Top Banner
WEBINAR WELCOME! Cybersecurity and the New Age of Hackers Gary Barnes CIO Medical Center Health System Odessa, Texas Dr. John Halamka CIO, Beth Israel Deaconess Medical Center, Boston Vice chair, federal Health Information Technology Standards Committee Joseph Conn Reporter Modern Healthcare During today’s discussion, feel free to submit questions at any time by using the questions box. A follow-up e-mail will be sent to all attendees with links to the presentation materials online. Lillian Ablon Researcher in cybersecurity and computer network operations RAND Corp. Santa Monica, Calif. Panelists:
38
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Webinar: Cybersecurity and the New Age of Hackers

WEBINAR WELCOME!Cybersecurity and the New Age of Hackers

Gary Barnes CIO

Medical Center Health System Odessa, Texas

Dr. John HalamkaCIO, Beth Israel Deaconess

Medical Center, BostonVice chair, federal Health Information Technology Standards Committee

Joseph Conn Reporter Modern

Healthcare

During today’s discussion, feel free to submit questions at any time by using the questions box.

A follow-up e-mail will be sent to all attendees with links to the presentation materials online.

Lillian AblonResearcher in cybersecurity

and computer network operations

RAND Corp. Santa Monica, Calif.

Panelists:

Page 2: Webinar: Cybersecurity and the New Age of Hackers

WEBINAR HOUSEKEEPING

Page 3: Webinar: Cybersecurity and the New Age of Hackers

WEBINAR

NOW SPEAKING

Cybersecurity and the New Age of Hackers

Please use the questions box on your webinar dashboard to submit questions to our moderator

Joseph Conn Reporter

Modern Healthcare

Page 4: Webinar: Cybersecurity and the New Age of Hackers

WEBINAR

NOW SPEAKING

Cybersecurity and the New Age of Hackers

Please use the questions box on your webinar dashboard to submit questions to our moderator

Lillian AblonResearcher in cybersecurity and

computer network operations RAND Corp.

Santa Monica, Calif.

Page 5: Webinar: Cybersecurity and the New Age of Hackers

A Cyber Overview:black markets, threat actors, and our increasingly digital landscape

Lillian Ablon

[email protected]@LilyAblon

Page 6: Webinar: Cybersecurity and the New Age of Hackers
Page 7: Webinar: Cybersecurity and the New Age of Hackers

Data often appears within Data often appears within Data often appears within Data often appears within

days on black market sitesdays on black market sitesdays on black market sitesdays on black market sites

Page 8: Webinar: Cybersecurity and the New Age of Hackers

Ablon - 4

• How do cyber thievesget the tools to stealthe data?

• What happens to thedata after it’s stolen?

• What do the marketslook like?

• How mature are thesemarkets?

Report available at: http://www.rand.org/pubs/research_reports/RR610.html

Page 9: Webinar: Cybersecurity and the New Age of Hackers

Ablon - 5

• Growing and maturing• Increasingly sophisticated• Resilient and adaptive• Easy for buyers to get involved in

The markets for cybercrime are:

Image Credit: Juniper Networks

Report available at:

http://www.rand.org/pubs/research_reports/RR610.html

Page 10: Webinar: Cybersecurity and the New Age of Hackers

Ablon - 6

There are different types of cyber threat actors, each motivated by different things

Icons by The Noun Project: Money by Joe Mortelli; Protest by Jakob Vogel; Globe by Tyrus; Cyberterror by Luis Prado, via CC 2.0.

Hacktivists State-Sponsored CyberterroristsCybercriminals

Page 11: Webinar: Cybersecurity and the New Age of Hackers

Ablon - 7

Icons by The Noun Project: Money by Joe Mortelli; Globe by Tyrus

State-Sponsored

Cybercriminals

What can cyber actors do with our stolen health data?

Page 12: Webinar: Cybersecurity and the New Age of Hackers

Ablon - 8

Icons by The Noun Project: Money by Joe Mortelli; Globe by Tyrus

State-Sponsored

Cybercriminals

• Medical records on the black markets can be worth up to $50

• Harvest email addresses and contact list to conduct phishing attacks

• Exploit password re-use • Commit identity theft, tax or medical fraud• Resell prescription medication

• Build profiles of possible targets for follow-on surveillance, reconnaissance, and intelligence campaigns

• Use data for corporate extortion to blackmail companies who are responsible for data protection

What can cyber actors do with our stolen health data?

Page 13: Webinar: Cybersecurity and the New Age of Hackers

Ablon - 9

Our worlds are digital

Page 14: Webinar: Cybersecurity and the New Age of Hackers

Ablon - 10

How can we protect ourselves?

Page 15: Webinar: Cybersecurity and the New Age of Hackers

Reconsider convenience

Employ multifactor authentication, encryption, password best practices

Be vigilant of newly connected devices and the “Internet of Things”

Invest in security from the start

Page 16: Webinar: Cybersecurity and the New Age of Hackers

Ablon - 12

Lillian Ablon

[email protected]@LilyAblon

Page 17: Webinar: Cybersecurity and the New Age of Hackers
Page 18: Webinar: Cybersecurity and the New Age of Hackers

WEBINAR

NOW SPEAKING

Cybersecurity and the New Age of Hackers

Please use the questions box on your webinar dashboard to submit questions to our moderator

Gary BarnesCIO

Medical Center Health SystemOdessa, Texas

Page 19: Webinar: Cybersecurity and the New Age of Hackers

Why do we have that information on the Internet?

Page 20: Webinar: Cybersecurity and the New Age of Hackers

� Who is Responsible for Protecting Your Organization

against Cyber Attacks?

� Have you had a Full Security Audit for Your Organization?

And not just a HIPAA Audit!

� Your Organization has to Offense, not Defense!

