SlideShare a Scribd company logo

CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital

Health IT Conference – iHT2
Health IT Conference – iHT2

CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital

Education
1 of 14
Download to read offline
A CHIME Leadership Education and Development Forum in collaboration with iHT2 Creating an Effective Cyber Security Strategy ________ Key Attributes for Success, Challenges and Critical Success Factors Paul Scheib Senior Director Information Services & CISO Boston Children’s Hospital #LEAD14
Case Study: When Hacktivists Attack Your Hospital A CHIME Leadership Education and Development Forum in collaboration with iHT2 The Cyber Threat Under attack Our response Lessons Learned
Who is Boston Children’s Hospital A CHIME Leadership Education and Development Forum in collaboration with iHT2 •Regional medical center in Eastern Massachusetts with 13 satellite locations - 395 bed pediatric teaching hospital, affiliate of Harvard Medical School •Approximately 25,000 inpatient admissions each year and 200+ specialized clinical programs schedule 557,000 visits annually •One of the top rated pediatric institutions in the world (US News & World Report), World's largest research enterprise based at a pediatric hospital •Over 8000 staff and ~14,000 users •Diverse user community •Full-time employees and Foundation physicians •Residents, fellows, researchers and rotational staff
A Real Threat A CHIME Leadership Education and Development Forum in collaboration with iHT2 •March 20, 2014 – notified by external cyber intelligence group about Twitter/ Pastebin posting by Anonymous, threatening attack - result of highly publicized child custody case •“d0x” of staff and presiding judge posted •“Details” of BCH external web site posted
Who is Anonymous? A CHIME Leadership Education and Development Forum in collaboration with iHT2 •Anonymous is a loosely associated international network of activist and hacktivists •Resume includes attacks on Bank of America, Sony, Boston Police, CIA and Sarah Palin. •Weapons of choice are Distributed Denial of Service, web site defacing, & exposing confidential information. •Seeks publicity to rally their followers •Posted YouTube videos threatening Boston Children’s Hospital
Was This the Real “Anonymous”? A CHIME Leadership Education and Development Forum in collaboration with iHT2 •Convened Hospital’s general Incident Response Team •Inventoried potentially impacted applications •Began forming contingency plans - focused on potential of loosing or cutting ourselves off from Internet •Message to entire organization emphasizing vigilance, email security best practices •Contacted law enforcement •Redoubled our security efforts and prepared for possible hacking attempts Not hard to get details they posted Not hard to post a video on YouTube Should we take this seriously or is it a hoax?
The Cyber Attack A CHIME Leadership Education and Development Forum in collaboration with iHT2 •About 3 weeks later... low volume DDoS attack starts •Mitigated by network changes •Cat and mouse – we address attack, they change tactic/increase volume •1 week later, Easter/Patriot’ Day weekend (Boston Marathon bombing 1 year anniversary) •Massive uptick in DDoS volume •Engaged 3rd party vendor’s Emergency Services and within 8 hours began blocking DDOS attack
Internet Traffic During DDoS Attack A CHIME Leadership Education and Development Forum in collaboration with iHT2
The Cyber Attack Evolves A CHIME Leadership Education and Development Forum in collaboration with iHT2 •Direct attacks on exposed ports, web sites •Proactively took down virtually all externally facing sites: research, philanthropy, patient and provider portals, etc… •Massive influx of malware laden emails •Proactively shut down entire email system for ~24 hrs •Re-emphasized to staff to not open suspicious mails/attachments •Ensured no malware made it through filters
What did we experience? A CHIME Leadership Education and Development Forum in collaboration with iHT2 •DDOS attack created short periods of web site outage. •Attack reached 27 Gbps aimed at a 10Gbps connection. Congestion affected Harvard’s ISP. •Additional attacks took down web sites of NStar, Wayside Youth, the Mass. Medical Society, and the Town of Framingham. •Several attempts to deface BCH website. •Massive influx of malware laden emails •Proactively shut down entire email system for ~24 hrs. to ensure no malware made it through filters •Re-emphasized to staff to not open suspicious mails/attachments •Attempts to compromise systems to potentially expose patient and confidential data, through brute-force attacks, SQL injections, buffer overflows, and the recent HeartBleed vulnerability.
Cyber Attack Response A CHIME Leadership Education and Development Forum in collaboration with iHT2 •Initial attack mitigated by network architecture and changes •Proactively shut down critical systems to reduce attack surface •Projected likely attack escalations and formulated real time response plan •Engaged outside security experts and law enforcement •DDOS attack flitering •Breach investigation services and penetration testing of our DMZ systems •Web application firewall protection of DMZ ePHI systems •Contingency plans developed to respond to extended Internet outage •Internal systems (EMR, ERP, etc) remain available while external services (ePrescribe, some Pharmacy apps, etc) not available. •External communication disruption – email, payers, portals, supply orders, … •Impact across most functions – Finance, Supply Chain, HR, Clinical, Research. •Staffed, and continue to staff, Intrusion Detection tools 24 by 7 to identify and block attacks
A CHIME Leadership Education and Development Forum in collaboration with iHT2 Cease Fire •About 1 week after high volume DDoS started, it abruptly declined, to a low trickle •Only gradually brought externally facing sites back online, after extensive 3rd party scanning and (re)penetration testing
What Did We Learn A CHIME Leadership Education and Development Forum in collaboration with iHT2 •DDoS is a real threat and countermeasures are critical! •Know what systems (or features within systems) depend on Internet access, and have contingency plans for those •Recognize importance of email, and need for alternate forms of communication •Challenging to defend an extended cyber attack with “peace time” staffing levels •Difficult to separating signal from noise - need a baseline to help detect escalation of cyber activities
Q & A Paul Scheib paul.scheib@childrens.harvard.edu A CHIME Leadership Education and Development Forum in collaboration with iHT2 Insert Twitter handle(s) here

