Page 1
WEBINAR WELCOME!Cybersecurity and the New Age of Hackers
Gary Barnes CIO
Medical Center Health System Odessa, Texas
Dr. John HalamkaCIO, Beth Israel Deaconess
Medical Center, BostonVice chair, federal Health Information Technology Standards Committee
Joseph Conn Reporter Modern
Healthcare
During today’s discussion, feel free to submit questions at any time by using the questions box.
A follow-up e-mail will be sent to all attendees with links to the presentation materials online.
Lillian AblonResearcher in cybersecurity
and computer network operations
RAND Corp. Santa Monica, Calif.
Panelists:
Page 2
WEBINAR HOUSEKEEPING
Page 3
WEBINAR
NOW SPEAKING
Cybersecurity and the New Age of Hackers
Please use the questions box on your webinar dashboard to submit questions to our moderator
Joseph Conn Reporter
Modern Healthcare
Page 4
WEBINAR
NOW SPEAKING
Cybersecurity and the New Age of Hackers
Please use the questions box on your webinar dashboard to submit questions to our moderator
Lillian AblonResearcher in cybersecurity and
computer network operations RAND Corp.
Santa Monica, Calif.
Page 5
A Cyber Overview:black markets, threat actors, and our increasingly digital landscape
Lillian Ablon
[email protected] @LilyAblon
Page 7
Data often appears within Data often appears within Data often appears within Data often appears within
days on black market sitesdays on black market sitesdays on black market sitesdays on black market sites
Page 8
Ablon - 4
• How do cyber thievesget the tools to stealthe data?
• What happens to thedata after it’s stolen?
• What do the marketslook like?
• How mature are thesemarkets?
Report available at: http://www.rand.org/pubs/research_reports/RR610.html
Page 9
Ablon - 5
• Growing and maturing• Increasingly sophisticated• Resilient and adaptive• Easy for buyers to get involved in
The markets for cybercrime are:
Image Credit: Juniper Networks
Report available at:
http://www.rand.org/pubs/research_reports/RR610.html
Page 10
Ablon - 6
There are different types of cyber threat actors, each motivated by different things
Icons by The Noun Project: Money by Joe Mortelli; Protest by Jakob Vogel; Globe by Tyrus; Cyberterror by Luis Prado, via CC 2.0.
Hacktivists State-Sponsored CyberterroristsCybercriminals
Page 11
Ablon - 7
Icons by The Noun Project: Money by Joe Mortelli; Globe by Tyrus
State-Sponsored
Cybercriminals
What can cyber actors do with our stolen health data?
Page 12
Ablon - 8
Icons by The Noun Project: Money by Joe Mortelli; Globe by Tyrus
State-Sponsored
Cybercriminals
• Medical records on the black markets can be worth up to $50
• Harvest email addresses and contact list to conduct phishing attacks
• Exploit password re-use • Commit identity theft, tax or medical fraud• Resell prescription medication
• Build profiles of possible targets for follow-on surveillance, reconnaissance, and intelligence campaigns
• Use data for corporate extortion to blackmail companies who are responsible for data protection
What can cyber actors do with our stolen health data?
Page 13
Ablon - 9
Our worlds are digital
Page 14
Ablon - 10
How can we protect ourselves?
Page 15
Reconsider convenience
Employ multifactor authentication, encryption, password best practices
Be vigilant of newly connected devices and the “Internet of Things”
Invest in security from the start
Page 16
Ablon - 12
Lillian Ablon
[email protected] @LilyAblon
Page 18
WEBINAR
NOW SPEAKING
Cybersecurity and the New Age of Hackers
Please use the questions box on your webinar dashboard to submit questions to our moderator
Gary BarnesCIO
Medical Center Health SystemOdessa, Texas
Page 19
Why do we have that information on the Internet?
Page 20
� Who is Responsible for Protecting Your Organization
against Cyber Attacks?
� Have you had a Full Security Audit for Your Organization?
And not just a HIPAA Audit!
� Your Organization has to Offense, not Defense!
