1

Cybersecurity: Emerging Threats to Hospitals

June 9, 2016

CHA Webinar

Welcome

Mary BarkerCalifornia Hospital Association

2

4

Cheri Hummel is CHA’s vice president of emergency management and facilities. In this role, Cheri is the liaison to numerous state and federal agencies with regard to hospital emergency management and facility issues, including the California Department of Public Health, Office of Emergency Services, California Emergency Medical Services Authority, Office of Statewide Health Planning and Development, and other entities.

Prior to CHA, Ms. Hummel worked for the California Emergency Medical Services Authority in the Disaster Medical Services Division and was instrumental in launching the first national effort to revise the Hospital Incident Command System.

CHA Staff

3

5

Lois Richardson, Esq., is CHA’s vice president of privacy, and legal publications and education. Ms. Richardson is CHA’s issue specialist for all matters relating to the privacy of protected health information and she is responsible for the development of legal publications. She is the author of CHA’s California Health Information Privacy Manual, which addresses state and federal laws regarding the use and disclosure of health informationincluding HIPAA, HITECH and breach laws.

Lois also authored CHA’s popular Consent Manual, the most comprehensive resource available on patient consent for medical treatment and related health care laws.

CHA Staff

6

Steve Giles is chief information officer for Hollywood Presbyterian Medical Center, where he focuses on enhancing the hospital’s information systems to improve patient care delivery and overall business operations. He has more than 30 years of health care information technology experience and has served in a number of executive positions throughout his extensive career. Mr. Giles is a member of several professional associations, including ACHE, HIMSS and HFMA, and often serves as a guest lecturer at the University of Southern California’s Graduate School of Public Health.

Faculty

4

Cybersecurity: Emerging Threats

to HospitalsJune 9, 2016

Hollywood Presbyterian

• 434 licensed beds

• Operating at 250-275 beds

• 37,000 ER visits per year

• 4th largest baby manufacturer in LA

• Safety net general hospital

• Multi-ethnic patient/provider population

8

5

The Event

• Feb. 5 – Evening all systems inaccessible

• Feb. 6 – 3 a.m. internal disaster declared – most Microsoft technology locked up – CryptoWall, RSA-2048 encryption code

• Feb. 6 – Extortion demand appeared

• Feb. 6 – LAPD and FBI notified

• Feb. 6 – Bitcoin education started

9

The Event (cont.)

• Feb. 7 – Made first extortion payment, $9k

• Feb. 8 – Made second payment, $8k

• Feb. 8 – CDPH, insurance notified

• Feb. 8 – Privacy attorney and Kroll engaged

• Feb. 9 – Received 900+ decrypting codes – 1 unique code per each unique device

• Feb. 9 – Initiated testing decrypting codes

10

6

System Impact

• HIS/EMR completely down

• ERP applications completely down

• Back-up and antivirus servers down

• Patient medical records were inaccessible

• Laboratory, radiology, med cabinets were operational

• Neither PHI nor PII were accessed

11

Hospital Impact

• Déjà vu, it was 1970 all over again

• Downtime procedures – return to paper

• Missing medical records and eMAR information

• Physicians were more happy than not

• Internal communications improved

• More time spent with patients

12

7

Hospital Impact (cont.)

• Detailed review by CDPH

• Detailed review by CMS

• Detailed review by CA Board of Pharmacy

• The press did not validate anything

• None fully understood nor appreciated the magnitude of the ransomware attack

• Patient care was NOT compromised

13

Recovery

• Feb. 10 – Time clocks first – payroll week

• Feb. 14 – HIS registration went live

• Feb. 15 – Entire HIS/EMR came back online. Hospital was operational with the exception of a few applications

• File servers/exchange remained down until March 1

14

8

Lessons Learned – The Good

• In a crisis, people really do care for the patient

• All parties worked very well together

• Industry help was offered repeatedly

• HPMC’s IS team fully committed

• HPMC benefitted from practicing outages

• Patient care does not need to suffer

15

Lessons Learned – The Bad

• Government agencies need a better understanding and appreciation for the magnitude of this type of situation and the victim

