View the Replay

Speakers

Shellie Zavatsky Trent LongDirector of Internal Audit

at Hurley Medical

Center

Director of Managed Privacy

Services at FairWarning, Inc

Agenda What are the new advanced threats to patient data?

Implications of global cybersecurity attacks to your organization

Response tactics to global cybersecurity attacks

Implications of terror to securing patient data

Response tactics to terror attacks

Implications of identity theft and fraud

Response tactics to identity theft and fraud

Driving threats out of your organization through technology and culture

Protecting Patient Information in the Age of Advanced Threats

• Threats to patient data now include:

• Threats to patient information have advanced in a short amount of time

• Advanced threats require innovative tactics to secure patient data

• People Approach combining technology and training

Global Cybersecurity Attacks

Terror Identity Theft Fraud Drug AddictionBasic HIPAA Violations &

OCR Investigations

Here’s Why We are Able to Obtain this Data

✓Global Customer Base

✓40% + US Market Share of Major Healthcare Providers

✓FairWarning®’s Managed Privacy Services (MPS) monitors over 500,000 healthcare provider employees and affiliates

✓MPS reviews thousands of potential incidents per month

✓Over 5,000 confirmed privacy and security incidents

Global Cybersecurity Attacks

Here’s why it’s important to know• 2017 there’s been an increase in the number of

organizations affected by global cybersecurity attacks/terror

Here are the implications to your organization• Interrupt services to your healthcare patients

• Reputational Damage

• Business Continuity

Here is what we have seen• Hacktivist groups

• Compromised user credentials

Response Tactics Global Cybersecurity Attacks

• Statistical Deviations

• Visualization

• Intelligent Filtering “Day to Day” or Forensically

• Behavior Analysis w/Machine Learning

• Network Compromise - Forensics Investigation of Clinical Apps & EHRs

• FairWarning Ready Information Security Partners

Terror Attacks• Happens without notice

• Instantaneous worldwide media attention ‘Breaking News On CNN’

• Massive international curiosity over victims - patients

• Immediate escalation of patient and institutional risks

• Poor handling can jeopardize law enforcement, legal proceedings, and prosecution of the accused

Response Tactics: Terror Attacks

• Privacy and Security “Partner”

• Every effort to proactively reach out to customers

• FairWarning® MPS Specialists Available

• Close partnership with our customers

• Comprehensive behavior analysis packages put in place to instantly monitor victims

Identity Theft and Fraud

Here’s why it’s important to know• Widescale fraud and identity theft are prevalent at any

organization no matter the size or location

• Fueled by IRS tax fraud and medical identity theft

• Active identity theft criminal networks in major metros

• Has become business as usual for care providers

Here are the implications to your organization• Happens at a moment’s notice

• Local law enforcement, FBI, and Department of Justice investigate 3rd party tips that lead to the care provider

• $1.3 Billion strike force

Here is what we have seen• FairWarning® called in to meet highest stake cases

Response: Identity Theft and Fraud

• Close Partnership with Customers

• Rapid Escalation Upon Detection

• Professional and Legal Documentation of Potential Incidents in the FairWarning® Platform

• Statistical Deviations

• Visualization

• Intelligent Filtering “Day to Day” or Forensically

• Behavior Analysis w/Machine Learning

• Dynamic Identity Intelligence

Basic HIPAA and OCR Investigations

Snooping Remains a Challenge

Expanded Emphasis on Employees

OCR Requires Documented Appropriate Monitoring Program

Create Culture of Privacy and Compliance

Read more

Read more

Read more

Read more

Under OCR Resolution Agreement

Upticks related to new behavioral analytics implemented

Enterprise

Upticks related to new facilities acquired by covered entity

Mitigating Threats to Patient Data Through Technology and “People Training”

We want to note that the threats to patient data are mitigated through a combined approach of technology and training your workforce.

Culture of Privacy and Security:

▪ Executive Support - support from the CEO

▪ New hire HIPAA training

▪ Ongoing training with security incidents

▪ Employee accountability

▪ Dynamic Identity Intelligence