Recommended

Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting David Sweigert
 
State of Internet 2H 2008
State of Internet 2H 2008State of Internet 2H 2008
State of Internet 2H 2008Kim Jensen
 
Web Attack Survival Guide
Web Attack Survival GuideWeb Attack Survival Guide
Web Attack Survival Guide- Mark - Fullbright
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To PrepareResilient Systems
 
Brooks18
Brooks18Brooks18
Brooks18Chuck Brooks
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
 

Recommended

Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting David Sweigert
 
State of Internet 2H 2008
State of Internet 2H 2008State of Internet 2H 2008
State of Internet 2H 2008Kim Jensen
 
Web Attack Survival Guide
Web Attack Survival GuideWeb Attack Survival Guide
Web Attack Survival Guide- Mark - Fullbright
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To PrepareResilient Systems
 
Brooks18
Brooks18Brooks18
Brooks18Chuck Brooks
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
 
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...Levi Shapiro
 
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...Health IT Conference – iHT2
 
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...Health IT Conference – iHT2
 
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyCyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyJames Mulhern
 
CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...
CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...
CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...Health IT Conference – iHT2
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015Health IT Conference – iHT2
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingJoe Nathans
 
HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...
HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...
HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...Matthew J McMahon
 
CHIME LEAD San Francisco 2015 - Opening Keynote "What is Cyber Security and W...
CHIME LEAD San Francisco 2015 - Opening Keynote "What is Cyber Security and W...CHIME LEAD San Francisco 2015 - Opening Keynote "What is Cyber Security and W...
CHIME LEAD San Francisco 2015 - Opening Keynote "What is Cyber Security and W...Health IT Conference – iHT2
 
Webinar: Cybersecurity and the New Age of Hackers
Webinar: Cybersecurity and the New Age of HackersWebinar: Cybersecurity and the New Age of Hackers
Webinar: Cybersecurity and the New Age of HackersModern Healthcare
 
Cyber Response and Planning for SMBs
Cyber Response and Planning for SMBsCyber Response and Planning for SMBs
Cyber Response and Planning for SMBsMary Brophy
 
Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04kevin_donovan
 
2020 09-01 disclosure
2020 09-01 disclosure2020 09-01 disclosure
2020 09-01 disclosureSara-Jayne Terp
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead ForumHealth IT Conference – iHT2
 