• The news media would be well served to do a better job researching its stories

• The health care industry needs to take this risk very seriously

16

9

Lessons Learned – The Ugly

• Health care and other industries are in for constant and significant risk mitigation

• It’s NOT a matter of IF one is attacked, BUT WHEN

• Security expenditures in health care need to be a high priority

• Health care organizations need to re-evaluate their back-up strategies

17

Lessons Learned - General

• To minimize regulator interruption, ensure you are in compliance

• Determine the essentials needed to deliver patient care when ALL systems are down and maintain it separately

• Train, test and train again all staff who have access to the system to avoid malware

18

10

In Conclusion

• Prepare for the worst, it can happen and probably will

• Make network security a priority – be alert, this is NOT going away

• Work with regulators to develop greater sensitivity to this type of disaster

• Remove bitcoin as a payment option

• You can survive this, be prepared!!!19

Thank You

Steve GilesChief Information OfficerHollywood Presbyterian Medical Center

20

11

21

Tom Osborne is assistant special agent in charge for the Federal Bureau of Investigation’s (FBI) National Security Branch. In this role, he oversees international and domestic terrorism programs, as well as counterintelligence and cyber programs. A 20-year veteran, Mr. Osborne previously worked with the FBI’s Computer Crimes Squad and the Sacramento Division’s Cyber Crimes Program, and served as Unit Chief of the Counterterrorism Internet Target Unit, where he led a team that managed investigations targeting terrorists’ use of the Internet.

Faculty

California Hospital Association A Cyber Crime and Cyber Security Discussion

June 9, 201622

12

FBI Sacramento

Assistant Special Agent in Charge

Tom Osborne

National Security Branch

Assistant Special Agent in Charge

Tom Osborne

National Security Branch

Objectives

FBI cyber program/strategy

Understanding risk

Threat trends

Current cyber events

Common attack techniques and vectors

National security intrusions

Cyber security

Community outreach/Infragard

This presentation contains neither recommendations nor conclusions of the FBI.

FBI cyber program/strategy

Understanding risk

Threat trends

Current cyber events

Common attack techniques and vectors

National security intrusions

Cyber security

Community outreach/Infragard

This presentation contains neither recommendations nor conclusions of the FBI. 24

13

FBI Priorities

1. Protect the United States from terrorist attack

2. Protect the United States against foreign intelligence operations and espionage

3. Protect the United States against cyber-based attacks and high-technology crimes

4. Combat public corruption at all levels

5. Protect civil rights

6. Combat transnational/national criminal organizations and enterprises

7. Combat major white-collar crime

8. Combat significant violent crime

9. Support federal, state, local and international partners

10. Upgrade technology to successfully perform the FBI's mission

1. Protect the United States from terrorist attack

2. Protect the United States against foreign intelligence operations and espionage

3. Protect the United States against cyber-based attacks and high-technology crimes

4. Combat public corruption at all levels

5. Protect civil rights

6. Combat transnational/national criminal organizations and enterprises

7. Combat major white-collar crime

8. Combat significant violent crime

9. Support federal, state, local and international partners

10. Upgrade technology to successfully perform the FBI's mission

25

On Cybersecurity

“America's economic prosperity in the 21st century will depend on cybersecurity …”

-President Barack Obama, May 29, 2009

“The United States faces real [cybersecurity] threats from criminals, terrorists, spies and malicious cyber actors. The playground is a very dangerous place right now.”

-FBI Director James Comey, February 2014, RSA Conference

26

14

The Cyber Environment Never Stops … Accelerating, Evolving and Expanding

1995:16 million Internet users

27

The Cyber Environment Never Stops … Accelerating, Evolving and Expanding (cont.)

2001:458 million Internet users

28

15

The Cyber Environment Never Stops … Accelerating, Evolving and Expanding (cont.)

