180 likes | 342 Views
2014 Leadership Lunch & Learn Series. “Security from the top down”. The Series. Purpose Provide leaders with the knowledge and resources to protect themselves, their staff, and our patient data resources Provide invitation to security (reverse a wrong) Content
E N D
2014 Leadership Lunch & Learn Series “Security from the top down”
The Series • Purpose • Provide leaders with the knowledge and resources to protect themselves, their staff, and our patient data resources • Provide invitation to security (reverse a wrong) • Content • Topics and discussions will be different each quarter. • Q1 will be Awareness Education & Training information • Dates • February 2014 • April 2014 • August 2014 • November 2014
Facts The average economic impact of a data breach over the past two years for the responding healthcare organizations $2.4 million 1/40 Children 1/4 Adults 2.5 percent of U.S. households with children under age 18 experienced child identity fraud 1 in 4 consumers that received a data breach letter became a victim of identity fraud, which is the highest rate since 2010
Fantasy Land • Regional Medical Center (RMC) • Cutting edge technology • BYOD • Diverse staff • Security - “Not my job” • The Breach • Credit Card Data (PCI) • Patient Data (PHI) • Staff records (PII) • The Result • Drop in admissions due to community mistrust • Loss in productivity due to employee PII cleanup • Financial losses
This Is Rare, Right? • Anonymous Attacks Oxford University • Anonymous’ campaign to attack networks affiliated with Gov • Indiana University Hospital Hacked • Virus discovered on server • PII Stolen • Server hacked at OSU Hospital • PII stolen • Ohio State University Medical Center • New Bug Threatens Hospital Systems • Kaspersky Security Analyst Summit • Heating and cooling systems, elevators and alarm system • Hacked within 25 seconds • Extortionists or disgruntled employees • Hospital Hacked, Notifies 43K Patients • Froedtert Health in Milwaukee • Hacked • Washington Hospital Hit By $1.03 Million Cyberheist • Moved an estimated $1.03 million out of the hospital’s payroll account into 96 different bank accounts mostly at banks in the Midwest & East Coast. • Device Manufacturers Must Fix Cyber Risks Now • Department of Homeland Security (DHS) issued warning • 300 medical devices from about 40 vendors vulnerable • Edward Snowden • NSA • Social Engineered fellow workers
UMC Reality (Q1/2014) • Denial of Service (CAT 2) • HIM Take Down (3 Serv, 10 wkstations) • Expiro Virus • Social Engineering • Patient’s Room • SWCC Copier/Printer • Potential Data Loss • USB Thumb Drive in Pediatrics Trash • Computer Infection • “Oh that system? Yea we don’t use it. It has issues.”
Cyber Security Threat Brief Q1 • Full Q1 report in handout • Page 5 – OTA HIPAA Breach Report • 89% could have been prevented • 29% Social Engineering • 76% weak or stolen account credentials • Page 9 – UMC Health System Departments Affected in Q1 • Page 12 – Q2 Threat = “Perfect Storm” • Page 13 – OCR Findings = 60% IT Security
What You Can Do Be Vigilant! Evangelize Security Educate Yourself & Your Staff
What If? • 4 Tools provide complete PC protection - FREE • 1 Step to 60% Reduction in Infection • Automated updates and patches • Multiple Strong Passwords - never remember them • Protect Your Childs identity - FREE • 1 Tool protects all data – never hacked
2014 Awareness & Training Program • Knowledge is power! • Make it fun, engaging, and useful for people and they’ll do it • Invitation to join the security industry • NSA Encryption example • Employees training each other • Opportunities • Phish Market Blog • Leadership L&L • Cyber Security Week (Oct) • Departmental Education • Phishing Tournament
Awareness Recognition Phish Award Natalie Bradshaw– BICU
Awareness Recognition MIB Award Tracy Green – Nursing Support Services (Potential Data loss –USB) Joanne Smith – SWCC (Thwarted Hacker)
More Giveaways • “Cyber Safe” • Child Internet Safety Book • Published by the American Academy of Pediatrics • Kangaru • USB Thumb drive • NSA Approved • Write Protect Switch • Loaded with Free Security software
Free Tips & Tools • See our website for recommended security tools and tips • AV • Firewalls • Cleaning Tools • Password Managers • Review Request • Education • and more…. itsecurity.teamumc.com
Who Is IT Security? UMC needs Heroes Will You Join Us? Ivan, Teresa, Brandon Chis, Bill Terri Fallin HD, Desktop Support Sys Admins Network Admins IT Analytics IDM Support Team