� Daily Huddle to discuss issues, including Malware

Response Reports

Page 21: Webinar: Cybersecurity and the New Age of Hackers

Reasons to be Concerned

• Private or sensitive data exposed

• Denial of service attacks

• Financial losses

• Customer records compromised or stolen

• Your Organizations Reputation can be effected

Page 22: Webinar: Cybersecurity and the New Age of Hackers

Cyber Security Life Cycle Yearly

Page 23: Webinar: Cybersecurity and the New Age of Hackers

� External Access – Organization and Contractors

� Blocking and Thwarting Workstation Infections

� Safeguarding External Facing Servers� Safeguarding Internal Servers� Keeping the Workstation Clean� Staying Compliant

Knowledge Sharing

Page 24: Webinar: Cybersecurity and the New Age of Hackers

VPN and NAT Access Validated Yearly

• Good time to Check BAA (Business AssociateAgreements) current and up-to-date

• Close access to/from outside entities that no longerhave an association

• Catch any NAT'ed resources that are no longer used

External Access – Org to Org

Page 25: Webinar: Cybersecurity and the New Age of Hackers

• Block Dangerous World Region traffic from coming in or going out - Russia, China

– Both on Firewall and Email systems

– Outgoing is important to block - keeps already infected devices from contacting Master Controllers in those regions

• DNS Firewall

– Keeps devices from going to malware websites or clicking on malicious links

– Preventing infections from happening

– Disrupting infected clients ability to communicate with Master Controllers

Blocking and Thwarting Workstation Infections

Page 26: Webinar: Cybersecurity and the New Age of Hackers

Safeguarding Externally Facing Servers

• Incorporate regular external vulnerability scans into security routine

• Stay on top of new vulnerabilities - POODLE, ShellShock

• Regularly scan for new devices in external ranges� Teams sometimes implement new devices without

following procedures

Page 27: Webinar: Cybersecurity and the New Age of Hackers

• Keeping workstations clean!� Patch all software (3rd Party) as well as OS

o Cyber-attacks are going after software thatusually remains unpatched - Adobe, Java

� Manage and monitor for patch/antivirus compliance

� Put mechanism in place to push emergency patches/fixes out quickly

Keeping Workstations Clean!

Page 28: Webinar: Cybersecurity and the New Age of Hackers

Safeguarding Internal Devices

Why it’s important!

• Internal Cyber-Attacks are increasing!� Running regular internal vulnerability scans

should be as robust as external vulnerabilityscans

• Put procedures in place to build hardened secure servers

• Tune IPS alerts as tightly as possible� Send real-time alerts� Feel for what is going on in environment

Page 29: Webinar: Cybersecurity and the New Age of Hackers

Cyber Security Life Cycle Yearly

Page 30: Webinar: Cybersecurity and the New Age of Hackers

WEBINAR

NOW SPEAKING

Cybersecurity and the New Age of Hackers

Please use the questions box on your webinar dashboard to submit questions to our moderator

Dr. John HalamkaCIO, Beth Israel Deaconess

Medical Center, BostonVice chair, federal Health Information Technology

Standards Committee

Page 31: Webinar: Cybersecurity and the New Age of Hackers

Security UpdateMarch 2015

Page 32: Webinar: Cybersecurity and the New Age of Hackers

Major National Incidents

• Community Health Systems, Anthem, JP Morgan,Home Depot, Target

• Vulnerabilities include Heartbleed, Shellshock,Poodle

• In a world of healthcare mergers and acquisitions,you are as vulnerable as your weakest link

Page 33: Webinar: Cybersecurity and the New Age of Hackers

BIDMC Incidents

• 2012 stolen laptop/attorney general consent judgement

• 2013 infected radiology workstation/OCR investigation

• Our own social engineering efforts

Page 34: Webinar: Cybersecurity and the New Age of Hackers

14 Workstreams

Page 35: Webinar: Cybersecurity and the New Age of Hackers

Evolving technologies

• Malware detection

• Analytics - Security Incident and Event Management (SIEM)

• Consumer technologies - strong encryption built into endpoints

• Ricoh’s healthcare camera

• Secure texting applications

Page 36: Webinar: Cybersecurity and the New Age of Hackers

Building Maturity• The attacks are increasing in number and

sophistication

• People, Process and Technologies must be addressedin combination

• Education is key

• Budgets and staff must be increased

• Healthcare is behind but enforcement is motivatingBoards to prioritize security

Page 37: Webinar: Cybersecurity and the New Age of Hackers

WEBINAR

TODAY’S PANELISTS

Cybersecurity and the New Age of Hackers

During today’s discussion, feel free to submit questions at any time by using the questions box

Gary Barnes CIO

Medical Center Health System Odessa, Texas

Dr. John HalamkaCIO, Beth Israel Deaconess

Medical Center, BostonVice chair, federal Health Information Technology Standards Committee

Joseph Conn Reporter Modern

Healthcare

Lillian AblonResearcher in cybersecurity

and computer network operations

RAND Corp. Santa Monica, Calif.

Page 38: Webinar: Cybersecurity and the New Age of Hackers

Expect a follow-up email within two weeks with links to presentation materials and information about how to offer feedback.

For more information about upcoming webinars, please visit ModernHealthcare.com/webinars

WEBINAR THANK YOU FOR ATTENDINGCybersecurity and the New Age of HackersThanks also to our panelists:

Gary Barnes CIO

Medical Center Health System Odessa, Texas

Dr. John HalamkaCIO, Beth Israel Deaconess

Medical Center, BostonVice chair, federal Health Information Technology Standards Committee

Joseph Conn Reporter Modern

Healthcare

Lillian AblonResearcher in cybersecurity

and computer network operations

RAND Corp. Santa Monica, Calif.