Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
-
Upload
efax-corporate -
Category
Healthcare
-
view
361 -
download
3
Transcript of Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
![Page 1: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/1.jpg)
World Leader in Digital Faxing 1
IN PARTNERSHIP WITH:
![Page 2: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/2.jpg)
World Leader in Digital Faxing 2
Meet the Speakers
Michael FlavinSr. Product Marketing Managerj2 Cloud Services
Michael PearsonChief Information Security ConsultantHealth Security Solutions
![Page 3: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/3.jpg)
World Leader in Digital Faxing 3
Michael FlavinSr. Product Marketing Managerj2 Cloud Services
Michael PearsonCISSP
![Page 4: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/4.jpg)
World Leader in Digital Faxing 4
Cyber Hacking in Healthcare: Snapshot
HHS Office for Civil Rights
1,199 incidents41.5 million individuals
FBI warnings to industry: “The FBI has observed malicious actors targeting healthcare related systems…for the purpose of obtaining Protected Healthcare Information (PHI)”
Top 5 Health Data Breaches in
2014
7.4 million individuals
affected
Data BreachesYear to date
90+ million individuals
affected
Huge change in scope
1,800%! increase from
2008-2013
![Page 5: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/5.jpg)
World Leader in Digital Faxing 5
Sources of a Breach
ORGANIZED
CRIMINAL
WELL-MEANING
INSIDER
MALICIOUS
INSIDER
![Page 6: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/6.jpg)
World Leader in Digital Faxing 6
Stages of a Breach
CAPTURE
Access data on unprotected systems
Install root kits to capture
network data
3
DISCOVERY
Map organization’s systems
Automatically find confidential data
2
INCURSION
Attacker breaks in via targeted
malware, improper credentials or SQL
injection
1
EXFILTRATION
Confidential data sent to hacker team in the
clear, wrapped in encrypted packets or in zipped files with passwords
4
![Page 7: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/7.jpg)
World Leader in Digital Faxing 7
Six Best Practices for Securing ePHI Using the SANS Security Model and HIPAA Compliance
• SANS Security Model provides a good framework for protecting, storing and transmitting ePHI – focus on security!
• HIPAA Compliance does NOT equal a plan secure PHI
• IT Executives must balance security, data protection and training with conduct of regular business
![Page 8: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/8.jpg)
World Leader in Digital Faxing 8
SANS Security Model
Defensive Wall 1: Proactive Software Assurance
Application Security Skills Assessment & Certification
![Page 9: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/9.jpg)
World Leader in Digital Faxing 9
SANS Security Model
Defensive Wall 2: Blocking Attacks: Network Based
IDS/IPS, FW, MSS
![Page 10: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/10.jpg)
World Leader in Digital Faxing 10
SANS Security Model
Defensive Wall 3: Blocking Attacks: Host Based
Endpoint Security, NAC
![Page 11: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/11.jpg)
World Leader in Digital Faxing 11
SANS Security Model
Defensive Wall 4: Eliminating Security Vulnerabilities
Vulnerability Management, Patch Management, Penetration testing.
![Page 12: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/12.jpg)
World Leader in Digital Faxing 12
SANS Security Model
Defensive Wall 5: Safely Supporting Authorized Users
Encryption, VPN, DLP
![Page 13: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/13.jpg)
World Leader in Digital Faxing 13
SANS Security Model
Defensive Wall 6: Tools to Manage Security and Maximize Effectiveness
Log Management, SIEM, Training, Forensics
![Page 14: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/14.jpg)
World Leader in Digital Faxing 14
Firewalls Are Not Enough
NIDS Monitoring
NIDS Monitoring - Botnet C&C Detection
NIDS Monitoring - Watchlist Detection
NIDS Monitoring
NIDS Monitoring - Botnet C&C Detection
NIDS Monitoring - Watchlist Detection
Firewall Logs Associated with IDS Alerts
NIDS Monitoring
NIDS Monitoring - Botnet C&C Detection
NIDS Monitoring - Watchlist Detection
Firewall Logs Associated with IDS Alerts
Firewall Logs - Scan Detection
Firewall Logs - Botnet C&C Detection
Firewall Logs - Backdoor Detection
Firewall Logs - Anomaly Detection
Firewall Logs - Watchlist Detection
NIDS Monitoring
NIDS Monitoring - Botnet C&C Detection
NIDS Monitoring - Watchlist Detection
Firewall Logs Associated with IDS Alerts
Firewall Logs - Scan Detection
Firewall Logs - Botnet C&C Detection
Firewall Logs - Backdoor Detection
Firewall Logs - Anomaly Detection
Firewall Logs - Watchlist Detection
HIDS Alerts
OS / Application / Database Logs
Endpoint Protection Alerts
Average: NIDS Monitoring
~32%
Good: NIDS Monitoring +
Core Firewall Monitoring
~50%
Better: NIDS Monitoring +
Firewall Advanced Analysis
~80%
Best: NIDS Monitoring +
Firewall Advanced Analysis +
HIDS + LMS + MEP
Approaching 100%
![Page 15: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/15.jpg)
World Leader in Digital Faxing 15
What are the Threats? Technology Impacting.
