Presentation is loading. Please wait.

Presentation is loading. Please wait.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

Published byBernadette Manning Modified over 9 years ago

Similar presentations

Presentation on theme: "External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH."— Presentation transcript:

1 External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH

2  Certified Ethical Hacker (C|EH)  Cyber-security Researcher  AVP & Chief Information Security Officer  UT Southwestern Medical Center Joshua Spencer

3

4 Overview  Why do hackers want my healthcare data?  Who wants to steal it?  How do they do it?  What is the impact of a breach?  How do I protect against it?

5 Why do hackers want my healthcare data? *2014 Verizon Data Breach Investigations Report

6 *2015 CSID Medical Identity Theft Report

7

8 Who are the external “hackers”? *Dell Secureworks Healthcare Data Security Threats

9 How am I being hacked? *2014 Ponemon Benchmark Study on Patient Privacy and Data Security

10 Employee receives fraudulent email reminding employee to “Confirm their Recent Promotion” User clicks link in email and logs into fake HR website Hacker logs Into network remotely using stolen password Hacker scans network and steals databases Hacker sells stolen information on black market to identity thieves Hacker logs into employee email to send fraudulent email to all contacts Employee Phishing

11 Employee receives fraudulent email reminding employee to “Confirm their Recent Promotion” User clicks link in email and logs into fake HR website Hacker logs into network remotely using stolen password Hacker scans network and steals databases Hacker sells stolen information on black market to identity thieves Hacker logs into employee email to send fraudulent email to all contacts Create and sell fraudulent medical, Social Security and State ID cards Obtain prescriptions for narcotics Partner with illicit providers for fraudulent Medicare billing Employee Phishing

12

13

14 Vendor hacked Hacker accesses customer databases Hacker logs Into your network remotely and steals databases Hacker sells stolen information on black market to identity thieves Hacker logs Into employee email to send fraudulent email to all contacts Vendor Compromise

15 Website had a software flaw discovered Bug allows a hacker to bypass the login Company fails to apply the security update quickly enough Hacker uses a network of infected computers to attack website Attack installs data stealing program Program scans for juicy data (SSN) Data sent to attacker’s computers Hacker sells stolen information on black market to identity thieves Computer now used to attack other companies Website Hacking

16 Employee’s computer has a software flaw discovered Employee visits a hacked website Company fails to apply the security update quickly enough Attack installs data stealing program Program scans network for juicy data (tax returns, spreadsheet s with SSN) Data sent to attacker’s computers Hacker sells stolen information on black market to identity thieves Computer now used to attack other companies Internet Use

17 How am I being successfully hacked? *2014 Ponemon Benchmark Study on Patient Privacy and Data Security

18 What is the impact of a breach?  Consequences of a breach are much greater than most other industries  Incorrect medical records (blood type, allergies, conditions) causes patient safety risks  HIV status disclosure is much more emotionally damaging than a Home Depot purchase history  Can’t give patients a new identity like you can with Credit Cards *2014 Ponemon Benchmark Study on Patient Privacy and Data Security; Dell Secureworks Healthcare Data Security Threats

19 What is the impact of a breach?  $398 per health record on average in the U.S.  Does not factor in reputational damage  Increasing civil penalties from HHS, up to $1.5 million  Heavy scrutiny from media and regulators  80% of new patients screen their provider on search engines  Increasing use of “vendor scorecards” will hurt customer growth *2014 Ponemon Benchmark Study on Patient Privacy and Data Security; Dell Secureworks Healthcare Data Security Threats

20

21

22 How do I protect my healthcare data?  Factor security into your 3 rd party vendor evaluations  Hire or contract with Information Security specialists  Train employees on recognizing fraud  Know where your data is going  Backup your important data  Use two-factor authentication

23 Overview  Why do hackers want my healthcare data?  Who wants to steal it?  How do they do it?  What is the impact of a breach?  How do I protect against it?

Download ppt "External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH."

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Friday June 6, 2014 OBJ: SWBAT understand what identity theft is, what the consequences are, and how to prevent it. Drill: What statement is this cartoon.

Friday June 6, 2014 OBJ: SWBAT understand what identity theft is, what the consequences are, and how to prevent it. Drill: What statement is this cartoon.
Protecting Your Identity: What to Know, What to Do.

Protecting Your Identity: What to Know, What to Do.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
2 3 4 5 6 www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah
Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.

Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.
Chapter 1 Introduction to Security

Chapter 1 Introduction to Security
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
© Affiliated Computer Services, Inc. (ACS) 2010 ACS Email Encryption.

© Affiliated Computer Services, Inc. (ACS) 2010 ACS Encryption.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

Similar presentations

Ads by Google