2015:3.1 billion Internet users

China 668 m/US 266* *statista.com 29

Cyber CriminalMethods and Tools

• Types of attacks:– Social engineering

– Phishing

– Malware

– Ransomware

– Spyware

– Denial of service (DDOS)

– Blended

• Types of attacks:– Social engineering

– Phishing

– Malware

– Ransomware

– Spyware

– Denial of service (DDOS)

– Blended

16

Social Engineering

• Obtaining information by manipulating legitimate users

• Talking people out of information via– Email

– IM

– Telephone

– Face to face

• Obtaining information by manipulating legitimate users

• Talking people out of information via– Email

– IM

– Telephone

– Face to face

31

Phishing

• Attempt to fraudulently acquire sensitive information

– Personal identifying information, prescription information

• Electronic communication masquerading as:

– A trustworthy person

– An official-looking business

• Can also be phone/voice phishing –“vishing”

• Attempt to fraudulently acquire sensitive information

– Personal identifying information, prescription information

• Electronic communication masquerading as:

– A trustworthy person

– An official-looking business

• Can also be phone/voice phishing –“vishing”

17

Threats More Complex as Attackers Proliferate

Password GuessingSelf-Replicating Code

Password CrackingExploiting Known Vulnerabilities

Disabling Audits

Hijacking Sessions

Sweepers

Sniffers

Distributed Attack Tools

Denial of Service

GUIPacket Spoofing

Network Management Diagnostics

Automated Probes/ScansWWW Attacks

“Stealth”/AdvancedScanning Techniques

1980 1985 1990 1995 2000 2005 2010

Intr

ud

er K

no

wle

dg

e

High

Low

Attackers

Back Doors

ZombiesBOTS

MorphingMalicious Code

Att

ack

So

ph

isti

cati

on Era of Modern

Information Technology

Era of Legacy Process Control

Technology

Threat Trends

Lipson, H. F., Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues, Special Report CMS/SEI-2002-SR-009,

November 2002, page 10.

33

Who are the Adversaries?

SECRET//NOFORN

Threat Level 1

• Inexperienced

• Limited funding

• Opportunistic behavior

• Target known vulnerabilities

• Use viruses, worms, rudimentary trojans, bots

• In it for thrills, bragging rights

• Easily detected

Threat Level 2

• Higher-order skills

• Well-financed

• Target known vulnerabilities

• Use viruses, worms, trojans, bots to introduce more sophisticated tools

• Target and exploit valuable data

• Detectable, but hard to attribute

Threat Level 3

• Very sophisticated tradecraft

• Foreign Intel Agencies

• Very well financed

• Target technology as well as info

• Use wide range of tradecraft

• Establish covert presence on sensitive networks

• Undetectable?

Sophistication Expertise Funding Patience Target Value

UNCLASSIFIED//FOUO

UNCLASSIFIED//FOUO34

18

What Are They After?

• Data:– Intellectual property

– Financial/Identity information

– Communications content

• Resources:– Communications functions

– Bandwidth

– CPU cycles

• Conducting business:– Day-to-day operations

– Disaster/Emergency response

• Data:– Intellectual property

– Financial/Identity information

– Communications content

• Resources:– Communications functions

– Bandwidth

– CPU cycles

• Conducting business:– Day-to-day operations

– Disaster/Emergency response35

UNCLASSIFIED

36

19

Hacktivists Intrusions

• Scope – limited to “socially relevant” issues

– Political activism

• Targets – private sector and government entities

• Subjects – anonymity is key (Anonymous)

– Ferguson and unrest associated with officer-involved shootings

– Hawthorn PD

• Motivation

• Scope – limited to “socially relevant” issues

– Political activism

• Targets – private sector and government entities

• Subjects – anonymity is key (Anonymous)

– Ferguson and unrest associated with officer-involved shootings

– Hawthorn PD

• Motivation37

Criminal Intrusions

• Scope - widespread• Targets – individuals,

financial sector, internet-based businesses with PII and other data

• Subjects – individuals and criminal enterprises located throughout the globe (emphasis on U.S. and Europe/Asia)

• Motivation

• Scope - widespread• Targets – individuals,

financial sector, internet-based businesses with PII and other data

• Subjects – individuals and criminal enterprises located throughout the globe (emphasis on U.S. and Europe/Asia)

• Motivation

38

20

Ransomware

39

Ransomware (cont.)

