Healthcare: Is the Cyber Threat Real? President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation..!Whitehouse.gov Dr. Emma Garrison-Alexander Vice Dean, Cybersecurity and Information Assurance University of Maryland University College April 22, 2016
U.S. Critical Infrastructure – 16 Sectors Food Defense Critical Energy Financial & Agricultural Industrial Base Manufacturing Emergency Transportation Nuclear Dams Communications Services Water & Information Healthcare & Government Chemical Commercial Technology Waste Public Health Facilities
Legal Requirements • Health Insurance Portability & Accountability Act (HIPAA) - 1996 – Protection of patient’s privacy & health information • Health Information Technology for Economic and Clinical Health (HITECH) – 2009 – Promote use Electronic Health Records – Strengthen the civil and criminal enforcement of HIPAA – Breach Notification • The Omnibus Rule – 2013 – Enhances patient’s privacy protections – Provide individuals new rights to their health information – Strengthens government’s ability to enforce the law – Holds business associates, contractors, etc. accountable for privacy and data protections
Healthcare Attacks by the Numbers • Healthcare is the most targeted sector • Healthcare Information Comprise in U.S. – 47% of population – Timeframe: last 12 months • Breaches against 16 sectors – 888 total incidents reported – 188 or 21% in healthcare industry • Who is targeted in Healthcare – 72% targeted healthcare providers – 10% targeted healthcare business associates – 6% targeted health plan organizations – 12% of traffic pharmaceutical companies, healthcare information clearinghouses, and other healthcare entities http://icitech.org/wp-content/uploads/2016/01/ICIT-Brief-Hacking-Healthcare-IT-in-2016.pdf
Three Case Studies Hospital Pays $17,000 in Ransomware Attack MedStar Health Hacked 22 Million Personnel Comprised
Cyber Impact to Healthcare Healthcare Impact Financial Impact • Cannot Change Blood Type • New Bank Account Number • Cannot Change Medical • New Credit Cards Condition • New Social Security Number • Cannot Change DNA • New Credentials – • Once information is Exposed, login/password It Is Forever • Account Protection
Cyber Tools & Technology • Prevent a cyber attack – Vulnerability assessments – Network mapping tool, scanning tool – Network protocol analyzer – Patch Management – Data Encryption – Background investigations (Insider Threat) – Multifactor authentication – Identity management – Least privilege – Anti-virus software – Redundant and failover systems • Detect a cyber threat or attack – recognize problem – Network Intrusion Prevention/Detection System • Mitigate a threat or cyber attack – respond to a attack; analyze, report, recommend – Forensic Tools – Digital Investigation
QUESTIONS????
Recommend
More recommend
