View the Replay - FairWarning · 9/27/2017 · Protecting Patient Information in the Age of...
Transcript of View the Replay - FairWarning · 9/27/2017 · Protecting Patient Information in the Age of...
View the Replay
Speakers
Shellie Zavatsky Trent LongDirector of Internal Audit
at Hurley Medical
Center
Director of Managed Privacy
Services at FairWarning, Inc
Agenda What are the new advanced threats to patient data?
Implications of global cybersecurity attacks to your organization
Response tactics to global cybersecurity attacks
Implications of terror to securing patient data
Response tactics to terror attacks
Implications of identity theft and fraud
Response tactics to identity theft and fraud
Driving threats out of your organization through technology and culture
Protecting Patient Information in the Age of Advanced Threats
• Threats to patient data now include:
• Threats to patient information have advanced in a short amount of time
• Advanced threats require innovative tactics to secure patient data
• People Approach combining technology and training
Global Cybersecurity Attacks
Terror Identity Theft Fraud Drug AddictionBasic HIPAA Violations &
OCR Investigations
Here’s Why We are Able to Obtain this Data
✓Global Customer Base
✓40% + US Market Share of Major Healthcare Providers
✓FairWarning®’s Managed Privacy Services (MPS) monitors over 500,000 healthcare provider employees and affiliates
✓MPS reviews thousands of potential incidents per month
✓Over 5,000 confirmed privacy and security incidents
Global Cybersecurity Attacks
Here’s why it’s important to know• 2017 there’s been an increase in the number of
organizations affected by global cybersecurity attacks/terror
Here are the implications to your organization• Interrupt services to your healthcare patients
• Reputational Damage
• Business Continuity
Here is what we have seen• Hacktivist groups
• Compromised user credentials
Response Tactics Global Cybersecurity Attacks
• Statistical Deviations
• Visualization
• Intelligent Filtering “Day to Day” or Forensically
• Behavior Analysis w/Machine Learning
• Network Compromise - Forensics Investigation of Clinical Apps & EHRs
• FairWarning Ready Information Security Partners
Terror Attacks• Happens without notice
• Instantaneous worldwide media attention ‘Breaking News On CNN’
• Massive international curiosity over victims - patients
• Immediate escalation of patient and institutional risks
• Poor handling can jeopardize law enforcement, legal proceedings, and prosecution of the accused
Response Tactics: Terror Attacks
• Privacy and Security “Partner”
• Every effort to proactively reach out to customers
• FairWarning® MPS Specialists Available
• Close partnership with our customers
• Comprehensive behavior analysis packages put in place to instantly monitor victims
Identity Theft and Fraud
Here’s why it’s important to know• Widescale fraud and identity theft are prevalent at any
organization no matter the size or location
• Fueled by IRS tax fraud and medical identity theft
• Active identity theft criminal networks in major metros
• Has become business as usual for care providers
Here are the implications to your organization• Happens at a moment’s notice
• Local law enforcement, FBI, and Department of Justice investigate 3rd party tips that lead to the care provider
• $1.3 Billion strike force
Here is what we have seen• FairWarning® called in to meet highest stake cases
Response: Identity Theft and Fraud
• Close Partnership with Customers
• Rapid Escalation Upon Detection
• Professional and Legal Documentation of Potential Incidents in the FairWarning® Platform
• Statistical Deviations
• Visualization
• Intelligent Filtering “Day to Day” or Forensically
• Behavior Analysis w/Machine Learning
• Dynamic Identity Intelligence
Basic HIPAA and OCR Investigations
Snooping Remains a Challenge
Expanded Emphasis on Employees
OCR Requires Documented Appropriate Monitoring Program
Create Culture of Privacy and Compliance
Read more
Read more
Read more
Read more
Under OCR Resolution Agreement
Upticks related to new behavioral analytics implemented
Enterprise
Upticks related to new facilities acquired by covered entity
Mitigating Threats to Patient Data Through Technology and “People Training”
We want to note that the threats to patient data are mitigated through a combined approach of technology and training your workforce.
Culture of Privacy and Security:
▪ Executive Support - support from the CEO
▪ New hire HIPAA training
▪ Ongoing training with security incidents
▪ Employee accountability
▪ Dynamic Identity Intelligence