headlines1 Healthcare Industry Cybersecurity Trends Cybersecurity Issues Unique to Healthcare Applying Practical Remedies to Reduce Risk Where to Begin Building Security Without Boundaries Question & Answer 2 4 3 6 5 7 Healthcare Industry Cybersecurity Trends
  • 28. 6-Step Security Cycle Inventory Your PHI . Perform a Risk Assessment Develop a Security Strategy (Source: Healthcare IT News) Have an Incident Response Plan Ready Implement Policies, Processes, and Technologies Train Workforce
  • 29. Where to Begin Regulators expect a risk assessment to drive privacy and security safeguards. Key questions from the guidance: 1. Have you identified the e-PHI within your organization? (create, receive, maintain or transmit) 2. What are the external sources of e-PHI? (vendors, consultants) 3. What are the threats to systems that contain e-PHI? Risk assessment results should help determine: 1. Appropriate personnel screening processes 2. Identify what data to backup and how 3. Decide whether to use encryption 4. Identify what data must be authenticated 5. Determine data transmission safeguards
  • 30. Agenda Healthcare Cybersecurity Headlines1 Healthcare Industry Cybersecurity Trends Cybersecurity Issues Unique to Healthcare Applying Practical Remedies to Reduce Risk Where to Begin Building Security Without Boundaries Question & Answer 2 4 3 6 5 7 Healthcare Industry Cybersecurity Trends
  • 31. Building Security Without Boundaries • Resources are ALWAYS constrained – Reason for risk-based prioritization – Outsource if necessary, but commodity functions • Encourage and reward innovation – May increase productivity – Can help improve morale • Look for external funding – Federal & State grants may be available – May be able to participate in outside initiatives
  • 32. Leverage Key Partnerships Build partnerships outside your organization In healthcare, key resources are: 1. Peer organizations – non-profit and for-profit 2. State - Dept. of Community Health 3. State - Health Information Exchanges 4. State - Health & Hospital Association 5. HiTrust & NH-ISAC 6. Federal – Health & Human Services 7. Federal – FBI & InfraGard 8. Federal – Homeland Security
  • 33. Michigan Healthcare Cybersecurity Council (www.mihcc.org) Goals of MHCC efforts: • Bring Michigan healthcare organizations together toward a common purpose • To protect MI critical healthcare infrastructure • To leverage public/private partnerships to improve healthcare cybersecurity preparedness • Apply best practices and consistent protections to common challenges • Deliver actionable materials all healthcare entities can use
  • 34. Michigan Healthcare Cybersecurity Council Participating Organizations
  • 35. Agenda Healthcare Cybersecurity Headlines1 Healthcare Industry Cybersecurity Trends Cybersecurity Issues Unique to Healthcare Applying Practical Remedies to Reduce Risk Where to Begin Building Security Without Boundaries Question & Answer 2 4 3 6 5 7 Healthcare Industry Cybersecurity Trends