responding to skyrocketing cyber attacks
play

Responding to Skyrocketing Cyber Attacks Managing Risk, Responding - PowerPoint PPT Presentation

Feb 22, 2023 •35 likes •795 views

Presenting a live 90-minute webinar with interactive Q&A Data Breaches in Healthcare: Responding to Skyrocketing Cyber Attacks Managing Risk, Responding to Breaches and OCR Investigations, Minimizing HIPAA Liability THURSDAY, MARCH 24, 2016

  1. Presenting a live 90-minute webinar with interactive Q&A Data Breaches in Healthcare: Responding to Skyrocketing Cyber Attacks Managing Risk, Responding to Breaches and OCR Investigations, Minimizing HIPAA Liability THURSDAY, MARCH 24, 2016 1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific Today’s faculty features: Joshua Carlson, Principal, Joshua Carlson, P.A. , Minneapolis Richard DeNatale, Partner, Jones Day , San Francisco Todd S. McClelland, Partner, Jones Day , Atlanta The audio portion of the conference may be accessed via the telephone or by using your computer's speakers. Please refer to the instructions emailed to registrants for additional information. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 10 .

  2. Tips for Optimal Quality FOR LIVE EVENT ONLY Sound Quality If you are listening via your computer speakers, please note that the quality of your sound will vary depending on the speed and quality of your internet connection. If the sound quality is not satisfactory, you may listen via the phone: dial 1-866-927-5568 and enter your PIN when prompted. Otherwise, please send us a chat or e-mail sound@straffordpub.com immediately so we can address the problem. If you dialed in and have any difficulties during the call, press *0 for assistance. Viewing Quality To maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key again.

  3. Continuing Education Credits FOR LIVE EVENT ONLY In order for us to process your continuing education credit, you must confirm your participation in this webinar by completing and submitting the Attendance Affirmation/Evaluation after the webinar. A link to the Attendance Affirmation/Evaluation will be in the thank you email that you will receive immediately following the program. For additional information about continuing education, call us at 1-800-926-7926 ext. 35.

  4. Program Materials FOR LIVE EVENT ONLY If you have not printed the conference materials for this program, please complete the following steps: Click on the ^ symbol next to “Conference Materials” in the middle of the left - hand column on your screen. Click on the tab labeled “Handouts” that appears, and there you will see a PDF of the slides for today's program. Double click on the PDF and a separate page will open. Print the slides by clicking on the printer icon.

  5. Data Breaches in Healthcare: Responding to Threat of Cyber Attacks March 24, 2016 Richard DeNatale Todd McClelland

  6. Introduction Numerous factors have combined to create a “perfect storm” of cybersecurity risk in the healthcare sector • External factors • Targeted by cyber criminals • Targeted by state actors • Black market for PHI • Systemic factors • Multiple points of entry create vulnerabilities • Culture of open information exchange creates security challenges • Some companies slow to invest in IT infrastructure and security 6

  7. Introduction Numerous factors have combined to create a “perfect storm” • Legal/regulatory factors • Highly regulated industry • Mandatory disclosure requirements • Regulators becoming more focused on enforcement • Aggressive and experienced plaintiffs’ class action counsel • Legal landscape may be shifting in favor of plaintiffs on standing and damages issues 7

  8. Source: Verizon DBIR 2013-2015 8

  9. Topics I. Breach Preparedness Strategies A. Cyber risk assessments B. Vendor management C. Cyber Insurance II. Responding to the Breach A. Effective response planning B. PHI reporting and notice obligations C. Damage mitigation D. Pursuing insurance recovery III. Responding to an OCR investigation A. HIPAA and regulatory compliance B. Interacting with regulators C. Establishing investigation parameters D. Data protection 9

  10. Cyber Risk Assessments 10

  11. Key HIPAA Assessment Activities • Assessments are required under the HIPAA Security Rule. For example: • 164.308(a)(1)(ii)(A) – Conduct a risk analysis • 164.308(a)(1)(ii)(B) – Implement a risk management program • 164.308(a)(8) – Periodic evaluation 11

  12. Key Assessment Activities  Risks and risk management program  Identify ePHI data flows and changes to systems  Compliance gap analysis and mitigation recommendations  Review Incident Response Plan(s)  Review applicable security policies and procedures  Meet key information security stakeholders  Review insurance policies  Review key vendor contracts and investigate “Shadow IT”  Data governance program review 12

  13. Questions your risk assessment should help you answer  Who has access to your data?  Where do you process, store, create or receive ePHI?  Who is responsible for your information security program, especially w/r/t ePHI?  What are your “use cases”? What ePHI do you create or receive? How is it  Is your data appropriately secured? used?  Are information/systems monitored?  What are the threats (internal and  What is the impact if information is lost, external) to your ePHI? accessed or compromised?  Is your data identified and classified?  Are you prepared for a breach?  Is someone reviewing your logs? How  How do you dispose of your data? often?  Are you storing documentation related to  Who within your organization knows your security program? the answers to these questions ? 13

