Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek
Emerging & Trending Cyber Security Threats to Healthcare Presented by: Mac McMillan CEO, CynergisTek
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 2
HIMSS Cyber Security Survey 2015
Limited Disruption to Operations
Loss of Data/Information
Significant Impact on IT Systems
Damage to IT Systems
Other Impact
62%
21%
8%
8%
7%
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 3
• Phishing/hacking nets nearly $3M from six healthcare entities
• Vendor sells hospital’s X-rays (films) to third party
• Resident loses track of USB with over 500 orthopedic patients information
• 2200 physicians victims of ID theft/tax fraud
• Stolen laptop from nurse’s home with patient data
• Printers returned to leasing company compromise thousands of patient records
• 400 hospitals billings delayed as clearinghouse hit with ransomware
• Failure to apply fix to router results in compromise and loss of 4.5M records
• Mistake during software upgrade test results in 8000 letters mailed
• Physician held up at gunpoint, turns over passwords for computer and phone
• International hacking group uses phishing then hacking to steal information on 80M
people
• Three hospital networks compromised by medical device hack called MedJack
• New York hospital hacked by Pro-ISIS supporters, website defaced redirected to ISIS
propaganda
• And, on and on it goes…
Accidents, Mistakes & Deliberate Acts
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 4
More than 98% of all processes are automated, more than 98% of all devices are
networkable, more than 95% of all patient information is digitized, accountable
care/patient engagement rely on it. The enterprise is critical to delivering
healthcare. Any outage, corruption of data, loss of information risks patient safety
and care.
Increased Reliance
BYOD Physician Alignment
ACOs
Patient Engage-
ment
ICD-10
Tele-medicine
MU
FISMA
BAs
HIEs HIPAA/HI
TECH
Research
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek
• Organized Crime
• Hacktivists
• Cyber Thieves
• Malicious Insiders
• Careless Insiders
• Busy Insiders
• State Actors
• Financial Gain
• Intellectual Property
• Extortion
• ID/Med ID Theft
• Espionage
• Embarrassment
• Good Intentions
Threat Actors & Motivation
5
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 6
• 90% of survey respondents
said that their companies
had spent money of
technology scrapped
before, or soon after,
deployment.
• Reasons: complexity, lack of
expertise, inadequate
resources, other factors
Failed Solutions
Most companies buy
technology based on cost, not
security.
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 7
• The top four:
• Business Associates taking inadequate
precautions
• Growing proliferation of mobile devices
• Mistakes by staff members
• Hackers attempting to access records
2015: Changing Risk Priorities
Healthcareinfosec.com
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek
• This year billed as “more of everything”
as hacking explodes to more devices
• Pwnie Awards went to Shellshock, OPM &
Thomas Dullen
• Miller & Valasek continue to hack cars
• Hacking long range precision guided rifles,
oops don’t tell DoD
• 11,000 attended this year, 73% said their
organization would be hacked
• Workshops and “capture the flag”
contests
• The Hack Fortress contest
• Rubbing elbows with the Pros
Hacking is an Industry
8
“Some hackers call the weeks of Black Hat USA and Def Con Summer Camp”
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 9
• Darknets will be more active, participants will be vetted,
cryptocurrencies will be used, greater anonymity in malware,
more encryption in communications and transactions
• Black markets will help attackers outpace defenders
• Hyperconnectivity will create greater opportunity for
incidents
• Exploitation of social networks and mobile devices will grow
• More hacking for hire, as-a-service, and brokering
Monetizing Cyber Crime
RAND Corporation 2014
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek
Theft & Loss
Nearly half of all breaches involve some form of theft or loss of a device not properly protected.
10
Nearly 15% of breaches in healthcare are carried out by knowledgeable insiders for identity theft or some form of fraud.
Almost 12% of breaches are caused by mistakes or unintentional actions such as improper mailings, errant emails, or facsimiles.
There was almost a doubling of these types of attacks in 2014.
Top Security Risks in Healthcare
Insider Abuse
Unintentional Action
Cyber Attacks
Verizon 2014 Data Breach Investigations Report
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek
• It is estimated that more than half of all security incidents involve internal staff.
• 2010 -2015 witnessed an average 20% increase in medical identity theft year over year.
• Mistakes, snooping, theft, fraud, espionage, extortion, negligence, etc.
Insider Abuse
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek
• Need for risk based approach to
managing third parties
• Need greater due diligence in
vetting vendors
• Security requirements in
contracting should be SLA based
• Particular attention to cloud, SaaS,
infrastructure support, critical
service providers
• Life cycle approach to data
protection
• Detailed breach and termination
provisions
12
Supply Chains That Fail
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 13
• 2010/2011 successful hacks
demonstrated.
