Cyber Security in HealthIT Mark Longworth Independent Security Consultant

Slides:



Advertisements
Similar presentations
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Advertisements

Travelers CyberRisk for Insurance Companies
November, 2012 What’s The Rush? Learn Why Now is the Time to Become HIPAA Compliant.
DATA BREACHES IN HEALTHCARE BY CHUCK EASTTOM
David A. Brown Chief Information Security Officer State of Ohio
Working Jointly to Tackle e-Crime Paul Wright Hi-Tech Crime Team City of London Police.
OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.
IBM Security A New Era of Security for a New Era of Computing Pelin Konakcı IBM Security Software Sales Leader.
Formulating a Security Policy for the Modern IT Landscape.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
HEALTHCARE BREACHES Andrew Kuebler MIS 534 April 15, 2015.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.
Brett Miller, Medical School Chief IT Security Officer IRBMED Seminar Series April 28, 2015 Data Security.
1 © All Rights Reserved. William Gallagher Associates Insurance Brokers, Inc. Data Breach Prevention and Response: Front-End Detection and Back-End.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
ISMS for Mobile Devices Page 1 ISO/IEC Information Security Management System (ISMS) for Mobile Devices Why apply ISMS to Mobile Devices? Overview.
Business Continuity from an Insurance Perspective Presented by Jim Carter Manager, Risk & Insurance.
AUGUST 25, 2015 Cyber Insurance:
Secure Cloud Solutions Open Government Forum Abu Dhabi April 2014 Karl Chambers CISSP PMP President/CEO Diligent eSecurity International.
Secure Connections for a Smarter World Dr. Shuyuan Mary Ho Assistant Professor School of Information Florida State University.
Cyber Security Nevada Businesses Overview June, 2014.
Big Data Bijan Barikbin Denisa Teme Matthew Joseph.
Forensic Engineering Jake Vogel. What is Forensic Engineering The investigation of materials products or structures that fail or do not operate/function.
Using Computers for Health Care: Telemedicine Developments.
Security Trends & Industry Insights
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
Clinical Computing Secure, reliable technology that improves clinical workflow at the point of care.
Privacy & Data Protection for: Nonprofit Organizations Presentation for:
A PM’s Guide to Surviving A Data Breach. Compliance: PCI QSA and PCI Gap Analysis FISMA HIPAA SSAE 16 GLBA, Red Flags Response Incident Response and Disaster.
The First Step in Cybersecurity. Past Threats and Incident of Cybersecurity 76 % of organizations polled by CompTIA said they experienced them [a cybersecurity.
E NGINEERING STUDIES IN T ELECOMMUNICATIONS S ECURITY School of Communication Engineering.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
FFIEC Cyber Security Assessment Tool
Cybersecurity Risk, Remediation, Response Nathan Gibson, CCE, CEH.
Final HIPAA-HITECH Rules, Cybersecurity, and Privacy Dino TsibourisMehmet Munur (614) (614)
Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.
Friday 22nd April 2016 DS Chris Greatorex SEROCU
What lessons can we learn from other data breaches? Target Sentry Insurance Dynacare Laboratories 1 INTRODUCTION.
Tackling Fraud and Error: A Central Perspective Mark Cheeseman 21 st April 2016.
©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.
Being there When you need us Thats our policy. Cyber Awareness – what can be done?
Computer Security and the “H” word Glen Klinkhart, CEO Mike Messick, CTO.
October 28, 2015 Cyber Security Awareness Update.
Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union.
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
Healthcare Cybersecurity: State of Industry
Securing the Academy: Better Cybersecurity for Instructors and Administrators
Cybersecurity of Medical Devices
IS 360D Health Management Applications
Introduction to a Security Intelligence Maturity Model
Leverage What’s Out There
October 25, 2017 Medical Devices at Risk? The Current Cybersecurity Landscape in Healthcare Fall Meeting of the New England Society for Healthcare Materials.
Cyber Protections: First Step, Risk Assessment
5G Security Training
Andy Hall – Cyber & Tech INSURANCE Specialist
We want to hear from you! chime16.org/evals
National Cyber Security
The Practical Side of Meaningful Use:
Ransomware and Data breaches in public libraries
Open PHI Institute (OPHII)
Managing IT Risk in a digital Transformation AGE
Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.
Tobey Clark, Director*, Burlington USA
No!. [NEXT SLIDE] LOGO HERE.
DSC Contract Management Committee Meeting
Anthem Data Breach Group 2: Jing Jiang, Dongjie Wang, Haitao Huang, Binju Gaire, Parneet Toor.
Presented to Information Systems Security Association of Orange County
Presentation transcript:

Cyber Security in HealthIT Mark Longworth Independent Security Consultant

Who Am I? CIA Telecommunications Engineer Invented NetWitness: Network Forensics Analysis Tool (Spyware) Worked with the Intelligence Community to develop Forensics (spyware) and Counter-forensics (counterintelligence) solutions Challenged to investigate Health IT Security

SECURITY

Where are we now? Human Error Spy v. Spy  Criminal: Health IT Anthem (78m), Premera (11m), UCLA (4.5m), CareFirst (1.1m) In 2015: 43 reported hacker incidents, 110m breached records[1] Hacking, Theft/Loss (Laptop) PHI is worth money… you all have it [1]

But Wait… It’s Worse FDA / HHS warning on Medical Devices FDA Warning (Hospira’s LifeCare PCA3 and PCA5 Infusion Pump Systems) FDA / HHS warning on Medical Mobile Application Security errors can cost you: Money: Hard Losses, Reputation Losses, Remediation Losses, Penalties Life: Medical Devices hacked could lead to death or serious injury

Oh Yeah, and Also… EMR systems still being adopted ICD-10 Conversions Interoperability Communications systems lag other industries (Ponemon) Patient Capture systems: ZocDoc, etc. BYOD Cloud …

What People are Saying To Do Perform a Risk Assessment Follow good cybersecurity hygiene Don’t use default passwords Isolate things in your network

What can you do? SECURITY

What Can you REALLY Do? Risk Management Framework from NIST / NIST Get Organized Get Structured Prioritize Advance Maturity HIMS Risk Assessment Toolkit Other tool kits

Questions? Mark Longworth Independent Security Consultant

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.