  14. Vendor Management 14

  15. Due Diligence • Increasing due diligence • Senior management is becoming more aware of third party exposure • In large part arising from potential legal exposure and enforcement actions • Contracting parties are becoming more inquisitive • Questionnaires • Breach history • Security Walk-throughs • Third party audit/assessment review • Substantiate due diligence was conducted • Spend is not the right metric for determining which deals get scrutinized. 15

  16. Contracts  Privacy and security issues continue to be contentious in vendor contracts:  HIPAA compliance  Risk apportionment, insurance  Privacy and security representations, warranties and commitments  Breach notification  Audit rights  Changes / Governance  Cloud 16

  17. Audits • Common after breach disclosures • Increasing actions against those who fail to regularly review their third party vendors • Customer/Vendor Tensions: • Frequency • Cost • Who conducts the audit • What level of access • Scope • Cloud services 17

  18. Expectations for 2016+  Continuing push for risk assessment formalization that will include third party vendors.  More enforcement actions  More risk for companies that outsource their data processing activities  Growing complications with breach response, especially cloud. 18

  19. Quick Hits  CISOs and counsel need to work more closely together when contracting with vendors.  Vendor day.  Stay tuned to laws that will affect vendor relationships.  Update dated vendor contracts to address privacy and security issues. 19

  20. Cyber Insurance 20

  21. Cyber Insurance  Insurance coverage has become a critical part of breach preparedness.  Three major shifts in U.S. insurance market over past decade:  New categories of emerging cyber risk Development of new cyber policy forms   Exclusion of cyber/internet exposures from traditional policies  CGL Policies - Personal Injury Coverage • Traditionally covered “publication, in any manner, of material that violates a person’s right of privacy” – including claims involving electronic data transmitted over the internet • As of April 1, 2014, new exclusion added to standard ISO form barring coverage for data breach claims 21

  22. Cyber Insurance Cyber Insurance policies cover five major categories of costs 1.Third-party liability coverage for claims and lawsuits  Arising out of security breach, disclosure of PII/PHI, violation of company privacy policy  Covers cost of defense, settlement, or judgment 2.Regulatory coverage for government claims and investigations  Covers cost of defense, fines, or penalties o Make sure definition of “Claim” includes OCR investigations 22

  23. Cyber Insurance 3. Event Management/Data Breach Response coverage  Covers cost of post-breach forensic and legal investigations 4. Privacy Notification Coverage  Covers cost of breach notice to affected individuals (customers, patients)  May cover credit monitoring or identity theft protection for affected individuals 5. First Party Coverage, akin to property insurance  Covers cost of restoring data and systems  Business interruption coverage for lost revenue 23

  24. Cyber Insurance • Legal fees for breach response Response • Forensic investigation Costs • Breach Notice • ID protection/credit monitoring • Class action defense costs and settlement • Defense of government proceedings Legal Claims • Government fines/penalties • Card brand claims & assessments • Restoration of data Business • Lost revenue/business interruption Losses • Extra expenses • Loss of goodwill / customer confidence 24

Recommend

90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO

90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO

90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO HUMAN ERROR ERROR CYBER AWARE CYBER AWARE NEXT-GEN SECURITY AWARENESS TRAINING Cyber Crime Is Now A Cyber Crime Is Now A Business Opportunity

550 views • 25 slides
Understanding Cyber Risks and Security Options The Spectrum of Cyber Attacks Advanced

Understanding Cyber Risks and Security Options The Spectrum of Cyber Attacks Advanced

Understanding Cyber Risks and Security Options The Spectrum of Cyber Attacks Advanced Persistent Threats (APT) Cybercriminals, Exploits and Malware Denial of Service attacks (DDoS) Domain name hijacking Corporate

347 views • 13 slides
Conceptualizing Human Resilience in the Face of the Global Epidemiology of Cyber Attacks L Jean

Conceptualizing Human Resilience in the Face of the Global Epidemiology of Cyber Attacks L Jean

Conceptualizing Human Resilience in the Face of the Global Epidemiology of Cyber Attacks L Jean Camp, Marthie Grobler, Julian Jang-Jaccard, Christian Probst, Karen Renaud, Paul Watters Cyber is Global It is unrealistic to study cyber at a

719 views • 36 slides
The Challenge LGNZ 6 June 2014 100 % Cyber Attacks Data Indicative National Risk Matrix

The Challenge LGNZ 6 June 2014 100 % Cyber Attacks Data Indicative National Risk Matrix

The Challenge LGNZ 6 June 2014 100 % Cyber Attacks Data Indicative National Risk Matrix Severe Weather Hazardous Spill Failed Large Pacific rural flood Global Financial Asia 10 % State Crisis Interstate Cyber Attacks Conflict