Learning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global PandemicLearning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global PandemicTyrone Grandison
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersSarah K Miller
 
SoCal HIMSS Privacy Security Webinar
SoCal HIMSS Privacy Security WebinarSoCal HIMSS Privacy Security Webinar
SoCal HIMSS Privacy Security WebinarMarty Miller
 
No Money, No Problem - A Scalable Approach to Social Media Monitoring
No Money, No Problem - A Scalable Approach to Social Media MonitoringNo Money, No Problem - A Scalable Approach to Social Media Monitoring
No Money, No Problem - A Scalable Approach to Social Media MonitoringTamer Hadi
 
Kaseya Kaspersky Breaches
Kaseya Kaspersky BreachesKaseya Kaspersky Breaches
Kaseya Kaspersky BreachesKaseya
 
Social media risks and controls
Social media risks and controlsSocial media risks and controls
Social media risks and controlsMarc Vael
 
2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT SummitHealth IT Conference – iHT2
 
2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT SummitHealth IT Conference – iHT2
 

More Related Content

Similar to CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital

mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...Levi Shapiro
 
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...Health IT Conference – iHT2
 
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...Health IT Conference – iHT2
 
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyCyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyJames Mulhern
 
CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...
CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...
CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...Health IT Conference – iHT2
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingJoe Nathans
 
HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...
HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...
HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...Matthew J McMahon
 
CHIME LEAD San Francisco 2015 - Opening Keynote "What is Cyber Security and W...
CHIME LEAD San Francisco 2015 - Opening Keynote "What is Cyber Security and W...CHIME LEAD San Francisco 2015 - Opening Keynote "What is Cyber Security and W...
CHIME LEAD San Francisco 2015 - Opening Keynote "What is Cyber Security and W...Health IT Conference – iHT2
 
Webinar: Cybersecurity and the New Age of Hackers
Webinar: Cybersecurity and the New Age of HackersWebinar: Cybersecurity and the New Age of Hackers
Webinar: Cybersecurity and the New Age of HackersModern Healthcare
 
Cyber Response and Planning for SMBs
Cyber Response and Planning for SMBsCyber Response and Planning for SMBs
Cyber Response and Planning for SMBsMary Brophy
 
Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04kevin_donovan
 
Learning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global PandemicLearning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global PandemicTyrone Grandison
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersSarah K Miller
 
SoCal HIMSS Privacy Security Webinar
SoCal HIMSS Privacy Security WebinarSoCal HIMSS Privacy Security Webinar
SoCal HIMSS Privacy Security WebinarMarty Miller
 
No Money, No Problem - A Scalable Approach to Social Media Monitoring
No Money, No Problem - A Scalable Approach to Social Media MonitoringNo Money, No Problem - A Scalable Approach to Social Media Monitoring
No Money, No Problem - A Scalable Approach to Social Media MonitoringTamer Hadi
 
Kaseya Kaspersky Breaches
Kaseya Kaspersky BreachesKaseya Kaspersky Breaches
Kaseya Kaspersky BreachesKaseya
 
Social media risks and controls
Social media risks and controlsSocial media risks and controls
Social media risks and controlsMarc Vael
 

Similar to CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital (20)

mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
 
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...
 
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...
 
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyCyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
 
CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...
CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...
CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive Briefing
 
HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...
HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...
HCA 530, Week 2, Introduction to cyber threats and opportunities online cours...
 
CHIME LEAD San Francisco 2015 - Opening Keynote "What is Cyber Security and W...
CHIME LEAD San Francisco 2015 - Opening Keynote "What is Cyber Security and W...CHIME LEAD San Francisco 2015 - Opening Keynote "What is Cyber Security and W...
CHIME LEAD San Francisco 2015 - Opening Keynote "What is Cyber Security and W...
 
