1. 2014 Leadership Lunch & Learn Series “SECURITY FROM THE TOP DOWN”

2. The Series Purpose ◦Provide leaders with the knowledge and resources to protect themselves, their staff, and our patient data resources ◦Provide invitation to security (reverse a wrong) Content ◦Topics and discussions will be different each quarter. ◦Q1 will be Awareness Education & Training information Dates ◦February 2014 ◦April 2014 ◦August 2014 ◦November 2014

3. Facts The average economic impact of a data breach over the past two years for the responding healthcare organizations $2.4 million 2.5 percent of U.S. households with children under age 18 experienced child identity fraud 1/40 Children 1 in 4 consumers that received a data breach letter became a victim of identity fraud, which is the highest rate since 2010 1/4 Adults

4. Fantasy Land Regional Medical Center (RMC) ◦Cutting edge technology ◦BYOD ◦Diverse staff ◦Security - “Not my job” The Breach ◦Credit Card Data (PCI) ◦Patient Data (PHI) ◦Staff records (PII) The Result ◦Drop in admissions due to community mistrust ◦Loss in productivity due to employee PII cleanup ◦Financial losses

5.  Hospital Hacked, Notifies 43K Patients  Froedtert Health in Milwaukee  Hacked Washington Hospital Hit By $1.03 Million Cyberheist  Moved an estimated $1.03 million out of the hospital’s payroll account into 96 different bank accounts mostly at banks in the Midwest & East Coast.  Server hacked at OSU Hospital  PII stolen  Ohio State University Medical Center  New Bug Threatens Hospital Systems  Kaspersky Security Analyst Summit  Heating and cooling systems, elevators and alarm system  Hacked within 25 seconds  Extortionists or disgruntled employees  Anonymous Attacks Oxford University  Anonymous’ campaign to attack networks affiliated with Gov  Device Manufacturers Must Fix Cyber Risks Now  Department of Homeland Security (DHS) issued warning  300 medical devices from about 40 vendors vulnerable This Is Rare, Right?  Edward Snowden  NSA  Social Engineered fellow workers  Indiana University Hospital Hacked  Virus discovered on server  PII Stolen

6. UMC Reality (Q1/2014) Denial of Service (CAT 2) ◦HIM Take Down (3 Serv, 10 wkstations) ◦Expiro Virus Social Engineering ◦Patient’s Room ◦SWCC Copier/Printer Potential Data Loss ◦USB Thumb Drive in Pediatrics Trash Computer Infection ◦ “Oh that system? Yea we don’t use it. It has issues.”

7. Cyber Security Threat Brief Q1 Full Q1 report in handout Page 5 – OTA HIPAA Breach Report ◦89% could have been prevented ◦29% Social Engineering ◦76% weak or stolen account credentials Page 9 – UMC Health System Departments Affected in Q1 Page 12 – Q2 Threat = “Perfect Storm” Page 13 – OCR Findings = 60% IT Security

8. What You Can Do Evangelize Security

9. What If? 4 Tools provide complete PC protection - FREE 1 Step to 60% Reduction in Infection Automated updates and patches Multiple Strong Passwords - never remember them Protect Your Childs identity - FREE 1 Tool protects all data – never hacked

10. 2014 Awareness & Training Program Knowledge is power! Make it fun, engaging, and useful for people and they’ll do it Invitation to join the security industry NSA Encryption example ◦Employees training each other Opportunities ◦Phish Market Blog ◦Leadership L&L ◦Cyber Security Week (Oct) ◦Departmental Education ◦Phishing Tournament

13. Awareness Recognition Natalie Bradshaw– BICU

14. Awareness Recognition Tracy Green – Nursing Support Services (Potential Data loss –USB) Joanne Smith – SWCC (Thwarted Hacker)

15. More Giveaways “Cyber Safe” ◦Child Internet Safety Book ◦Published by the American Academy of Pediatrics Kangaru USB Thumb drive NSA Approved Write Protect Switch Loaded with Free Security software

16. Free Tips & Tools See our website for recommended security tools and tips ◦AV ◦Firewalls ◦Cleaning Tools ◦Password Managers ◦Review Request ◦Education and more….

17. Who Is IT Security? Ivan, Teresa, Brandon Chis, Bill Terri Fallin HD, Desktop Support Sys Admins Network Admins IT Analytics IDM Support Team