Tuesday March 15, 2016 Session 19-D Technology Forum David Finkelstein, CIO RiverSpring Health.

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Information Security and YOU!. Information Assurance Outreach Information Security Online Security Remote Access with Demonstration The Cloud Social.
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
IT security By Tilly Gerlack.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Service Provider Introduction. Presentation Goals Overview of CareLike Profiling – what is it and how will it help my business? Live Demo Profiling Tips.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Information Systems Security New Faculty Orientation Day Queen’s University August 2011 George Farah, GIAC/GSEC Gold, CRISC, CISA University Information.
INTERNET: The Good, The Bad and The Ugly
Protecting Your Identity: Information Security Basics Presented by:Barbara D. Kissner SVP & CIO International Fidelity Insurance Company March 18, 2014.
A Matter of Your Personal Security Phishing. Beware of Phishing s Several employees received an that looked legitimate, as if it was being.
Cyber Attacks Threaten: privacy reliability safety resiliency 2.
A Matter of Your Personal Security Phishing Revised 11/30/15.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
PHISHING PRESENTED BY: ARQAM PASHA. AGENDA What is Phishing? Phishing Statistics Phishing Techniques Recent Examples Damages Caused by Phishing How to.
FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET    1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO Phishing.
Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Fourth and Goal: Score with Meaningful.
Technological Awareness for Teens and Young Adults.
Computer Security Keeping you and your computer safe in the digital world.
Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
Important Information Provided by Information Technology Center
CYBERSECURITY SOLUTIONS
Information Security Incident Response Primer
Team 1 – Incident Response
Information Security.
Responding to Intrusions
How to Protect Yourself from ID Theft and Social Engineering
Cyber Protections: First Step, Risk Assessment
Information Security 101 Richard Davis, Rob Laltrello.
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Joe, Larry, Josh, Susan, Mary, & Ken
Phishing is a form of social engineering that attempts to steal sensitive information.
Staying Austin College
Forensics Week 11.
Presented by: Brendan Walsh Manager, Security and Access Management
Cybersecurity Awareness
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
Robert Leonard Information Security Manager Hamilton
Advanced Services Cyber Security 101 © ABB February, | Slide 1.
Red Flags Rule An Introduction County College of Morris
We want to hear from you! chime16.org/evals
National Cyber Security
David J. Carter, CISO Commonwealth Office of Technology
Cybersecurity Am I concerned?
Keeping your data, money & reputation safe
9 ways to avoid viruses and spyware
Tom Murphy Chief Information Security Officer
6. Application Software Security
Cybersecurity Simplified: Phishing
Anatomy of a Common Cyber Attack
Presentation transcript:

Tuesday March 15, 2016 Session 19-D Technology Forum David Finkelstein, CIO RiverSpring Health

RiverSpring Health – A New Brand with a Century of History An Internationally recognized non-profit geriatric care organization offering a full continuum of senior care, serving more than 12,000 older adults in the greater New York area with services including: Hebrew Home at Riverdale - Skilled nursing facility providing post-acute rehab services, memory care, low vision care, Alzheimer's care, long term care. RiverSpring RiverWalk Independent Living, The Terrace at Riverdale assisted living, and Hudson House subsidized housing RiverSpring Rehabilitation RiverSpring Social Day Care RiverSpring at Night Weinberg Center for Elder Abuse Prevention RiverSpring Certified Home Health Agency RiverSpring Health Plans RiverSpring Care Management RiverSpring Services Corp

Threat of Future Security Attack Source: 2015 HIMSS Cybersecurity Survey

The financial impact is REAL Source: 2015 Cost of Data Breach Study by Ponemon Institute LLC

What can YOU do to protect your organization’s data AND reputation Defense in Depth – Training, P&P, On/off boarding, Minimum Necessary access, separation of duties, anti-virus, MDM, access controls, patching, LEM Correlation Defense in Breadth -Secure Perimeter, lock down access, training, drills -Best Practices – Reduce Attack Surfaces – Create Secure People, Processes, & Systems – Engage Third Party Experts for Validation

Conducting a Vulnerability Assessment External Vulnerability Assessment & Pen Test Internal Penetration Test Social Engineering – Phishing Attack & Spear Phishing Attack – Baiting Attack – Tailgating Attack

External Vulnerability Assessment & Pen Test Use of computer aided tools to: – Evaluate risks such as open ports – Missing security patches – Weak defenses

Internal Penetration Test Security tools to test: – Missing Security Patches – Improperly Shared Drives / Data – Weak Passwords – Rouge Devices – Server Hardening

Social Engineering Phishing - The act of tricking someone into revealing private or sensitive information Spear Phishing – a targeted phishing attack, where high value individuals with access to large amounts of confidential information or financial assets are targeted

How can we protect ourselves? Be suspicious of everything, especially from an unknown or inconsistent address Be extra cautious if an asks for credentials or referring to an external link Provide training to your organization frequently Encourage recipients of questionable to contact your IT team immediately

What can a Phishing attack look like?

How can we identify a Phishing Attack? -Sender’s Name and address do not match -Sender’s address is mis-spelled -Red Outlook Warning that the message is potentially unsafe -Incorrect capitalization in Name -Unusual Request – IT should NEVER ask for confidential information such as date of birth or password

What if this was a REAL attack? Hackers would be able to log into the company network and access confidential information about the business, staff, patients, members, residents. Use the network access to scan the network for vulnerabilities which could lead to compromise or damage to critical business systems Damage the reputation of the organization Install a virus or other malware onto the systems Attempt to access personal information where you re-use the same password at other sites, including banking, eCommerce and others

Questions? Thank You ! David Finkelstein, CIO RiverSpring Services Corp Bronx, NY office mobile

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.