2014 leadership lunch & learn series “security from the top down”
TRANSCRIPT
The Series Purpose
◦ Provide leaders with the knowledge and resources to protect themselves, their staff, and our patient data resources◦ Provide invitation to security (reverse a wrong)
Content◦ Topics and discussions will be different each quarter. ◦ Q1 will be Awareness Education & Training information
Dates◦ February 2014◦ April 2014◦ August 2014◦ November 2014
Facts
The average economic impact of a data breach over the past two years
for the responding healthcare organizations
$2.4 million
2.5 percent of U.S. households with children under age 18 experienced
child identity fraud
1/40 Children
1 in 4 consumers that received a data breach letter became a victim
of identity fraud, which is the highest rate since 2010
1/4 Adults
Fantasy Land Regional Medical Center (RMC)
◦ Cutting edge technology◦ BYOD◦ Diverse staff◦ Security - “Not my job”
The Breach◦ Credit Card Data (PCI)◦ Patient Data (PHI)◦ Staff records (PII)
The Result◦ Drop in admissions due to community mistrust◦ Loss in productivity due to employee PII cleanup◦ Financial losses
Hospital Hacked, Notifies 43K Patients Froedtert Health in Milwaukee Hacked
Washington Hospital Hit By $1.03 Million Cyberheist
Moved an estimated $1.03 million out of the hospital’s payroll account into 96 different bank accounts mostly at banks in the Midwest & East Coast.
Server hacked at OSU Hospital PII stolen Ohio State University Medical Center
New Bug Threatens Hospital Systems Kaspersky Security Analyst Summit Heating and cooling systems, elevators and alarm system Hacked within 25 seconds Extortionists or disgruntled employees
Anonymous Attacks Oxford University Anonymous’ campaign to attack networks affiliated with Gov
Device Manufacturers Must Fix Cyber Risks Now Department of Homeland Security (DHS) issued warning 300 medical devices from about 40 vendors vulnerable
This Is Rare, Right?
Edward Snowden
NSA
Social Engineered fellow workers
Indiana University Hospital Hacked Virus discovered on server PII Stolen
UMC Reality (Q1/2014) Denial of Service (CAT 2)
◦ HIM Take Down (3 Serv, 10 wkstations)◦ Expiro Virus
Social Engineering◦ Patient’s Room◦ SWCC Copier/Printer
Potential Data Loss◦ USB Thumb Drive in Pediatrics Trash
Computer Infection◦ “Oh that system? Yea we don’t use it. It has issues.”
Cyber Security Threat Brief Q1 Full Q1 report in handout
Page 5 – OTA HIPAA Breach Report◦ 89% could have been prevented◦ 29% Social Engineering◦ 76% weak or stolen account credentials
Page 9 – UMC Health System Departments Affected in Q1
Page 12 – Q2 Threat = “Perfect Storm”
Page 13 – OCR Findings = 60% IT Security
What If? 4 Tools provide complete PC protection - FREE
1 Step to 60% Reduction in Infection
Automated updates and patches
Multiple Strong Passwords - never remember them
Protect Your Childs identity - FREE
1 Tool protects all data – never hacked
2014 Awareness & Training Program
Knowledge is power!
Make it fun, engaging, and useful for people and they’ll do it
Invitation to join the security industry
NSA Encryption example◦ Employees training each other
Opportunities◦ Phish Market Blog◦ Leadership L&L◦ Cyber Security Week (Oct)◦ Departmental Education◦ Phishing Tournament
Awareness Recognition
MIB Award
Tracy Green – Nursing Support Services (Potential Data loss –USB)
Joanne Smith – SWCC (Thwarted Hacker)
More Giveaways “Cyber Safe”
◦ Child Internet Safety Book◦ Published by the American Academy of Pediatrics
Kangaru• USB Thumb drive• NSA Approved• Write Protect Switch• Loaded with Free Security software
Free Tips & Tools See our website for recommended security tools and tips
◦ AV◦ Firewalls◦ Cleaning Tools◦ Password Managers◦ Review Request◦ Education
and more….
itsecurity.teamumc.com
Who Is IT Security?Ivan, Teresa, Brandon
Chis, Bill
Terri Fallin
HD, Desktop Support
Sys Admins
Network Admins
IT Analytics
IDM Support Team
UMC needs HeroesWill You Join Us?