335 views • 11 slides
DEFENDING DIGITAL BUSINESS AGAINST CYBER ATTACKS Presentation SAI 21/02/2019 Our Agenda 1

DEFENDING DIGITAL BUSINESS AGAINST CYBER ATTACKS Presentation SAI 21/02/2019 Our Agenda 1

www.nviso.be DEFENDING DIGITAL BUSINESS AGAINST CYBER ATTACKS Presentation SAI 21/02/2019 Our Agenda 1 Demo time 2 Threat actor groups 3 Nation states 4 Hacktivism 5 Organized cyber crime 6 The bad competitor 7 The Internet of

777 views • 42 slides
Responding to Disasters in the Foreign Responding to Disasters in the Foreign Service Setting

Responding to Disasters in the Foreign Responding to Disasters in the Foreign Service Setting

Responding to Disasters in the Foreign Responding to Disasters in the Foreign Service Setting Service Setting Samuel Thielman, M.D., Ph.D. RMO/P Frankfurt ATTACKS AGAINST U.S. DIPLOMATIC ATTACKS AGAINST U.S. DIPLOMATIC INSTALLATIONS

384 views • 14 slides
SARNET ENHANCING RESILIENCE AGAINST CYBER ATTACKS Frank Fransen | 5 October 2016 SARNET -

SARNET ENHANCING RESILIENCE AGAINST CYBER ATTACKS Frank Fransen | 5 October 2016 SARNET -

SARNET ENHANCING RESILIENCE AGAINST CYBER ATTACKS Frank Fransen | 5 October 2016 SARNET - Enhancing Cyber Resilience Relation to NCSRA II SARNET | October 5th 2016 CYBER THREATS ARE EVOLVING Key trends Cyber Cyber Cyber Magnitude of

153 views • 13 slides
PII Awareness Briefing Introduction Cyber attacks on private, public and government

PII Awareness Briefing Introduction Cyber attacks on private, public and government

PII Awareness Briefing Introduction Cyber attacks on private, public and government information systems are becoming all too common. From hackers to cyber criminals and nation states, todays attackers are more disciplined,

918 views • 12 slides
Responding To and Managing Cyber (and Physical) Events Bill Sanders Number of Activities: 6

Responding To and Managing Cyber (and Physical) Events Bill Sanders Number of Activities: 6

Responding To and Managing Cyber (and Physical) Events Bill Sanders Number of Activities: 6 2012 Industry Workshop October 30, 2012 | 1 TCIPG Technical Clusters and Threads Trustworthy Technologies Trustworthy Technologies Responding To and

396 views • 11 slides
Cyber attacks as use of force in international relations: ius ad bellum and ius in bello Prof.

Cyber attacks as use of force in international relations: ius ad bellum and ius in bello Prof.

Cyber attacks as use of force in international relations: ius ad bellum and ius in bello Prof. Marco Pedrazzi Department of International, Legal, Historical and Political Studies Milan University 1 Cyber war and outer space Satellites =

583 views • 27 slides
Anatomy of a Data Theft Attack For Sacramento ISACA January 2016 Mike Landeck Cyber Security

Anatomy of a Data Theft Attack For Sacramento ISACA January 2016 Mike Landeck Cyber Security

Anatomy of a Data Theft Attack For Sacramento ISACA January 2016 Mike Landeck Cyber Security Consultant Agenda 1. USB Attacks 2. QR Code Attacks 3. Advanced Phishing Attacks 4. Malvertising 5. Watering Hole Attacks 6. How Simple Browser

1.32k views • 33 slides
WORLDWIDE CYBER-ATTACKS: THEIR IMPACT ON THE INTERNATIONAL HEALTH SERVICES AND THEIR ANSWER IN

WORLDWIDE CYBER-ATTACKS: THEIR IMPACT ON THE INTERNATIONAL HEALTH SERVICES AND THEIR ANSWER IN

MOL2NET 2017, International Conference on Multidisciplinary Sciences, 3rd edition. Section 08: LAWSCI-01: Wokshop on Challenges in Law, Technology, Life, and Social Sciences. 25 30 July, 2017. Bilbao, Spain. WORLDWIDE CYBER-ATTACKS: THEIR

78 views • 5 slides
on Cyber Security Presentation by Control Risks James Owen Partner, Cyber, EMEA William Brown

on Cyber Security Presentation by Control Risks James Owen Partner, Cyber, EMEA William Brown

The impact of Covid-19 on Cyber Security Presentation by Control Risks James Owen Partner, Cyber, EMEA William Brown Director, Cyber, Middle East 1 Control Risks Cyber attacks exploiting the pandemic Share of attack vector of organized

447 views • 10 slides
Attacks on Cardiac Devices to appear in IEEE/ACM International Conference Cyber-Physical Systems