Security Architecture – Firewalls, Anti-Virus
Unpatched Client Side Software and Applications
Advanced Malware and Ransomware
Accessing Malicious Website
![Page 16: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/16.jpg)
World Leader in Digital Faxing 16
What are the Threats? Technology Impacting.
Poor Configuration Management
Cloud Computing/Storage
Unencrypted ePHI and Removable Media
Mobile Devices, aka BYOD
Botnets
Phishing
![Page 17: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/17.jpg)
World Leader in Digital Faxing 17
What are the Threats? Business Impacting.
Marketplace Reputation and Customer Loyalty
Liability
o Legal costso Credit assistance for customerso Training, call center triageo Fraudulent chargeso Stock price, earnings, etc.o IT Resources
![Page 18: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/18.jpg)
World Leader in Digital Faxing 18
Most Common Pitfalls
Risk Assessment
Lack of Accurate Data Inventory/Controlso Audit logs (critical for compliance and root cause)
Humanso “Accidents happen”o Social Engineering and o Security Awareness Training
![Page 19: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/19.jpg)
World Leader in Digital Faxing 19
Most Common Pitfalls
Missing Policies and Procedures
Incident Response Team and Plan & Audit Trail
![Page 20: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/20.jpg)
World Leader in Digital Faxing 20
Most Common Pitfalls
Password Security (may overlap with 3rd Party vendors)
o 40% have a password from the top 100
o 79% have a password from the top 500
o 91% have a password from the top 1000
![Page 21: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/21.jpg)
World Leader in Digital Faxing 21
Why do Compliance Mandates get More Complicated?
Compliance ≠ Security
Compliance is the output of post-mortem
– Some organization did not secure their data, and now everyone
else must deploy solutions, software, policies, and guidelines
Compliance will always be a step behind the latest threat
![Page 22: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/22.jpg)
World Leader in Digital Faxing 22
Faxing in Healthcare Today - Trends
Faxing is still a widely used, especially in highly regulated
industries such as healthcare, finance, legal (1)
Trend is toward cloud faxing from on premise faxing
Cloud faxing offers a secure, reliable way to send ePHI and
to covered entities or business associates, enhancing
HIPAA Compliance
![Page 23: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/23.jpg)
World Leader in Digital Faxing 23
Email, Secure Browser, Mobile App & eFax
Messenger User Interfaces
TLS Encrypted in Transit
Hosted Fax ServiceEncrypted Fax Storage
via eFax Secure (optional)
PSTNTelco Service
Inbound/Outbound Faxes
The world’s #1 online fax company – and the industry’s most experienced hosted fax service
The most widely deployed online fax service for the Fortune 500
Trusted by more major healthcare, legal, financial and other highly-regulated firms than any other online fax provider to transmit sensitive documents
![Page 24: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/24.jpg)
World Leader in Digital Faxing 24
Product Spotlight: eFax Secure™
Secure: TLS-encrypted transmission and storage of ePHI data to enhance security and HIPAA compliance – encryption at rest and motion
Reduce costs – eliminate cost of physical fax servers, phone lines, and enhance compliance with routing to specific user’s email
Improve your overall communications with our highly redundant network delivering 99.5% uptime SLAs and unparalleled transmission security
Tier III or IV colocations for servers with high redundancy and failover capabilities
![Page 25: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/25.jpg)
World Leader in Digital Faxing 25
Helpful Links
SANS Security Model
DHS HIPAA Security 101 for Covered Entities
DHS HIPAA Security: Physical Safeguards
enterprise.eFax.com
Recorded slides of this presentation
Whitepaper: “Is Cloud-based Faxing Right for You?”
![Page 26: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/26.jpg)
World Leader in Digital Faxing 26
Q&A
Visit us at enterprise.eFax.com
Visit us at HIMSS Booth #7756
Email:
Michael Flavin: [email protected]
Mike Pearson: [email protected]
![Page 27: Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015](https://reader030.fdocuments.us/reader030/viewer/2022032422/55a96db51a28ab3b508b4610/html5/thumbnails/27.jpg)
World Leader in Digital Faxing 27
Thank You