cybersecurity 101 for ophthalmology & physician practices

Cybersecurity 2016Ravi D Goel, MDRegional Eye Associates, Cherry Hill NJClinical Instructor, Wills Eye Hospital

2

The good old days

3

The good old days

CCHPIROS

VAIOP

AnteriorSegment

Testing

PosteriorSegment

A/P

EMR 2016

ICD9 ICD10

6

PQRS Measures 2016

7

IRIS Registry

8

Meaningful Use & Security Risk Assessment

9

Meaningful Use & Security Risk Assessment

10

Security Risk Analysis• Pearl #1 – Define Scope of Security Risk Analysis

• Pearl #2 – Gather data

• Pearl #3 – Identify potential threats

• Pearl #4 – Assess Existing Security Measures

• Pearl #5 – Determine Likelihood of Threat Occurrence

• Pearl #6 – Determine the Level of Risk

• Pearl #7 – Identify and Document Improved Security Measures

CMS HIPAA Security Series (2007)

11

“Reveton” cryptolocker ransomware (2012)

wikipedia (Sophos screenshot - for identification andcritical commentary relating to the website in question)

12

“Locky” cryptolocker ransomware

(Sophos.com screenshot - for identification andcritical commentary relating to the website in question)

13

? Spear Phishing

14

Craigslist

15

Hollywood Presbyterian Medical Center

wikipedia (Junkyardsparkle)

16

Hollywood Presbyterian Medical Center - $17k

wikipedia (Kangasbros)

17

T. Boone Pickens cybersecurity?

18

T. Boone Pickens cybersecurity = Yellow NotePad

19

Cybersecurity – Top 10 Tips in Health Care

20

Cybersecurity – Top 10 Tips in Health Care

21

Cybersecure – Your Medicare Practice

22

Cybersecure – Your Medical Practice

23

Cybersecure – Your Medical Practice

24

Cybersecure – Your Medical Practice

25

“Locky” cryptolocker ransomware (Paul Ducklin)

(Sophos.com screenshot - for identification andcritical commentary relating to the website in question)

26

Ravi’s Practical Pearls 2016

• Pearl #1 – Who is your IT guy? Could you text him right now?

• Pearl #2 – Who backs up the data? How often? On-site or off site?

• Pearl #3 – Does your team use internet from desktops or server?

• Pearl #4 – Are all mobile devices encrypted? Wifi secure?

• Pearl #5 – How often is your security software backed up?

“If there is no downside,there is an inherent upside.”

Malik Magdon-Ismail, PhD (Caltech)Professor of Computer Science, RPI

Thank you!