Webinar: Cybersecurity and the New Age of Hackers
Webinar: Cybersecurity and the New Age of HackersWebinar: Cybersecurity and the New Age of Hackers
Webinar: Cybersecurity and the New Age of Hackers
 
Cyber Response and Planning for SMBs
Cyber Response and Planning for SMBsCyber Response and Planning for SMBs
Cyber Response and Planning for SMBs
 
Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04
 
2020 09-01 disclosure
2020 09-01 disclosure2020 09-01 disclosure
2020 09-01 disclosure
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
Learning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global PandemicLearning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global Pandemic
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency Managers
 
SoCal HIMSS Privacy Security Webinar
SoCal HIMSS Privacy Security WebinarSoCal HIMSS Privacy Security Webinar
SoCal HIMSS Privacy Security Webinar
 
No Money, No Problem - A Scalable Approach to Social Media Monitoring
No Money, No Problem - A Scalable Approach to Social Media MonitoringNo Money, No Problem - A Scalable Approach to Social Media Monitoring
No Money, No Problem - A Scalable Approach to Social Media Monitoring
 
Kaseya Kaspersky Breaches
Kaseya Kaspersky BreachesKaseya Kaspersky Breaches
Kaseya Kaspersky Breaches
 
Social media risks and controls
Social media risks and controlsSocial media risks and controls
Social media risks and controls
 

More from Health IT Conference – iHT2

Welcome and Opening Remarks - 2015 iHT2 Beverly Hills
Welcome and Opening Remarks - 2015 iHT2 Beverly HillsWelcome and Opening Remarks - 2015 iHT2 Beverly Hills
Welcome and Opening Remarks - 2015 iHT2 Beverly HillsHealth IT Conference – iHT2
 

More from Health IT Conference – iHT2 (20)

2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit
 
2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
 
2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum
 
2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum
 
2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit 2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
 
iHT2 Health IT Beverly Hills Summit - 2015
iHT2 Health IT Beverly Hills Summit - 2015iHT2 Health IT Beverly Hills Summit - 2015
iHT2 Health IT Beverly Hills Summit - 2015
 
Welcome and Opening Remarks - 2015 iHT2 Beverly Hills
Welcome and Opening Remarks - 2015 iHT2 Beverly HillsWelcome and Opening Remarks - 2015 iHT2 Beverly Hills
Welcome and Opening Remarks - 2015 iHT2 Beverly Hills
 

Recently uploaded

“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 

Recently uploaded (20)

