Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

“Privacy/Security Spotlight: Network Security and Best Practices Regarding the

Internet of Things in a Health System”

A Complimentary Webinar From healthsystemCIO.com

Sponsored by Proofpoint

Your Line Will Be Silent Until Our Event Begins at 12:00 ET

Thank You!

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Housekeeping

• Moderator – Anthony Guerra, editor-in-chief, healthsystemCIO.com

• Ask A Question• We will be holding a Q&A session after the formal presentations.

• You may submit your questions at any time by clicking on the QA panel located in the lower right corner of your screen, type in your questions in the text field and hit send. Please keep the send to default as “All Panelists.”

• Download the Deck • Go to Download today's deck at:

http://healthsystemcio.com/presentation/internet-of-things-webinar.pdf

• Shortened URL at bottom of all slides

• View the Archive• You will receive an email when our archive recording is ready.

• Separate registration is required.

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Agenda — Approximately 45 Minutes

• 25-30 minutes: St. Luke's Cornwall Hospital VP/CIO Cletis Earle

• 5 minutes: A Word From Our Sponsor: Joe Diamond, Director of Products, Proofpoint

• 10-15 minutes: Q&A w/Cletis Earle

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Privacy/Security Spotlight: Network Security and Best Practices Regarding

the Internet of Things in a Health System

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Breach Mitigation

• You may already be breached, and don’t know it! (BE PREPARED)

• How many organizations can claim they are 100% protected from cyber threats?

• Attack Vector Threshold • Network vulnerability

• Hardware theft and Loss

• Malware, Encrypted Botnet

• Mobile App and Devices

• Medical device

• ETC

Breach- an infraction or violation, as of a law, trust, faith, or promiseMitigation- the act of lessening the force or intensity of something unpleasant, as wrath, pain, grief, or extreme circumstances

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Breach Identification Timeline

• Discovery

1 Month

• Due Diligence

4 Months

• Remediation

Forever

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Cyber Insurance

• Limits – any one claim and in the aggregate inclusive of claims expenses

• Main Aggregate Policy Limit

• Sub-Limits

• Crisis Management, Customer Notification Expenses, Customer Support and Credit Monitoring

• Privacy Regulatory Defense and Penalties

• Forensic Costs – per claim

• Content Injury / Media Wrongful Acts

• Network Security / Privacy Liability

• Data Recovery and Business Interruption

• Cyber Extortion

• Main Policy Deductible:

• Cyber Extortion

• Data Recovery and Business Interruption

• Crisis Management

• Forensic Expenses

• Breach Response

• Gross Premium

• Additional Premium to include Business Interruption

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Lessons Learned

• Chain of Custody Policy

• Data in motion/Data in flight

• Data Loss Prevention

• Endpoint Encryption (various devices)

• Cyber Insurance (Compliance)

• Constant Revision of “Battle Plan” as new technologies are introduced

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Countermeasure General Strategy

• Remove the asset

• Separation of duties

• Authenticate, authorize, and audit

• Layering

• Adaptive enhancement

• Orderly failure

• Policy and training

• Simple, cheap and easy

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Remove Asset

• Frequently misunderstood measure

• Remove targeted information from the equation• Question the need to have SS#s or PCI data

• If not truly needed for the operations of the business, have it removed

• Web portals are easy targets• If sensitive data can be limited, then don’t capture the information

• Rethink how the organization classifies identifiable indicators and challenge the rule if it is a possible target for attack

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Separation of Duties

• Add layers to threat management and remediation plan• “Coordination of Duties”

• Detection Team• The team that is responsible for detecting the problem and any new issues

that may arise

• Reaction Team• The team that is responsible for fixing the issue

• Many time hackers installs code to distract IT teams• If you keep your team separate, you increase your chance of fixing the real

problem and not issues created to distract you from the issue

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Authenticate, Authorize and Audit

• Authenticate• Dual Factor

• Various state regulations may help adoption of disruptive technology

• Electronic Prescription of Controlled Substances

• Authorize• Digital Rights Management (can be a challenge)

• Enterprise wide Browser Protected Mode

• Audit• Logging Authentication & Authorization transactions.