• Infection VectorsEmail compromise via phishing emails to end users (malware attached) or hyperlink to website hosting an exploit kit

• Disaster Recovery Plans! What is the difference? What is your risk – an earthquake, fire, CNA, insider threat???

• Prevention Considerations-Focus on prevention, business continuity and remediation-Awareness/Training-Patch O/S, software, firmware-Antivirus, anti-malware updates-Privileged accounts – managed them “least privilege”

-Implement software restriction policies

40

21

Ransomware (cont.)• Business Continuity Considerations

– Back up your data securely and verify its integrity

– Backups should not be connected to the computers and networks they are backing up

– Cloud, offsite? Persistent synchronization could be an issue

• Other Considerations– Implement application white listing

– Use virtualization environments to execute O/S or specific programs

– Categorize data based upon value to you

– Implement physical/logical separation of networks and data for different org. units. Example: sensitive R&D should not reside on same server or network as organization’s email environment

• The Ransom– FBI does not advocate paying a ransom

– Ultimately your decision

• Payment– Virtual Wallet

– Bitcoin

• Business Continuity Considerations– Back up your data securely and verify its integrity

– Backups should not be connected to the computers and networks they are backing up

– Cloud, offsite? Persistent synchronization could be an issue

• Other Considerations– Implement application white listing

– Use virtualization environments to execute O/S or specific programs

– Categorize data based upon value to you

– Implement physical/logical separation of networks and data for different org. units. Example: sensitive R&D should not reside on same server or network as organization’s email environment

• The Ransom– FBI does not advocate paying a ransom

– Ultimately your decision

• Payment– Virtual Wallet

– Bitcoin 41

State-Sponsored Intrusions

22

State-Sponsored Intrusions (cont.)

• Scope - APT• Targets – DoD

contractors, technology companies, Supervisory Control and Data Acquisition (SCADA) systems

• Subjects – “usual suspects”

• Motivation

• Scope - APT• Targets – DoD

contractors, technology companies, Supervisory Control and Data Acquisition (SCADA) systems

• Subjects – “usual suspects”

• Motivation

43

Intrusion Phases(Advanced Persistent Threat)

Infiltration

• Reconnaissance

• Infection

Persistence

• Escalate privileges

• Install utilities

• Enumerate the network

• Establish backdoors

Exfiltration

• Harvest data

• Exfiltration

• Conceal activity

Intrusion Phases

UNCLASSIFIED//FOR OFFICIAL USE ONLY

UNCLASSIFIED//FOR OFFICIAL USE ONLY 44

23

ECONOMIC ESPIONAGEEvery year, billions of dollars are lost to foreign and domestic competitors who deliberately target economic intelligence in U.S. industries and technologies. Through cyber intrusions, these intruders search for intellectual property, prototypes and company trade secrets to gain an illegitimate advantage in the market.

Every year, billions of dollars are lost to foreign and domestic competitors who deliberately target economic intelligence in U.S. industries and technologies. Through cyber intrusions, these intruders search for intellectual property, prototypes and company trade secrets to gain an illegitimate advantage in the market.

UNCLASSIFIED

UNCLASSIFIED 45

9/25/2015

46

24

Terrorism (motivated) Intrusions

• Scope – limited to threats and website defacements – also chat rooms leading to radicalization

• Targets – media-worthy targets, social media platforms

• Subjects – terrorist sympathizers

• Motivation – recruit, show support

• Scope – limited to threats and website defacements – also chat rooms leading to radicalization

• Targets – media-worthy targets, social media platforms

• Subjects – terrorist sympathizers

• Motivation – recruit, show support

47

STATE-SPONSORED DISRUPTIONS/WAR

Several nations are aggressively working to develop cyber warfare doctrine, programs and capabilities. Cyber warfare enables a single entity to have a significant and serious impact by disrupting the supply, communications and economic infrastructures that support military power – impacts that could affect the lives of citizens across the country.

