1 / 57

Taking on the Oceans of Security Monitoring

Taking on the Oceans of Security Monitoring. Peg Richards/Sonal Pandey Penn Medicine Lancaster General Health. Penn Medicine Lancaster General Hospital. 631-licensed bed LGH Laboratory is ISO Certified Ranked in US News and World Report Honor Roll Magnet Hospital

ellery
Download Presentation

Taking on the Oceans of Security Monitoring

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Taking on the Oceans of Security Monitoring Peg Richards/Sonal Pandey Penn Medicine Lancaster General Health

  2. Penn Medicine Lancaster General Hospital • 631-licensed bed • LGH Laboratory is ISO Certified • Ranked in US News and World Report Honor Roll • Magnet Hospital • MLO “2019 Lab of the year”

  3. Our Soft Versions • Soft utilized as LIS since 2008 • Versions of Soft - SoftLab/Mic 4.0.8.2 - SoftSec 1.0.1.44 - SoftBank 25.5.3.3 - SoftID 2.6.0.7 - SoftPath 4.4.1.2 - SoftDonor 4.5.3.3.18

  4. Overview • Stages of a Cyber Attack • Why Monitor • Recent Breaches • Security Setups • Audits – Weekly, Monthly, Yearly • Tools for Monitoring

  5. Stages of Cyber Attack • Step 1: Attacker gains access to the system • Phishing • Stolen Laptop • Network Server Breach • Step 2: Damage performed to system • Virus Installed • Stole info to sell on the Black Market (illegal underground market) • Ransomware Installed

  6. Why Monitor? • Responsibility to our patients/customers • Compliance with Regulatory agencies, e.g. CAP, FDA, AABB, TJC • To reduce risks of incidents • To detect questionable incidents faster • To maintain credibility with patients/customers

  7. Other reasons to Monitor • Black Market- a large appetite for health care data right now • Hacking is cheap, easy, deniable, and everybody is doing it • Hard to prosecute

  8. Monitor- Internal Security Issues • Requests for audit trails on patient record from Privacy Team • Internal privacy breaches

  9. Source of Breaches - General • Third Party Vendors • Network Server • Email-phishing • Stolen Laptop • Portable Device • Desktop Computer

  10. Source of Breaches - Vendors • Third party data breaches increased 61% in 2018 in USA • Weak security link between vendor and organization used to access data

  11. Breach Avoidance Methods – Vendors (LGH) • Apply Windows security/updates to vendor PC on network • Apply security software (e.g McAfee) on vendor PC and update software on a regular basis • Vendor access request: vendor has access to system for 72 hours

  12. Breach Avoidance Methods - LGH • Security cameras • Email/Spam Filtering • Dual authentication • CyberArk privileged account • Use encrypted USB drives • Use secure and encrypted connections to external parties (e.g. VPN)

  13. PHI Security: 2 Prong Approach • Part 1-Technology to protect data • Part 2-Create a workplace culture of PHI/HIPPA awareness which includes education, mandatory annual training, and reminders • Send sensitive emails to outside your organization encrypted

  14. The Black Market for Health Data • Basic health insurance credentials alone $20 for each record • A combination of health, personal, and financial data on one person is worth $1000 on the black market • Compare to stolen credit cards $1

  15. Ransomware • Hacker generally does not release the system to users until the ransom is paid • Ransom amount to be paid is a low number per US standards • Most health care institutes clear the ransomware rather than pay • Cass Regional Missouri diverted all emergencies for 1 week after attack in July 2018

  16. Government Agency Breach Reporting • Healthcare systems in USA who have breaches of 500 or more persons must report breach to US Department of Health and Human Services so that the Office for Civil Rights can investigate • The worst recent breach was 2.65 million individuals affected • As of 4/15/19 a total of 443 breaches within a 24 month period were under investigation

  17. Reported Healthcare breaches

  18. Other Cyberattack Data • Fall 2018 Report: Victims of Cyberattack include 25% healthcare organizations, 20% financial institutes, and 14% for the media/communications/technology sector • Average cost of attack is $1 million or more • Ransomware totals 2017: • Healthcare 34% • Manufacturing 17% • Professional Services 15% • Others 27%

  19. Security Setting Overview • Role based security • Domain authentication • Password failure threshold • Complex password use • Limit access to build roles • Limit access within Soft Security • Time out session after no activity - 15 minutes • User inactivation after 12 weeks of inactivity

  20. Weekly Audits 1. Password failures 2. Changes in Soft Security 3. Audit active users with higher level access

  21. Weekly Audits - Password Failures • Security Management or Reports Launcher can be used for a failed login report • Set an expected threshold of “X” amount of password failures in one day for a user

  22. Audit Password failures

  23. Audit Password Failures

  24. Audit Password Failures

  25. Weekly Audits - Changes in Soft Security • Audit that only users authorized to make changes in Security are actually making the changes

  26. Weekly Audits - Changes in Soft Security

  27. Weekly Audits - Changes in Soft Security

  28. Weekly Audits – High level access users • Audit users with Security Management Access

  29. Weekly Audits – High level access users

  30. Monthly Audits 1. PC’s not used 24/7 for after hours activity 2. Active roles, inactive roles, and role changes 3. Users setup in Security but never logged into the system

  31. Monthly Audits - PCs Not Used 24/7 • Create a list of PC’s that used regular business hours • Use audit trail to look for activity on those PC’s outside regular business hours

  32. Monthly Audits - PCs Not Used 24/7

  33. Monthly Audits - PCs Not Used 24/7

  34. Monthly Audits - Active Roles • Report active roles, inactive roles, and role changes to our Privacy Department every month

  35. Monthly Audits – No user login • SoftSec setup to inactivate users who did not sign into system for 12 weeks • Above setup does not apply to users who NEVER logged into the system • Audit each month for users who never logged in • If user was setup and never logged in after 6 weeks inactivate user

  36. Monthly Audits – No user login • Enter 6 week prior date in “Last Login date before”, find

  37. Annual Audits 1. Manager Audits for Active Users By Role 2. Manager Role Audit 3. 3rd Party Security Audit

  38. Annual Audits - Manager Audits for Users • Reviews users with temporary access to help another lab section • Reviews list for any users that are no longer with the organization

  39. Annual Audits - Manager Audits for Users

  40. Annual Audits – Role checks with Lab Section Managers • Annually audit all options included within each role

  41. Annual Audits – Role checks with Lab Section Managers

  42. Annual Audits - Third Party vendor Audits • Hospital hires security experts to review systems on a yearly basis • Multi-system Security check including Soft • Checks for robustness of our audits and setup • Makes suggestions for improvement

  43. Tools Within Soft to Assist Monitoring • Tools Built In Soft Security • Tools Built in Soft Reports Launcher • Email Notification Setup in Settings and Definitions

  44. Tools - Soft Security • Version Specific • Links to SoftReports and Audit Trail in Security • Advanced Reports like Role Time Out

  45. Tools – Soft Security (Audit Trail)

More Related