“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 

CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital

  • 1. A CHIME Leadership Education and Development Forum in collaboration with iHT2 Creating an Effective Cyber Security Strategy ________ Key Attributes for Success, Challenges and Critical Success Factors Paul Scheib Senior Director Information Services & CISO Boston Children’s Hospital #LEAD14
  • 2. Case Study: When Hacktivists Attack Your Hospital A CHIME Leadership Education and Development Forum in collaboration with iHT2 The Cyber Threat Under attack Our response Lessons Learned
  • 3. Who is Boston Children’s Hospital A CHIME Leadership Education and Development Forum in collaboration with iHT2 •Regional medical center in Eastern Massachusetts with 13 satellite locations - 395 bed pediatric teaching hospital, affiliate of Harvard Medical School •Approximately 25,000 inpatient admissions each year and 200+ specialized clinical programs schedule 557,000 visits annually •One of the top rated pediatric institutions in the world (US News & World Report), World's largest research enterprise based at a pediatric hospital •Over 8000 staff and ~14,000 users •Diverse user community •Full-time employees and Foundation physicians •Residents, fellows, researchers and rotational staff
  • 4. A Real Threat A CHIME Leadership Education and Development Forum in collaboration with iHT2 •March 20, 2014 – notified by external cyber intelligence group about Twitter/ Pastebin posting by Anonymous, threatening attack - result of highly publicized child custody case •“d0x” of staff and presiding judge posted •“Details” of BCH external web site posted
  • 5. Who is Anonymous? A CHIME Leadership Education and Development Forum in collaboration with iHT2 •Anonymous is a loosely associated international network of activist and hacktivists •Resume includes attacks on Bank of America, Sony, Boston Police, CIA and Sarah Palin. •Weapons of choice are Distributed Denial of Service, web site defacing, & exposing confidential information. •Seeks publicity to rally their followers •Posted YouTube videos threatening Boston Children’s Hospital
  • 6. Was This the Real “Anonymous”? A CHIME Leadership Education and Development Forum in collaboration with iHT2 •Convened Hospital’s general Incident Response Team •Inventoried potentially impacted applications •Began forming contingency plans - focused on potential of loosing or cutting ourselves off from Internet •Message to entire organization emphasizing vigilance, email security best practices •Contacted law enforcement •Redoubled our security efforts and prepared for possible hacking attempts Not hard to get details they posted Not hard to post a video on YouTube Should we take this seriously or is it a hoax?
  • 7. The Cyber Attack A CHIME Leadership Education and Development Forum in collaboration with iHT2 •About 3 weeks later... low volume DDoS attack starts •Mitigated by network changes •Cat and mouse – we address attack, they change tactic/increase volume •1 week later, Easter/Patriot’ Day weekend (Boston Marathon bombing 1 year anniversary) •Massive uptick in DDoS volume •Engaged 3rd party vendor’s Emergency Services and within 8 hours began blocking DDOS attack
  • 8. Internet Traffic During DDoS Attack A CHIME Leadership Education and Development Forum in collaboration with iHT2
  • 9. The Cyber Attack Evolves A CHIME Leadership Education and Development Forum in collaboration with iHT2 •Direct attacks on exposed ports, web sites •Proactively took down virtually all externally facing sites: research, philanthropy, patient and provider portals, etc… •Massive influx of malware laden emails •Proactively shut down entire email system for ~24 hrs •Re-emphasized to staff to not open suspicious mails/attachments •Ensured no malware made it through filters
  • 10. What did we experience? A CHIME Leadership Education and Development Forum in collaboration with iHT2 •DDOS attack created short periods of web site outage. •Attack reached 27 Gbps aimed at a 10Gbps connection. Congestion affected Harvard’s ISP. •Additional attacks took down web sites of NStar, Wayside Youth, the Mass. Medical Society, and the Town of Framingham. •Several attempts to deface BCH website. •Massive influx of malware laden emails •Proactively shut down entire email system for ~24 hrs. to ensure no malware made it through filters •Re-emphasized to staff to not open suspicious mails/attachments •Attempts to compromise systems to potentially expose patient and confidential data, through brute-force attacks, SQL injections, buffer overflows, and the recent HeartBleed vulnerability.
  • 11. Cyber Attack Response A CHIME Leadership Education and Development Forum in collaboration with iHT2 •Initial attack mitigated by network architecture and changes •Proactively shut down critical systems to reduce attack surface •Projected likely attack escalations and formulated real time response plan •Engaged outside security experts and law enforcement •DDOS attack flitering •Breach investigation services and penetration testing of our DMZ systems •Web application firewall protection of DMZ ePHI systems •Contingency plans developed to respond to extended Internet outage •Internal systems (EMR, ERP, etc) remain available while external services (ePrescribe, some Pharmacy apps, etc) not available. •External communication disruption – email, payers, portals, supply orders, … •Impact across most functions – Finance, Supply Chain, HR, Clinical, Research. •Staffed, and continue to staff, Intrusion Detection tools 24 by 7 to identify and block attacks
  • 12. A CHIME Leadership Education and Development Forum in collaboration with iHT2 Cease Fire •About 1 week after high volume DDoS started, it abruptly declined, to a low trickle •Only gradually brought externally facing sites back online, after extensive 3rd party scanning and (re)penetration testing
  • 13. What Did We Learn A CHIME Leadership Education and Development Forum in collaboration with iHT2 •DDoS is a real threat and countermeasures are critical! •Know what systems (or features within systems) depend on Internet access, and have contingency plans for those •Recognize importance of email, and need for alternate forms of communication •Challenging to defend an extended cyber attack with “peace time” staffing levels •Difficult to separating signal from noise - need a baseline to help detect escalation of cyber activities
  • 14. Q & A Paul Scheib paul.scheib@childrens.harvard.edu A CHIME Leadership Education and Development Forum in collaboration with iHT2 Insert Twitter handle(s) here