150 likes | 173 Views
4T Ways to Better Protect Patient Data. Ryan Witt @ WittRZ +1.650.492.3480 rzwitt@gmail.com. Healthcare Growth A cceleration Value Proposition Development Healthcare Cybersecurity Strategy Healthcare Industry Marketing Go to Market Strategy Business Development
E N D
4T Ways to Better Protect Patient Data Ryan Witt @WittRZ +1.650.492.3480 rzwitt@gmail.com
Healthcare Growth Acceleration • Value Proposition Development • Healthcare Cybersecurity Strategy • Healthcare Industry Marketing • Go to Market Strategy • Business Development • Product Alignment • Thought Leadership & Evangelism About The Speaker Board Member Security & Privacy Workgroup Leader Ryan Witt @WittRZ +1.650.492.3480 rzwitt@gmail.com Member www.losaltosconsulting.com Member
The 4Ts… Training Timely Updates Testing Technology
State of Healthcare – 20162016 Healthcare Cybersecurity Reports – HIMSS / Ponemon
Healthcare’s Evolving Threat Landscape 2016 Ransomware 2015 Phishing 2017 Medical Devices FBI – Healthcare is the country’s most vulnerable industry to cyber threats.
Well, how did we get here… EMR Focus Pace of Change Well… Check the Box
Transforming Healthcare Retail Clinics Wellness Programs Hospitals at Home HOSPITAL Home Monitoring Health Kiosks TeleHealth Services Mobile Care Services Wearable Med Devices
Healthcare Industry Vulnerability 89% 45% 69% Healthcare had at least one breach in last 2 years Healthcare had at least two breaches in last 2 years Healthcare believe that they are more vulnerable
Training 69% HC says employee negligence is of great concern 44% say Healthcare lacks key security skills Training • “Human-ware” still biggest challenge • Phishing attacks very successful • Over-focus on compliancy • “Something for nothing” gullibility persists • Don’t click the link!!!!! • Many free resources available 52% have made security training investments 48% of ID theft occurs through unintended employee action
Number of US Acute Care Hospital Without Deployed Security Technology Technology Technology Responders believe that security technology is adequate 54% 2016 HIMSS Cybersecurity Survey
Recent Guidance • 63% of the 27 biggest U.S. hospitals have a grade of C or lower in patching cadence– Ponemon Report 2016 Timely Updates • Use of unpatched or unsupported software on systems which access ePHI could introduce additional risk into an environment. • Continued use of such systems must be included within an organization’s risk analysis and mitigation strategies • EMR systems and office productivity software, software which should be monitored for patches and vendor end-of-life for support include: • Router and firewall firmware • Anti-virus / anti-malware software • Multimedia and runtime environments (e.g., Adobe Flash, Java, etc. Timely Updates
43% of responders have no set testing schedule • 41% of responders perform vulnerability tests annually Proactive Vs. Reactive Cybersecurity Motivation (% of respondees) Testing Testing
Get proactive on network security • Have a Security Risk Assessment • Develop a Cybersecurity Strategic Plan • Secure Hospital Board Buy in • Focus on the 4T’s!!! Recommendations
Cloud Usage NIST Special Publication 800-30: Risk Management Guide for Information Technology Systems NIST Special Publication 800-52: Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST Special Publication 800-66: An Introductory Resource Guide for Implementing the HIPAA Security Rule NIST Special Publication 800-77: Guide to IPsec VPNs NIST Special Publication 800-88: Computer Security NIST Special Publication 800-111: Guide to Storage Encryption Technologies for End User Devices NIST Special Publication 800-113: Guide to SSL VPNs Federal Information Processing Standards Publication 140-2 NIST HIPAA Security Toolkit Application NIST Cyber Security Framework to HIPAA Security Rule Crosswalk Resources…information is readily available http://www.hhs.gov/hipaa/for-professionals/special-topics/cloud-computing/index.html
Q&A www.losaltosconsulting.com Ryan Witt @WittRZ +1.650.492.3480 rzwitt@gmail.com