Several nations are aggressively working to develop cyber warfare doctrine, programs and capabilities. Cyber warfare enables a single entity to have a significant and serious impact by disrupting the supply, communications and economic infrastructures that support military power – impacts that could affect the lives of citizens across the country.

UNCLASSIFIED

UNCLASSIFIED 48

25

Individuals

Nation-States

Hacktivist Groups

Organized Crime Syndicates

InfrastructureIndustry Law Enforcement & Government

Nation StatesIndividuals

UNCLASSIFIED

UNCLASSIFIED

49

What Can You Do?

• Step 1 – Understand the threat and your RISK to that threat

• Step 2 – Understand your Vulnerability

• Step 3 – Understand what the Consequences of your actions or inactions will cost you

• Step 1 – Understand the threat and your RISK to that threat

• Step 2 – Understand your Vulnerability

• Step 3 – Understand what the Consequences of your actions or inactions will cost you

50

26

Risk

51

Risk = Threat x Vulnerability x Consequence• Threat: Any person, circumstance or event

with the potential to cause loss or damage• Vulnerability: Any weakness that can be

exploited by an adversary or through accident

• Consequence: The amount of loss or damage that can be expected from a successful attack

The Risk EquationThe Risk Equation

NIPP 1.7.1

52

27

Vulnerability

• Network vulnerability comes from inadequate oversight by System Admins, defects in the information systems and vendors that fail to disclose the defects

• Health information systems, as an example, are as critical as banking systems; however banking systems have elaborate security measures sitting on top of them

• Network vulnerability comes from inadequate oversight by System Admins, defects in the information systems and vendors that fail to disclose the defects

• Health information systems, as an example, are as critical as banking systems; however banking systems have elaborate security measures sitting on top of them

53

2016 Verizon Data Breach Report

54

28

2016 Verizon Data Breach Report (cont.)

• Highlights/Lowlights:– 89% of all attacks were financially or espionage

motivated

– Known vulnerabilities exploited

– 63% of breaches involved weak, default or stolen passwords

– 16% increase in ransomware

– Basic net-defenses sorely lacking in many organizations

• Highlights/Lowlights:– 89% of all attacks were financially or espionage

motivated

– Known vulnerabilities exploited

– 63% of breaches involved weak, default or stolen passwords

– 16% increase in ransomware

– Basic net-defenses sorely lacking in many organizations

Pre-Breach/Attack Advice

• Plan, Plan and oh yeah, DEVELOP A PLAN

• Engage with information security professionals

• Develop relationship with federal law enforcement

• Ensures internal policies are documented and up-to-date

– Ensure management buy-in at highest level possible

– Train your employees!• Identify CIRT members• Conduct BCP and DRP

training (TTX)• Threat and vulnerability

assessments/testing– Engage a third party if

necessary

• Plan, Plan and oh yeah, DEVELOP A PLAN

• Engage with information security professionals

• Develop relationship with federal law enforcement

• Ensures internal policies are documented and up-to-date

– Ensure management buy-in at highest level possible

– Train your employees!• Identify CIRT members• Conduct BCP and DRP

training (TTX)• Threat and vulnerability

assessments/testing– Engage a third party if

necessary

56

29

Pre-Breach/Attack Advice (cont.)

