External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

Slides:



Advertisements
Similar presentations
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Advertisements

How to protect yourself, your computer, and others on the internet
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Friday June 6, 2014 OBJ: SWBAT understand what identity theft is, what the consequences are, and how to prevent it. Drill: What statement is this cartoon.
Protecting Your Identity: What to Know, What to Do.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah
Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.
Chapter 1 Introduction to Security
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Information Security Information Technology and Computing Services Information Technology and Computing Services
© Affiliated Computer Services, Inc. (ACS) 2010 ACS Encryption.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
TRACs Security Awareness FY2009 Office of Information Technology Security 1.
MKTG 476 SECURITY Lars Perner, Instructor 1 Internet Security  Servers  Hacking  Publicly available information  Information storage  Intrusion methods.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Preventing Identity Theft in Aspen Falls Helping citizens protect themselves IdentityTheft.
Information Security and YOU!. Information Assurance Outreach Information Security Online Security Remote Access with Demonstration The Cloud Social.
Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.
Legal Division CSAA Insurance Group, a AAA Insurer Protecting Your Identity: What to Know, What to Do 2015 Risky Business Week.
Unethical use of Computers and Networks
SPH Information Security Update September 10, 2010.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
Protecting Yourself from Fraud including Identity Theft Advanced Level.
Grants Management Training 200 Cyber Security There are two kinds of people in America today: Those who have experienced a cyber-attack and know it, and.
Alert against Online Shopping Frauds. Online Shopping A form of electronic commerce whereby consumers directly buy goods or services from a seller over.
Prevent Data Breaches and PII from Walking Out the Door Jim Farrell, Senior Vice President Products Archive Systems 9/18/2015.
Cybersecurity Risk, Remediation, Response Nathan Gibson, CCE, CEH.
Cyber Safety Jamie Salazar.
INTRODUCTION & QUESTIONS.
Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,
Protecting Yourself from Fraud including Identity Theft Personal Finance.
The Dangers and Consequences of Identity Theft By: Deandre Bennett.
Protecting Your Assets By Preventing Identity Theft 1.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Protecting Yourself from Fraud including Identity Theft Advanced Level.
Zeus Virus By: Chris Foley. Overview  What is Zeus  What Zeus Did  The FBI investigation  The virus for phones  Removal and detection  Conclusion.
Jeff loses his identity! Lesson 5: Identity Theft.
Tuesday March 15, 2016 Session 19-D Technology Forum David Finkelstein, CIO RiverSpring Health.
Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.
Unit 1 Understanding computer systems: How legal, ethical, safety and security issues affect how computers should be used OCR Cambridge Nationals in ICT.
Warm Up: Identity Theft: Quick Write 1. What is Identity Theft? 2. What is Fraud?
Protecting Your Assets By Preventing Identity Theft
October 27, 2016 Main Line Association for Continuing Education
Protecting Yourself from Fraud including Identity Theft
Protecting our institutional and your personal data
Protect Your Computer Against Harmful Attacks!
Forensics Week 11.
Protecting Yourself from Fraud including Identity Theft
Agenda Consumer ID theft issues Data breach trends Laws and regulations Assessing and mitigating your risk.
Ethics, Part 2 Chapter 5 pp National Income Tax Workbook™
Protecting Yourself from Fraud including Identity Theft
Computer Security.
Protecting Your Company’s Most Valuable Asset
Protecting Yourself from Fraud including Identity Theft
Protecting Yourself from Fraud including Identity Theft
Anthem Data Breach Group 2: Jing Jiang, Dongjie Wang, Haitao Huang, Binju Gaire, Parneet Toor.
Security in mobile technologies
Protecting Yourself from Fraud including Identity Theft
Founded in 2002, Credit Abuse Resistance Education (CARE) educates high school and college students on the responsible use of credit and other fundamentals.
School of Medicine Orientation Information Security Training
Presentation transcript:

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH

 Certified Ethical Hacker (C|EH)  Cyber-security Researcher  AVP & Chief Information Security Officer  UT Southwestern Medical Center Joshua Spencer

Overview  Why do hackers want my healthcare data?  Who wants to steal it?  How do they do it?  What is the impact of a breach?  How do I protect against it?

Why do hackers want my healthcare data? *2014 Verizon Data Breach Investigations Report

*2015 CSID Medical Identity Theft Report

Who are the external “hackers”? *Dell Secureworks Healthcare Data Security Threats

How am I being hacked? *2014 Ponemon Benchmark Study on Patient Privacy and Data Security

Employee receives fraudulent reminding employee to “Confirm their Recent Promotion” User clicks link in and logs into fake HR website Hacker logs Into network remotely using stolen password Hacker scans network and steals databases Hacker sells stolen information on black market to identity thieves Hacker logs into employee to send fraudulent to all contacts Employee Phishing

Employee receives fraudulent reminding employee to “Confirm their Recent Promotion” User clicks link in and logs into fake HR website Hacker logs into network remotely using stolen password Hacker scans network and steals databases Hacker sells stolen information on black market to identity thieves Hacker logs into employee to send fraudulent to all contacts Create and sell fraudulent medical, Social Security and State ID cards Obtain prescriptions for narcotics Partner with illicit providers for fraudulent Medicare billing Employee Phishing

Vendor hacked Hacker accesses customer databases Hacker logs Into your network remotely and steals databases Hacker sells stolen information on black market to identity thieves Hacker logs Into employee to send fraudulent to all contacts Vendor Compromise

Website had a software flaw discovered Bug allows a hacker to bypass the login Company fails to apply the security update quickly enough Hacker uses a network of infected computers to attack website Attack installs data stealing program Program scans for juicy data (SSN) Data sent to attacker’s computers Hacker sells stolen information on black market to identity thieves Computer now used to attack other companies Website Hacking

Employee’s computer has a software flaw discovered Employee visits a hacked website Company fails to apply the security update quickly enough Attack installs data stealing program Program scans network for juicy data (tax returns, spreadsheet s with SSN) Data sent to attacker’s computers Hacker sells stolen information on black market to identity thieves Computer now used to attack other companies Internet Use

How am I being successfully hacked? *2014 Ponemon Benchmark Study on Patient Privacy and Data Security

What is the impact of a breach?  Consequences of a breach are much greater than most other industries  Incorrect medical records (blood type, allergies, conditions) causes patient safety risks  HIV status disclosure is much more emotionally damaging than a Home Depot purchase history  Can’t give patients a new identity like you can with Credit Cards *2014 Ponemon Benchmark Study on Patient Privacy and Data Security; Dell Secureworks Healthcare Data Security Threats

What is the impact of a breach?  $398 per health record on average in the U.S.  Does not factor in reputational damage  Increasing civil penalties from HHS, up to $1.5 million  Heavy scrutiny from media and regulators  80% of new patients screen their provider on search engines  Increasing use of “vendor scorecards” will hurt customer growth *2014 Ponemon Benchmark Study on Patient Privacy and Data Security; Dell Secureworks Healthcare Data Security Threats

How do I protect my healthcare data?  Factor security into your 3 rd party vendor evaluations  Hire or contract with Information Security specialists  Train employees on recognizing fraud  Know where your data is going  Backup your important data  Use two-factor authentication

Overview  Why do hackers want my healthcare data?  Who wants to steal it?  How do they do it?  What is the impact of a breach?  How do I protect against it?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.