Anatomy of a Data Breach - TXC – Intranet...Anatomy of a Data Breach Juan Gonzalez, CIO Emergence...
Transcript of Anatomy of a Data Breach - TXC – Intranet...Anatomy of a Data Breach Juan Gonzalez, CIO Emergence...
Anatomy of a Data BreachJuan Gonzalez, CIOEmergence Health Network
DISCLAIMER: EDUCATIONAL ONLY
THIS TRAINING IS PROVIDED FOR GENERAL INFORMATION AND
EDUCATIONAL PURPOSES ONLY. IT DOES NOT CONSTITUTE
TECHNICAL ADVICE OR OPINIONS. THE INFORMATION IS NOT
INTENDED TO CREATE, AND THE RECEIPT DOES NOT CONSTITUTE, A CONSULTATIVE RELATIONSHIP BETWEEN SPEAKER AND THE
AUDIENCE. FOR TECHNICAL ASSISTANCE, SEEK ADVICE FROM A IT
CONSULTANT. FOR LEGAL ADVICE, YOU SHOULD CONSULT AN
ATTORNEY.
Breached! What Happened? Forensic Impact Before/After
Breach Sustainability
Breached! What Happened? Forensic Impact Before/After
Breach Sustainability
• 8/14/2015 – HHSC detects unusual activity
• SSH login activity originating from Vietnam
• How? PTP-T1 used for CARE and BMOW
• Breached FTP server
• Took server offline; preserve the environment
• Internal investigation revealed
• Conclusive evidence of breach
• Connections established lasted only seconds
• Insufficient evidence to establish loss/transfer of PHI
Breached! What Happened? Forensic Impact Before/After
Breach Sustainability
• Forensic investigation – Incident Response Analysis
• Original date of compromise – September 11, 2012• Originated from Madison, New Jersey
• Rootkit exploiting OS vulnerabilities; insufficient patch management
• Server used as Internet proxy for porn
• Multiple users
• Analysis Conclusion
• “Compromised data was not added, modified, deleted or exfiltrated from the SFTP server…” – Altep Incident Response Analysis, 10/1/2015
Breached! What Happened? Forensic Impact Before/After
Breach Sustainability
• Records• 11,197 records compromised
• Financial• Direct impact $50,000
• (2) Firewalls, Forensic Investigation, notifications, data validation
• Potential impact *$3.974,935 ($355/record) *Ponemon Institute 2015
• $380 in 2017
• Reputation• Over 11,000 letters mailed to consumers
• Fielded hundreds of calls (setup special 800 number)
• Press Release
Breached! What Happened? Forensic Impact Before/After
Breach Sustainability
• Reputation
• Local and regional media outlets
• Notified
• HHSC/DSHS
• Office of Civil Rights
• Law Enforcement (FBI, Sheriff's Office)
Breached! What Happened? Forensic Impact Before/After
Breach Sustainability
• Before
• Old firewalls; outdated configuration
• No intrusion prevention/detection system
• I.T. skills gaps
• Old versions of FTP software
• Inactive user accounts
• No IP filtering
• Data retention rules
• Default Log monitoring settings
• Inadequate/No Information Security policies
Breached! What Happened? Forensic Impact Before/After
Breach Sustainability
• Before
• Inadequate information security training
• Inadequate HIPAA training
• Weak staff awareness
• No information security committee
• No internal/external penetration tests
Breached! What Happened? Forensic Impact Before/After
Breach Sustainability
• After
• (2) new, state of the art firewall
• Outsourced firewall management; IPS/IDS
• Cybersecurity training; additional staff
• Created staff security awareness training programs (cybersecurity & HIPAA)
• Built new FTP server; applied system hardening techniques, password complexity, IP filtering, etc.
• Extended log retention timeframes to 90 days
• Applied data retention rules
Breached! What Happened? Forensic Impact Before/After
Breach Sustainability
• After
• System Encryption program
• Laptop check in/out program
• Internet filtering
• Comprehensive Information Security Policies & Procedures
• Comprehensive Privacy Policies & Procedures
• Created an Health Information Security Committee
• Yearly internal/external network penetration test
• Yearly HIPAA Security Risk Analysis/Cybersecurity Analysis
Breached! What Happened? Forensic Impact Before/After
Breach Sustainability
• Office of Civil Rights continues investigation
• Constant monitoring
• Strengthening all security programs
• Replacing old technology – keep it retired!
• Create awareness; keep staff informed
• CEO commitment
• Facetime with Board of Directors