Attacks on Cardiac Devices to appear in IEEE/ACM International Conference Cyber-Physical Systems

Synthesizing Stealthy Reprogramming Attacks on Cardiac Devices to appear in IEEE/ACM International Conference Cyber-Physical Systems (ICCPS 2019) Nicola Paoletti Royal Holloway, University of London Joint work with: Scott A Smolka, Shan Lin,

406 views • 36 slides
National Cybersecurity preparation to deal with Cyber Attacks Dr. Chaichana Mitrpant Assistant

National Cybersecurity preparation to deal with Cyber Attacks Dr. Chaichana Mitrpant Assistant

National Cybersecurity preparation to deal with Cyber Attacks Dr. Chaichana Mitrpant Assistant Executive Director, Electronic Transactions Development Agency (ETDA) 1 Analog to Digital Era Over all Internet usage in Thailand

183 views • 15 slides
CAN ORGANIZATIONS SURVIVE A POLI-CYBER BREACH ? K e y n o t e b y K h a l e d F a t t a l MLi

CAN ORGANIZATIONS SURVIVE A POLI-CYBER BREACH ? K e y n o t e b y K h a l e d F a t t a l MLi

CAN ORGANIZATIONS SURVIVE A POLI-CYBER BREACH ? K e y n o t e b y K h a l e d F a t t a l MLi Group, C h a i r m a n ( @ ) M L i G r p ( d o t ) c o m 1 WHAT IS A POLI-CYBER ? CYBER ATTACKS PERPETRATED OR INSPIRED BY EXTREMIST

520 views • 17 slides
Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Micro-Architectural Attacks on Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical Systems Cyber Physical Systems (CPS) Cyber (Computer) + Physical (Plant) Real-time Control physical

310 views • 29 slides
CS 110 Summer 2018 Ryan Eberhardt DDoS Attacks

CS 110 Summer 2018 Ryan Eberhardt DDoS Attacks

CS 110 Summer 2018 Ryan Eberhardt DDoS Attacks https://www.reveelium.com/en/ddos-attacks-the-cyber-boogeyman-part-i/ DDoS Attacks 1,700 Gbps!! 2015 :-/

748 views • 20 slides
KNOW YOUR ROLE DO YOUR JOB: A mapping of skills and building a Cyber Security Career EILEEN. A.

KNOW YOUR ROLE DO YOUR JOB: A mapping of skills and building a Cyber Security Career EILEEN. A.

KNOW YOUR ROLE DO YOUR JOB: A mapping of skills and building a Cyber Security Career EILEEN. A. Cyber Defense and Forensics Analyst The Dilemma Caught in a web, ever growing cyber attacks, changes in technology. Strategies seem to last an

452 views • 28 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Vulnerability Analysis Of Optimal Power Flow Problem Under Cyber-Physical Security Attacks

Vulnerability Analysis Of Optimal Power Flow Problem Under Cyber-Physical Security Attacks

Vulnerability Analysis Of Optimal Power Flow Problem Under Cyber-Physical Security Attacks Devendra Shelar and Saurabh Amin Massachusetts Institute of Technology INFORMS November 15 th , 2016 Vulnerable Electricity Networks: Key issues Two

391 views • 7 slides
TOWARDS PREDICTING CYBER ATTACKS USING INFORMATION EXCHANGE AND DATA MINING Tuesday 26 th June,

TOWARDS PREDICTING CYBER ATTACKS USING INFORMATION EXCHANGE AND DATA MINING Tuesday 26 th June,

TOWARDS PREDICTING CYBER ATTACKS USING INFORMATION EXCHANGE AND DATA MINING Tuesday 26 th June, 2018 Martin Husk Jaroslav Kapar Introduction Information Exchange From collaborative intrusion detection to sharing expertise Numerous alert

372 views • 12 slides
Breaking Databases via SQLi attacks Azqa Nadeem PhD Student @ Cyber Security Group The Cyber

Breaking Databases via SQLi attacks Azqa Nadeem PhD Student @ Cyber Security Group The Cyber

Breaking Databases via SQLi attacks Azqa Nadeem PhD Student @ Cyber Security Group The Cyber Security lecture series 1 About Cyber Security lecture series The Cyber Security lecture series 2 About Cyber Security lecture series A hot

1.36k views • 97 slides
The Importance of DNS in Preventing Global Cyber Attacks Ricardo Rodrigues Effective Internet

The Importance of DNS in Preventing Global Cyber Attacks Ricardo Rodrigues Effective Internet

The Importance of DNS in Preventing Global Cyber Attacks Ricardo Rodrigues Effective Internet Security Has Never Been More Important The cost of security incidents has increased, driven by Ransomware $ 20,752 6M 1.6M $8,699 2013 2016

921 views • 32 slides

More recommend