• Use an antivirus/malware solution

• Use the protections offered by the vendors

• Two-factor authentication (something you know + something you have)

• Ensure your operating system and applications are kept up-to-date (updates/patches)

• Triage your email – do not respond to or click on links in unsolicited emails from suspicious sources

• Use complex passwords – practice good password management

• Engage in a backup process to ensure ability to recover lost data

• Use an antivirus/malware solution

• Use the protections offered by the vendors

• Two-factor authentication (something you know + something you have)

• Ensure your operating system and applications are kept up-to-date (updates/patches)

• Triage your email – do not respond to or click on links in unsolicited emails from suspicious sources

• Use complex passwords – practice good password management

• Engage in a backup process to ensure ability to recover lost data

57

Cyber Security -Mobile Devices

• Threats– Mobile malware– Unsecured wireless networks (avoid them)

• Mobile Device (Smartphone) Security Tips:– Set your phone to lock, or time out, after a certain

period of inactivity and require a password to unlock the phone

– Check for updates to the smartphone operating system

– If phone is lost or stolen, have the capability to remotely wipe your phone

– Backup your data– Avoid unencrypted public wireless networks– Watch your apps

• Threats– Mobile malware– Unsecured wireless networks (avoid them)

• Mobile Device (Smartphone) Security Tips:– Set your phone to lock, or time out, after a certain

period of inactivity and require a password to unlock the phone

– Check for updates to the smartphone operating system

– If phone is lost or stolen, have the capability to remotely wipe your phone

– Backup your data– Avoid unencrypted public wireless networks– Watch your apps

58

30

Pre-Breach Advice (cont.)

• National Institute of Standards and Technology (NIST)– Provides guidance on a myriad of topics:

• Applying Risk Management Principles to Security(800-37)

• BCP (800-34)

• International Organization of Standardization (ISO)– 27000 Series addresses information security principles in

detail

• National Institute of Standards and Technology (NIST)– Provides guidance on a myriad of topics:

• Applying Risk Management Principles to Security(800-37)

• BCP (800-34)

• International Organization of Standardization (ISO)– 27000 Series addresses information security principles in

detail

59

Incident Handling

• Preparation

• Identification– Reporting???

• Containment

• Eradication

• Recovery

• LESSONS LEARNED

• Preparation

• Identification– Reporting???

• Containment

• Eradication

• Recovery

• LESSONS LEARNED

60

31

How the FBI Combats Cyber Threats

61

FBI’s Mitigation Strategy

• Proactive Operations

• Prioritization & Prediction of highestthreat areas

• Partnerships with private sector, intelligence community, and domestic and international

law enforcement

• Proactive Operations

• Prioritization & Prediction of highestthreat areas

• Partnerships with private sector, intelligence community, and domestic and international

law enforcement

62

32

NCIJTF Members

63

UNCLASSIFIED//FOUO

64

33

Partnerships

“No one country, company, or agency can stop cyber crime … We must start at the source; we must find those responsible. And the only way

to do that is by standing together.”

Robert Mueller III,

Former FBI Director

UNCLASSIFIED

UNCLASSIFIED

65

34

@FBISacramento

Questions?

Tom OsborneAssistant Special Agent in Charge

FBI Sacramento

https://tips.fbi.gov1-800-CALL-FBI

68

Deron McElroy is the Department of Homeland Security’s (DHS) Cyber Security Advisor for California, Nevada, Arizona, Hawaii and the Pacific Territories, where he is focused on building partnerships to enhance our nation’s cyber resilience. Mr. McElroy helps organizations navigate and access the Critical Infrastructure Cyber Community (C³) Voluntary Program and NIST Cybersecurity Framework. He previously served as Senior Strategist for the DHS Office of Cybersecurity and Communications, leading the creation and development of the nation’s cyber incident response policy, playing a key role in the stand-up of the National Cybersecurity and Communications Integration Center, and participating in information sharing policy development.

Faculty

35

Office of Cybersecurity & Communications

June 2016

Deron McElroy | deron.t.mcelroy@hq.dhs.gov | 415-484-9222

National Security & Emergency Communications

Secure dot-gov Assist in Protectingdot-com

Assist in Securing Critical Infrastructure Common Operational Picture for Cyberspace

Coordinate Cyber and Communications Incident Response

DHS Cybersecurity Roles Include:

70

36

Cybersecurity Across Critical Infrastructure

71

Cybersecurity: Some Key Questions

• How do you determine if your cybersecurity efforts are going well?

