Presentation is loading. Please wait.

Presentation is loading. Please wait.

CYBER RISKS IN THE HEALTHCARE INDUSTRY HIROC 's Annual Risk Management Conference, April 2015 Jim Patterson, Partner, Co-Head of Fraud Law, Toronto, Bennett.

Published byCaren Charles Modified over 8 years ago

Similar presentations

Presentation on theme: "CYBER RISKS IN THE HEALTHCARE INDUSTRY HIROC 's Annual Risk Management Conference, April 2015 Jim Patterson, Partner, Co-Head of Fraud Law, Toronto, Bennett."— Presentation transcript:

1 CYBER RISKS IN THE HEALTHCARE INDUSTRY HIROC 's Annual Risk Management Conference, April 2015 Jim Patterson, Partner, Co-Head of Fraud Law, Toronto, Bennett Jones LLP, pattersonj@bennettjones.compattersonj@bennettjones.com Michele Beals, Interim Joint VP Finance & CFO, William Osler Health System, Headwaters Health Care Centre, michele.beals@williamoslerhs.camichele.beals@williamoslerhs.ca

2 Cybercrime – What is it? Criminal offences involving a computer as the object of the crime (i.e. hacking, phishing, and spamming); and Criminal offences involving a computer as the tool used to commit a material component of the offence (i.e. identity theft, intellectual property infringements, money laundering, child sexual exploitation, and cyber bullying). See section 342 of the Criminal Code Cyber threats are both internal and external 2

3 Cybercrime Affecting the Healthcare Industry Healthcare records are particularly valuable to cybercriminals because the data has broad utility. It is exposed to various threats : Hacking Phishing Spoofing Zombie Computers Botnet Operations Malware 3

4 Two main types of threats 1)Attack requires no information from the victim 2)Victim's active involvement required Both types have their own unique risk management issues Highest risks are when victims are misled to believe that messages are from internal or trusted sources 4

5 Effective Management of a Cyber Attack Case Study 5

6 Case Study (Phishing targeting public sector) Phishing email was sent to the executive office announcing electronic banking changes and requesting the completion of a system update. Email forwarded to accounting department requesting the matter be addressed. Finance staff acted on this direction and completed the update as requested. Routine review of banking files at the start of a work week highlighted the 3 questionable payroll files processed over the weekend. Working with the bank it was confirmed the account had been compromised approximately 1 month after the phishing email had been acted on. 6

7 Case Study – lessons learned All it takes is a click of an email Early involvement of HIROC provided expertise and guidance Cyber crimes are highly sophisticated Internal emails create a sense of urgency and or comfort – education around email generated phishing needs to be to directed to all staff on a frequent basis Understand your banking agreements Banks will never place a systems login request using an email with a direct link. 2 stage banking authorization, by 2 individuals is best practice – external confirmation with a token is optimal. 7

8 Reporting Cybercrime HIROC Report early for best results Canadian Anti-Fraud Centre Partnership among the RCMP, the Ontario Provincial Police and the Competition Bureau Canada's central repository for data and fraud intelligence Local Police Banks Ensure that counsel review banking agreements to identify liabilities for any cybercrime that affect the organization’s bank accounts 8

9 CYBER RISKS IN THE HEALTHCARE INDUSTRY HIROC 's Annual Risk Management Conference, April 2015 Jim Patterson, Partner, Co-Head of Fraud Law, Toronto, Bennett Jones LLP, pattersonj@bennettjones.com pattersonj@bennettjones.com Michele Beals, Interim Joint VP Finance & CFO, William Osler Health System, Headwaters Health Care Centre, michele.beals@williamoslerhs.ca michele.beals@williamoslerhs.ca

Download ppt "CYBER RISKS IN THE HEALTHCARE INDUSTRY HIROC 's Annual Risk Management Conference, April 2015 Jim Patterson, Partner, Co-Head of Fraud Law, Toronto, Bennett."

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Jennifer Perry. We help victims of e-crime and other online incidents – Web based service – Providing practical, plain language advice – No-nonsense advice.

Jennifer Perry. We help victims of e-crime and other online incidents – Web based service – Providing practical, plain language advice – No-nonsense advice.
UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.

UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Breaking Trust On The Internet

Breaking Trust On The Internet
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Measuring Cybercrime Pieter Hartel. How? Victim reporting initiatives »FBI Internet Criminal Complaint Centre Population and business surveys »CBS (Statistics.

Measuring Cybercrime Pieter Hartel. How? Victim reporting initiatives »FBI Internet Criminal Complaint Centre Population and business surveys »CBS (Statistics.
Page 1 Presented Insp. Amos Sylvester Trinidad and Tobago Police Service.

Page 1 Presented Insp. Amos Sylvester Trinidad and Tobago Police Service.
Cyber X-Force-SMS alert system for E-mail threats.

Cyber X-Force-SMS alert system for threats.
Acorn.gov.au The ACORN REPORT. PROTECT. PREVENT. acorn.gov.au What is cybercrime? REPORT. PROTECT. PREVENT In Australia, the term 'cybercrime' is used.

Acorn.gov.au The ACORN REPORT. PROTECT. PREVENT. acorn.gov.au What is cybercrime? REPORT. PROTECT. PREVENT In Australia, the term 'cybercrime' is used.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1. 2 A High Tech Crime Investigation Lessons learned by the National High Tech Crime Center Hans Oude Alink, project leader NHTCC November 2005.

1. 2 A High Tech Crime Investigation Lessons learned by the National High Tech Crime Center Hans Oude Alink, project leader NHTCC November 2005.
Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.

Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
© 2008. Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.

© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Creating Trust in Critical Network Infrastructures Canadian Case Study Michael Harrop.

Creating Trust in Critical Network Infrastructures Canadian Case Study Michael Harrop.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
By: Lukas Touder Cortney Warrick Jennifer Wehner Zachary Westpy Nicholas Whelan Cybercrime.

By: Lukas Touder Cortney Warrick Jennifer Wehner Zachary Westpy Nicholas Whelan Cybercrime.
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Similar presentations

Ads by Google