1 / 18

2014 Leadership Lunch & Learn Series

2014 Leadership Lunch & Learn Series. “Security from the top down”. The Series. Purpose Provide leaders with the knowledge and resources to protect themselves, their staff, and our patient data resources Provide invitation to security (reverse a wrong) Content

elton
Download Presentation

2014 Leadership Lunch & Learn Series

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. 2014 Leadership Lunch & Learn Series “Security from the top down”

  2. The Series • Purpose • Provide leaders with the knowledge and resources to protect themselves, their staff, and our patient data resources • Provide invitation to security (reverse a wrong) • Content • Topics and discussions will be different each quarter. • Q1 will be Awareness Education & Training information • Dates • February 2014 • April 2014 • August 2014 • November 2014

  3. Facts The average economic impact of a data breach over the past two years for the responding healthcare organizations $2.4 million 1/40 Children 1/4 Adults 2.5 percent of U.S. households with children under age 18 experienced child identity fraud 1 in 4 consumers that received a data breach letter became a victim of identity fraud, which is the highest rate since 2010

  4. Fantasy Land • Regional Medical Center (RMC) • Cutting edge technology • BYOD • Diverse staff • Security - “Not my job” • The Breach • Credit Card Data (PCI) • Patient Data (PHI) • Staff records (PII) • The Result • Drop in admissions due to community mistrust • Loss in productivity due to employee PII cleanup • Financial losses

  5. This Is Rare, Right? • Anonymous Attacks Oxford University • Anonymous’ campaign to attack networks affiliated with Gov • Indiana University Hospital Hacked • Virus discovered on server • PII Stolen • Server hacked at OSU Hospital • PII stolen • Ohio State University Medical Center • New Bug Threatens Hospital Systems • Kaspersky Security Analyst Summit • Heating and cooling systems, elevators and alarm system • Hacked within 25 seconds • Extortionists or disgruntled employees • Hospital Hacked, Notifies 43K Patients • Froedtert Health in Milwaukee • Hacked • Washington Hospital Hit By $1.03 Million Cyberheist • Moved an estimated $1.03 million out of the hospital’s payroll account into 96 different bank accounts mostly at banks in the Midwest & East Coast. • Device Manufacturers Must Fix Cyber Risks Now • Department of Homeland Security (DHS) issued warning • 300 medical devices from about 40 vendors vulnerable • Edward Snowden • NSA • Social Engineered fellow workers

  6. UMC Reality (Q1/2014) • Denial of Service (CAT 2) • HIM Take Down (3 Serv, 10 wkstations) • Expiro Virus • Social Engineering • Patient’s Room • SWCC Copier/Printer • Potential Data Loss • USB Thumb Drive in Pediatrics Trash • Computer Infection • “Oh that system? Yea we don’t use it. It has issues.”

  7. Cyber Security Threat Brief Q1 • Full Q1 report in handout • Page 5 – OTA HIPAA Breach Report • 89% could have been prevented • 29% Social Engineering • 76% weak or stolen account credentials • Page 9 – UMC Health System Departments Affected in Q1 • Page 12 – Q2 Threat = “Perfect Storm” • Page 13 – OCR Findings = 60% IT Security

  8. What You Can Do Be Vigilant! Evangelize Security Educate Yourself & Your Staff

  9. What If? • 4 Tools provide complete PC protection - FREE • 1 Step to 60% Reduction in Infection • Automated updates and patches • Multiple Strong Passwords - never remember them • Protect Your Childs identity - FREE • 1 Tool protects all data – never hacked

  10. 2014 Awareness & Training Program • Knowledge is power! • Make it fun, engaging, and useful for people and they’ll do it • Invitation to join the security industry • NSA Encryption example • Employees training each other • Opportunities • Phish Market Blog • Leadership L&L • Cyber Security Week (Oct) • Departmental Education • Phishing Tournament

  11. Awareness Recognition Phish Award Natalie Bradshaw– BICU

  12. Awareness Recognition MIB Award Tracy Green – Nursing Support Services (Potential Data loss –USB) Joanne Smith – SWCC (Thwarted Hacker)

  13. More Giveaways • “Cyber Safe” • Child Internet Safety Book • Published by the American Academy of Pediatrics • Kangaru • USB Thumb drive • NSA Approved • Write Protect Switch • Loaded with Free Security software

  14. Free Tips & Tools • See our website for recommended security tools and tips • AV • Firewalls • Cleaning Tools • Password Managers • Review Request • Education • and more…. itsecurity.teamumc.com

  15. Who Is IT Security? UMC needs Heroes Will You Join Us? Ivan, Teresa, Brandon Chis, Bill Terri Fallin HD, Desktop Support Sys Admins Network Admins IT Analytics IDM Support Team

More Related