• Do people communicate about the current state of cybersecurity in your organization?

• Where do you get cybersecurity information?

• Is your workforce trained and aware?

• Have you planned for cyber incident management and exercised that plan?

72

37

SophisticationRequired of Threat Actors is Declining

Sophisticationof Available Tools

is Growing

1983 2016

73

Services for Security and Resilience Operational Assistance National Cybersecurity and

Communications Integration Center (NCCIC)

Incident Response Remote and On-Site

Assistance

Malware Analysis

Incident Response Teams

Industrial Control Systems Experts

Information Sharing Products, Programs and

Best Practices

Resilience and Planning Assessments Cyber Resilience Review

Cyber Infrastructure Survey Tool

Cyber Security Evaluation Tool

Design Architecture Review

Penetration Tests and Vulnerability Scans

Advisory Services Cyber Security Advisors

Planning Guides

Exercises

Training and Awareness Resources

74

38

• Download tools and access resources• Work to increase your cyber resilience• Better manage cybersecurity as part of an

all-hazards approach to enterprise risk management

• Adopt the NIST Cybersecurity Framework and measure your progress through the Cyber Resilience Review (CRR)

C3 Voluntary Program

75

www.hsdl.org/?abstract&did=789781

DHS Cyber Tabletop Exercise

76

39

us-cert.gov/ccubedvp77

The Link to Emergency Preparedness and Concluding Comments

Cheri Hummel

California Hospital Association

40

79

The Link to Emergency Preparedness

Cyber threats are real – always evolving

Network security is a priority

All-hazards approach to enterprise risk management

Educate and train staff

Determine how continuity of operations will be provided and patient care will be delivered

The Link to Emergency Preparedness (cont.)

Exercise plans and downtime procedures

Response – incident management team Activate HICS as appropriate

Information sharing

Utilize available resources and services

80

41

CHA Emergency Preparedness Website

www.calhospitalprepare.org 81

CHA Quick Reference Tool

82

Hospital Cybersecurity Planning Quick Reference Tool

A helpful tool providing information and resources for health care organizations, tools to assist with gap analysis and state support systems, a mitigation checklist, and suggestions for where to report attacks, as well as share information.

The tool can be found at:

www.calhospitalprepare.org/cha-tools www.calhospital.org/cybersecurity-participant-info

42

Questions

Online questions:Type your question in the Q & A box, hit enter

Phone questions:To ask a question, hit *1

HASC Comprehensive Cyber Liability Program

Available to all California hospitals and medical groups

Broad insurance coverage, including primary and excess

Risk mitigation and consultation Employee awareness/training (e.g., phishing)

Shunning services

Vulnerability testing

Threat assessment

Legal review

Breach notification team includes legal, forensic investigation, public relations

Contact: Shauna Day at (213) 538-0772 or sday@hasc.org

84

43

CHA Disaster Planning Conference

85

CHA Disaster Planning for California Hospitals

September 19-21, 2016

Sacramento, CA

Annual conference that brings together more than 800 hospital emergency preparedness coordinatorsstatewide. Three-day program includes sessions forall members of hospital disaster planning teams, communitypartners and first responders.

www.calhospital.org/disaster-planning

CHA Staff Contacts

Cheri HummelVice President, Emergency Management & FacilitiesCalifornia Hospital Association(916) 552-7681chummel@calhospital.org

Lois RichardsonVice President, Privacy & Legal Publications/EducationCalifornia Hospital Association(916) 552-7611lrichardson@calhospital.org

86

44

Thank You and Evaluation

Thank you for participating in today’s webinar. An online evaluation will be sent to you shortly. To receive CEs, you must complete the evaluation and attest to your participation. CEs will be emailed to registrants.

A recording of this program will be available to all registrants.

For education questions, contact Mary Barker at (916) 552-7514 or mbarker@calhospital.org.