• Allow effective incidence response measures

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Layering

• Add multiple countermeasures to increase the effort an attacker must take

• The more technical barriers setup — “hoops to jump through” — will discourage various types of cyber threats

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Adaptive Enhancement

• Similar to layering, this is using various software to protect facilities to compensate for deficiencies of other layers

• This can be turned “on” at any given time

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Orderly Failure

• Predefined Incident response plan• Measure the level of risk the organization is willing to take regarding outage

and remediation plan

• Take into consideration worst-case scenario

• Be prepared to keep things down until a better security control can be reached

• Systems should be evaluated on level of impact to the organization and associated risk

• Hardware/Software should be graded to help prioritize business continuity

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Policy and Training

• Self explanatory but unfortunately often not take serious enough in organizations

• The organization should undergo constant training regarding security risks

• IT employees pose the highest risk of vulnerability due to their role and access

• Keeping the organization in the know regarding latest attacks and phishing scams helps reduce threats to the organization’s equipment as well as employee’s home; where often they remote in

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Simple, Cheap and Easy

• KISS “keep it simple silly”

• No need to overcomplicate security measures

• Attackers go after the easier targets or low hanging fruit

• Using appropriate countermeasures, most threats will be addressed

• Consider yourself already breached

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Privacy/Security Spotlight: Network Security and Best Practices Regarding the

Internet of Things in a Health System

Joe Diamond, Director of Products, Proofpoint

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Know Your Threat Vectors

Attacks

Sabotage

Mistakes

Data Breach

Source: Generally begins with an

elaborate phishing campaign

Type: Inbound

Source: Disgruntled

employee/partner/contractor

exfiltrating sensitive data

Type: Outbound

Source: Sensitive data sent to

unintended recipient

Type: Outbound

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

The Resourcing Challenge

• Your leadership is saying …• Fix everything

• Protect us against breach and harden against data loss

• Be prepared for eDiscovery requests, support EMRs,

provide breach RCAs, Office 365 migration, etc.

• While providing no increase to your budget …

• And no additional heads to support new technology

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Embrace the 80/20 Rule

• This is a mountain that resource-strapped IT/InfoSec groups can scale

• Requires a laser-focused approach; eliminate the scattershot and distraction of trying to do everything—doing so guarantees doing nothing well or worse, shelfware

• Scenario: Joint IT/InfoSec team of 5 supporting a mid-size healthcare system, has a small budget for new tech, no new heads …• Weigh Impact vs. Effort

• Data classification

• DLP

• Automated sensitive data discovery & remediation

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

A Breach Protection & Mitigation Strategy with Immediate Benefit

• Targeted Attacks / Emerging Threats• Focus on email—the vast majority of breaches begin with a sophisticated phishing

attack

• Your requirements:• URL re-writing• Dynamic analysis/sandboxing for incoming URLs & attachments• Who-clicked-what visibility to ensure rapid threat response

• Automated intelligence and remediation for data at rest• Focus on data at rest—what are bad actors after when breaching your systems? …

your data

• Your requirements:

• Automated visibility into the size of your attack surface

• Automated remediation for sensitive data in unsecure locations

• Simple to deploy and manage (template-based policies, limited footprint)

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Resources

• Data Profiler Tool• Simple executable – point at a file server/UNC path and

it’ll run automatically

• Full report providing the number of sensitive data violations, including PCI and social security numbers

• Get it here: http://www.proofpoint.com/profiler

• The Human Factor• Analysis exploring the under-reported aspect of

enterprise threats caused by end user behaviors clicking within email, attachments and social media posts

• Get it here: https://www.proofpoint.com/humanfactor

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Q&A

Click on the Q&A panel located in the lower right corner of your screen, type in your questions in the text field and hit send. Please

keep the send to default as “All Panelists.”

cearle@slchospital.org

Slide Deck: http://goo.gl/eTS9nQWebex Support 1-866-229-3239

Event #667 139 752

Thank You!

• Thanks to our featured speaker: Cletis Earle!

• Thanks to our sponsor: Joe Diamond & Proofpoint!

• You will receive an email when our archive recording is ready. (Separate registration is required)

• CHIME CHCIO Credits – Attending our Webinars = 1 CEU

• Questions/Comments – Anthony Guerra aguerra@healthsystemCIO.com

Go to www.healthsystemCIO.com/webinars to view our upcoming schedule and see the last 12 months of archived events.