Successfully reported this slideshow.
Your SlideShare is downloading. ×

What You Need to Learn from the HHS Wall of Breaches - 31st Annual FISSEA Conference - NIST

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad

Check these out next

1 of 43 Ad

More Related Content

Similar to What You Need to Learn from the HHS Wall of Breaches - 31st Annual FISSEA Conference - NIST (20)

Advertisement

Recently uploaded (20)

What You Need to Learn from the HHS Wall of Breaches - 31st Annual FISSEA Conference - NIST

  1. 1. What You Need to Learn from the HHS Wall of Breaches 31st Annual FISSEA Conference NIST - Gaithersburg, MD 15 March 2018
  2. 2. Founder CEO, Paubox, Inc. 19 years’ experience – Email Security & Encryption Phishing/Fishing expert =) Hoala Greevy
  3. 3. Rare Source of Public Data An American Mirror of Hacking Activity Why is this Important to Me?
  4. 4. U.S. Dept of Health and Human Services (HHS) Largest Org in Federal Government • $1.1T budget, 80K staff Office of Civil Rights (OCR) HHS.gov
  5. 5. Health Insurance Portability and Accountability Act Federal Legislation Data privacy and security to safeguard medical information HIPAA relies on NIST standards HIPAA
  6. 6. Anything that identifies a patient AND Is used during the course of their care Protected Health Information (PHI)
  7. 7. HIPAA Breach Notification Rule “Impermissible use or disclosure of protected health information is presumed to be a breach..” Source: https://www.hhs.gov/hipaa/for- professionals/breach-notification/index.html What is a HIPAA Breach?
  8. 8. HHS Hall of Shame If a Breach affects 500 or more individuals, a breach report must be filed within 60 days to HHS. This is known as.... The Wall Of Shame https://ocrportal.hhs.gov/ocr/breach/breach_rep ort.jsf
  9. 9. Hacking/IT Incident Improper Disposal Loss Theft Unauthorized Access/Disclosure Breach Types
  10. 10. Desktop Computer Electronic Medical Record (EMR) Email Laptop Network Server Other Other Portable Electronic Device Paper/Films Breach Locations
  11. 11. 294 Breaches 46 States 4,721,844 Individuals Affected HIPAA Breaches at a Glance: 2017
  12. 12. Individuals Incidents HIPAA Breaches by Month
  13. 13. Big Breach in March • 1.3M Individuals (28%) Summer Sizzle • Jun – Aug, 2M Individuals (43%) Takeaways: Breaches by Month
  14. 14. Individuals Incidents HIPAA Breaches by Type
  15. 15. Hacking/IT Incidents #1 • 3.3M Individuals (71%) • 132 Incidents (45%) Takeaways: Breaches by Type
  16. 16. Individuals Incidents HIPAA Breaches by Location
  17. 17. Network Server #1 (Individuals) • 2.3M Individuals (49%) Network Server & Email #1 (Incidents) • 68 & 67 Incidents respectively • 46% combined total Takeaways: Breaches by Location
  18. 18. Individuals Incidents Averages per State HIPAA Breaches by State
  19. 19. Outliers: Kentucky and Michigan • 1.4M Individuals (29%) Incident Leaders: • CA, TX, NY, FL Takeaways: Breaches by State
  20. 20. Individuals Affected Type Location Top 10 HIPAA Breaches
  21. 21. Hacking/IT Incidents Dominate • 9 out of 10 Types Network Server also Dominates • 9 out of 10 Locations Takeaways: Top 10 Breaches
  22. 22. Putting Things Together
  23. 23. Overall Takeaways Network Server & Email • Most common Attack Vectors • 46% of all HIPAA Breach Incidents
  24. 24. Overall Takeaways Hacking/IT Incidents • Clearly outranks Loss, Theft, & Improper Disposal • 3.3M Individuals breached (71%) • 132 Incidents (45%)
  25. 25. Overall Takeaways Top 10 Breaches Sum Things Up • 9 out of 10 by Hacking • 9 out of 10 via Network Server vector
  26. 26. Mahalo! Hoala Greevy @hoalagreevy www.paubox.com @pauboxhq

×