Prevention is best … but what if …

Slides:

Advertisements

Similar presentations

Enterprise Architectures

Advertisements

Series 2: Project Management Understanding and Using 6 Basic Tools 9/2013 From the CIHS Video Series “Ten Minutes at a Time”

TELEPHONE PROCEDURES AND SCHEDULING

1 Storage Today Victor Hatridge – CIO Nashville Electric Service (615)

Date: 03/05/2007 Vendor Management and Metrics. 2 A.T. Kearney X/mm.yyyy/00000 AT Kearney’s IT/Telecom Vendor Facts IT/Telecom service, software and equipment.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

November 2009 Network Disaster Recovery October 2014.

User Services. Services Desktop Support Technical Support Help Desk User Services Customer Relationship Management.

Antivirus Technology in State Government Kym Patterson State Chief Cyber Security Officer Department of Information Systems.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Keeping you Running Part I Experiences in Helping Local Governments Develop Cyber Security and Continuity Plans and Procedures Stan France & Mary Ball.

Module 7. Data Backups  Definitions: Protection vs. Backups vs. Archiving  Why plan for and execute data backups?  Considerations  Issues/Concerns.

David N. Wozei Systems Administrator, IT Auditor.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

2008 NAPHSIS Annual Meeting Celebrating 75 Years of Excellence Orlando, FL June 1 st – 5 th, 2008 The Kentucky Vital Records EVVE Experience.

1 Availability Policy (slides from Clement Chen and Craig Lewis)

FNAL System Patching Design Jack Schmidt, Al Lilianstrom, Andy Romero, Troy Dawson, Connie Sieh (Fermi National Accelerator Laboratory) Introduction FNAL.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Project 2003 Presentation Ben Howard 15 th July 2003.

Planning a Group Policy Management and Implementation Strategy Lesson 10.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

IT Priorities Minimize CAPEX Maximize employee productivity Grow the business Add new compute resources real- time to support growth Meet compliance requirements.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

This material was developed by Oregon Health & Science University, funded by the Department of Health and Human Services, Office of the National Coordinator.

BIS TCO Assessment Tool Mark Alexieff Senior Product Manager Exchange Server marketing December 16th, 2004 Mark Alexieff Senior Product Manager Exchange.

Staff Assessment Technology Services Department Palmyra Area School District.

Gaspar Modelo-Howard NEEScomm Cybersecurity Software Engineer Saurabh Bagchi NEEScomm Cybersecurity Officer.

MSB Network Orientation. Basics Welcome from the MSB Tech Center Tech Center Staff – 13 Permanent – 30+ Students Serve MSB Only – 3200 Users.

Malware Removal Could Be the Toughest Computer Repair Job Computer owners are often shocked at the price of computer repair services to clean up a virus.

Information Technology Overview Welcome to NC State!

 December 2010 US Chief Information Officer Vivek Kundra released the Federal Cloud Computing Strategy. This became to be what is known as “Cloud First”

Virtual IT Partner TOOLS. 2 Toolset Overview Provides a unified approach to the most common and needed management tools needed in IT Saves money by consolidating.

Security Awareness Our security depends on you. What IT Security Protects ECU Campus network and everything attached to it Information –personal data.

INTRODUCTION TO DESKTOP SUPPORT

Your Office 365 Journey Prepare, Migrate, and Operate with Barracuda

Care Coordination and Interoperable Health IT Systems

Microsoft Virtual Academy

46elks Add-In for Microsoft Office 365 Excel Makes it Easy to Add SMS and Voice to Any Website or App – Just Install, Select Numbers, and Hit Send OFFICE.

Leverage What’s Out There

Microsoft SharePoint Server 2016

Microsoft /21/ :25 AM THR3060 Empowering education for students through the power of Microsoft Azure & Server 2016 Annur Sumar CTO, MaeTech.

Enterprise Architecture

Information Technology (IT) Department

A Trojan is a computer program that contains the malicious code and it misleads users and user's computer. It aims to designed to perform something is.

Infrastructure, Data Center & Managed Services

Skyhigh Enables Enterprises to Use Productivity Tools of Microsoft Office 365 While Meeting Their Security, Compliance & Governance Requirements Partner.