• DHS tests 300 devices from 40
vendors. ALL failed.
• 2014 multiple variants of a
popular blood pump hacked.
• 2015 MedJack hack exposes
vulnerability of network from
medical devices.
• FBI issues Alert on IoT threats
pose opportunity for cyber crime
Devices Threaten Safety & Information
By 2020 there will be 25
Billion connected devices.
– Gartner Research
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 14
• Expectation of cyber compromise doubled in 2015
• 20-40% of recipients in phishing exercises fall for scam/shift to business users
• Shift from URL based attacks to attachment based campaigns
• Social media campaigns targeting big events (Super Bowl/March Madness)
• Unsolicited mail campaigns, mostly foreign based
• DDOS attacks doubled from Q2 2014
• Unsupported systems present real risks
• Hardening, patching, configuration & change management…all critical
• Tools to interrogate entity/source system, filter risky points of origin, etc.
Malware & Advance Persistent Threats
“FBI alert warns
healthcare not prepared”
Various: Symantec, IBM, Solutionary Annual Threat Reports
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 15
• Medical staff are turning to their
mobile devices to communicate
because its easier, faster, more
efficient…but it is not secure
• Sharing lab results, locating another
physician for a consult, sharing
radiology images, updating staff on
patient condition, getting direction
for treatment, transmitting trauma
information to EDs, prescribing or
placing orders
• Priority placed on the data first and
the device second
• Restrict physical access where
possible, encrypt the rest
Data On The Move
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek
• ID theft and fraud costs billions each year, affecting everyone
• Identity theft incidents come from many different directions
– Insiders selling information to others
– Hackers exploiting systems
– Malware with directed payloads
– Phishing for the “big” ones
16
ID Theft & Fraud
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 17
• More than half of healthcare data breaches due to loss or theft of devices
• 1 in 4 houses is burglarized, a B&E happens every 9 minutes, more than 20,000 laptops left in airports annually
• First rule of security: no one is immune
• 6 – 10%: the average shrinkage rate for mobile devices
Theft & Loss Still Prevalent
“unencrypted laptops and mobile
devices pose significant risk to the
security of patient information.”
– Sue McAndrew, OCR
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 18
Targeted Attacks
34%
39%
49%
50%
53%
53%
59%
63%
65%
69%
Brute Force Attacks
Denial of Services (DoS)
Social Engineering Attacks
Malicious Insiders
Exploit Known Software Vulnerabilities
Zero Day Attacks
Cyber Attacks
APT Attacks
Negligent Insiders
Phishing Attacks
HIMSS 2015 Cyber Security Survey
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 19
Barriers To Data Security
Barriers to Successful Implementation of Data Security
Percent
Lack of Personnel 64%
Lack of Financial Resources 60%
Too Many Emerging/New Threats 42%
Too Many Endpoints 32%
Not Enough Cyber Threat Intelligence 28%
Too Many Applications 25%
Lack of Tools to Use/Deploy Cyber Threat Intel 20%
HIMSS 2015 Cyber Security Survey
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 20
The Cost of Security Grows
Discovery, Notification &
Response
Business Disruption
ID Theft Monitoring
Investigation/Review
Civil Penalties
Federal CAP/RA
State Actions
Law Suit Defense
Criminal Penalties
Insurance
Degradation of Brand/Image
Distraction of Staff
VBP Payments Impacts
HCAPPS Score Impacts
Patient Confidence/Loyalty
Physician Alignment/Nurses
and Staff Agreement
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 21
Cybersecurity Insurance?
• Most cybersecurity insurance only covers a fraction of
large breach costs
• Insurance providers are looking to increase premiums
and enhance underwriting provisions to avoid losses
associated with large incidents
• Additional exclusionary language emerges
• Right to investigate independently asserted
• Columbia Casualty vs. Cottage Health System
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 22
• Implement continuous program of risk assessment and
management
• Increase knowledge of threat actors
• Maintain a current environment
• Improve detection and reaction capabilities
• Implement data exfiltration controls
• Enhance user education and accountability
• Implement active vendor security management
• Address long term challenges around medical devices
• Plan for incidents
Priorities For Healthcare
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 23
“Healthcare security teams must move past
compliance and focus on security.” Forester Research 2015
Healthcare Needs A New Focus
CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 [email protected] cynergistek.com @CynergisTek 24
Questions
Mac McMillan
512.405.8555
@mmcmillan07
Questions?
?