� Daily Huddle to discuss issues, including Malware
Response Reports
Page 21
Reasons to be Concerned
• Private or sensitive data exposed
• Denial of service attacks
• Financial losses
• Customer records compromised or stolen
• Your Organizations Reputation can be effected
Page 22
Cyber Security Life Cycle Yearly
Page 23
� External Access – Organization and Contractors
� Blocking and Thwarting Workstation Infections
� Safeguarding External Facing Servers� Safeguarding Internal Servers� Keeping the Workstation Clean� Staying Compliant
Knowledge Sharing
Page 24
VPN and NAT Access Validated Yearly
• Good time to Check BAA (Business AssociateAgreements) current and up-to-date
• Close access to/from outside entities that no longerhave an association
• Catch any NAT'ed resources that are no longer used
External Access – Org to Org
Page 25
• Block Dangerous World Region traffic from coming in or going out - Russia, China
– Both on Firewall and Email systems
– Outgoing is important to block - keeps already infected devices from contacting Master Controllers in those regions
• DNS Firewall
– Keeps devices from going to malware websites or clicking on malicious links
– Preventing infections from happening
– Disrupting infected clients ability to communicate with Master Controllers
Blocking and Thwarting Workstation Infections
Page 26
Safeguarding Externally Facing Servers
• Incorporate regular external vulnerability scans into security routine
• Stay on top of new vulnerabilities - POODLE, ShellShock
• Regularly scan for new devices in external ranges� Teams sometimes implement new devices without
following procedures
Page 27
• Keeping workstations clean!� Patch all software (3rd Party) as well as OS
o Cyber-attacks are going after software thatusually remains unpatched - Adobe, Java
� Manage and monitor for patch/antivirus compliance
� Put mechanism in place to push emergency patches/fixes out quickly
Keeping Workstations Clean!
Page 28
Safeguarding Internal Devices
Why it’s important!
• Internal Cyber-Attacks are increasing!� Running regular internal vulnerability scans
should be as robust as external vulnerabilityscans
• Put procedures in place to build hardened secure servers
• Tune IPS alerts as tightly as possible� Send real-time alerts� Feel for what is going on in environment
Page 29
Cyber Security Life Cycle Yearly
Page 30
WEBINAR
NOW SPEAKING
Cybersecurity and the New Age of Hackers
Please use the questions box on your webinar dashboard to submit questions to our moderator
Dr. John HalamkaCIO, Beth Israel Deaconess
Medical Center, BostonVice chair, federal Health Information Technology
Standards Committee
Page 31
Security UpdateMarch 2015
Page 32
Major National Incidents
• Community Health Systems, Anthem, JP Morgan,Home Depot, Target
• Vulnerabilities include Heartbleed, Shellshock,Poodle
• In a world of healthcare mergers and acquisitions,you are as vulnerable as your weakest link
Page 33
BIDMC Incidents
• 2012 stolen laptop/attorney general consent judgement
• 2013 infected radiology workstation/OCR investigation
• Our own social engineering efforts
Page 35
Evolving technologies
• Malware detection
• Analytics - Security Incident and Event Management (SIEM)
• Consumer technologies - strong encryption built into endpoints
• Ricoh’s healthcare camera
• Secure texting applications
Page 36
Building Maturity• The attacks are increasing in number and
sophistication
• People, Process and Technologies must be addressedin combination
• Education is key
• Budgets and staff must be increased
• Healthcare is behind but enforcement is motivatingBoards to prioritize security
Page 37
WEBINAR
TODAY’S PANELISTS
Cybersecurity and the New Age of Hackers
During today’s discussion, feel free to submit questions at any time by using the questions box
Gary Barnes CIO
Medical Center Health System Odessa, Texas
Dr. John HalamkaCIO, Beth Israel Deaconess
Medical Center, BostonVice chair, federal Health Information Technology Standards Committee
Joseph Conn Reporter Modern
Healthcare
Lillian AblonResearcher in cybersecurity
and computer network operations
RAND Corp. Santa Monica, Calif.
Page 38
Expect a follow-up email within two weeks with links to presentation materials and information about how to offer feedback.
For more information about upcoming webinars, please visit ModernHealthcare.com/webinars
WEBINAR THANK YOU FOR ATTENDINGCybersecurity and the New Age of HackersThanks also to our panelists:
Gary Barnes CIO
Medical Center Health System Odessa, Texas
Dr. John HalamkaCIO, Beth Israel Deaconess
Medical Center, BostonVice chair, federal Health Information Technology Standards Committee
Joseph Conn Reporter Modern
Healthcare
Lillian AblonResearcher in cybersecurity
and computer network operations
RAND Corp. Santa Monica, Calif.