ITIL: Why Your IT Organization Should Care Service Support

LGC Website, Software updates, Documentation, and Videos

Healthcare Cloud Security Stack for Microsoft Azure

Planning a Group Policy Management and Implementation Strategy

SharePoint Administrative Communications Planning: Dynamic User Notifications for Upgrades, Migrations, Testing, … Presented by Robert Freeman (

Technology Resources Welcome to Texas State!.

ITIL: Why Your IT Organization Should Care Service Support

Business Contingency Planning

Clinic influx Scenarios

Business Continuity Technology

Planning and Security Policies

AllianceChicago Services - Architecture Overview and Q&A

Healthcare Cloud Security Stack for Microsoft Azure

Locking and Unlocking encounters

Welcome Traceability Software Integrators

ITIL: Why Your IT Organization Should Care Service Support

Continuity of Operations Planning

Dave Catherman BSEE /CS 1979 U. of Idaho 9 years in U.S. Navy

Technology Department Annual Update

Agenda The current Windows XP and Windows XP Desktop situation

IT Information for Graduate Students

IT Next – Transformation Program

Microsoft Virtual Academy

Presentation transcript:

Prevention is best … but what if … One Data Center’s Experience

Kern Medical Center (KMC) County Hospital 222 beds, Level 2 Trauma Center Teaching Hospital Minimal funding

KMC IT Infrastructure Diverse Construction – 1930 to present Hardwired LAN, adding wireless Flat LAN, migrating to segmented LAN Windows PCs & Citrix Thins Windows & Linux servers Primarily McKesson patient care apps Implementing Open Source EMR

Day 1– 7/26 IT Help Desk calls re: “long print jobs” No noticeable performance issues No access issues

Day 2 – 7/27 AM Continued calls re: “print problems” Calls re: “slow to boot” Calls re: “can’t access application”

Day 2 – 7/27 Afternoon Severe performance issues Severe access issues Reports of pornography Called “Code Triage” Shutdown all systems and implemented “downtime procedures” Initial request for AV vendor support

Day 2 – 7/27 PM Disconnect KMC from all other County departments Verify integrity of patient care servers Cancel downtime procedures for patient care applications

Day 3 – 7/28 AM PM Download new .dat file and “stinger” from AV vendor Deep scan all file servers PM Implement “super locked down” AV profile Results of scans don’t match impact reports Contact alternate AV vendor and secure a 60-day evaluation license

Day 4 – 7/29 Staff programmer creates a script to locate and delete all offending .lnk files Extensive testing Tighten AV policies Midnight – success at preventing new .lnk file creation

Day 5 – 7/30 Apply latest .dat file Tighten policies even more and schedule 4:00 a.m. deep scans for all servers and PCs

Day 6 – 7/31 Reimage worst PCs Try to locate any PCs not “talking” to the AV policy administration software Focus on administrative user PCs

Day 7 – 8/1 Reimage worst PCs Try to locate any PCs not “talking” to the AV policy administration software Focus on administrative user PCs

Day 8 – 8/2 Test latest .dat file Results appear better Applied Microsoft “patch”

Day 9 – 8/3 Apply latest .dat file Continued testing Disappointing results Original AV misses 8 of 13 virus Alternate AV catches all 13 Transmit 13 virus samples and result files to AV vendor – communicate criticality of the situation and threat of no contract renewal

Tips from the trenches

Remember your business Patient care is number 1! Ask for support from your CMO & CNO if necessary Communicate your priorities to all staff

Your AV vendor works for you Involve your AV vendor Demand escalation Have your AV sales representative’s phone number available Remind your sales representative of the contract renewal date

Don’t expect your AV vendor to repair your systems AV vendors focus on detection and prevention Repair is a distant second priority for them Develop a plan for recovery Identify skilled staff Identify the recovery effort leader/manager

Diversity is good … maybe great Implement operating system diversity Linux servers Windows PCs and Thins If all Microsoft, then implement antivirus diversity – different AV on servers and PCs Implement a combination of software and hardware (appliance) prevention

Divide and Conquer Servers first Thins next PCs last work inside-out data integrity is critical interrupt the transmission path Thins next can affect many with least effort PCs last most labor intensive

Beware of Distractions Test all manifestations of the virus until you locate the “real” culprit Save copies of the virus for testing your solution

Segment your LAN Can help quarantine the infestation Allows you to prioritize recovery by functional unit

Backups Back up everything – perform an audit Test restore all backup types

Contact Information Bill Fawns fawnsb@co.kern.ca.us (661) 326-5480 (office) Administrative support Brenda Reed (661) 326-2424