january 19th 2016 executive series webinar€¦ · source: mandiant m:trends 2015, view from the...
Post on 08-Jun-2020
0 Views
Preview:
TRANSCRIPT
Escalated Threats Require Escalated Expertise & New Tactics
January 19th 2016 Executive Series Webinar
View the Replay on YouTube
Today’s Speakers
Tara McKibben
HIPAA Director and Privacy Officer Susquehanna Health
Shane Whitlatch
Enterprise Vice President
FairWarning, Inc.
Chuck Burbank
Director of Managed Privacy
Services & Chief Information
Security Officer
FairWarning, Inc.
Ryan Dees
Privacy Analyst
FairWarning, Inc.
Agenda
• Susquehanna Health: Evolving their privacy and security program
• Escalating threats to healthcare driving new approach to privacy
and security
• New tools to combat threats to PHI: visualization, trending and
analytics
• Managed Privacy Services
Susquehanna Health
• Founded in 1994
• Four-hospital integrated health system in northcentral Pennsylvania
• Honors & Awards: • 100 Most Wired Hospitals and Healthcare
Systems by Hospitals & Health Networks: 11 of the 13 times that it has been published
• Employer of Choice® in January 2014
Escalating Advanced Threats
´1
Lost laptops, media, paper records
Patient Complaints
Snooping
Medical & Financial ID Theft
2015 2013 2011
IRS Tax Fraud
2012 2014 Pre-2010
Sale of Patient Data to Crime Rings
Sale of Physician Data to Crime Rings
Sale of Employee Data to Crime Rings
Rise of Cyber Threats to Healthcare Industry
Foreign National Espionage
We are all patients … And the long-term effects of a PHI breach have yet to be realized
91 percent of Healthcare organizations have had at least one data breach involving the loss of theft of patient data in the last two years Source: Forbes May 2015
As of November 2015, breaches impacted 119,959,229 patients. That’s well over one-third of all United States citizens who have suffered an information breach through the healthcare industry. Source: Identity Theft Resource Center
Only 37 percent of respondents say their healthcare providers have informed them about the measures they take to protect medical records. 68 percent of these respondents are not confident that these measures will keep their medical records secure. Source: Ponemon Medical Identity Theft Report
Recent studies have found people are withholding information – sometimes critical information – from their healthcare providers because they are concerned that there could be a confidentiality breach of their records Source: Verizon 2015 PHI Data Breach Report
How long does it take to discover a breach?
Source: Mandiant M:Trends 2015, View From the Front Lines Report
On average hackers had access to victims’ environments for 205 days before they were discovered and 69% of victims learn from a third party that they are compromised*
How can you get ahead of a breach?
• Information security • Data visualization • Trending • Analytics • Finding the right talent or using Managed privacy &
security services
Thought leaders like Susquehanna Health are taking it to the next level
• Moving from focusing on snooping & HIPAA compliance
• Developing new tools to detect bad behavior
• Emphasizing security focused scenarios
Insider threats are still very real • Malicious
– Co-worker, Patient, Neighbor, & VIP Snooping – Fraud/Medical ID Theft/ID Theft – Inappropriate physician access – Disgruntled employee
• Compromised – Compromised user credentials from an outside source
• Negligent/Accidental
– Lost device – Misuse of systems – Log-in/Log-out failures
Data Visualization
• One-click reporting
• Easy to read charts
• Multiple chart types
• Add to dashboards
Statistical Analysis of User Behavior and Trending
Value:
• Ease of use: Allows managers to visually see out of the norm activities
• Positive feedback from Susquehanna leadership
Depicts graphically what is happening to your data
Looking Ahead • Already looking for more Trending Reports
• What statistical approaches to take
• High expectations/Unlimited potential – always looking for new ways to monitor & educate
Managed Privacy Services
The Business Case
Most rapid and pragmatic approach to HIPAA privacy audit cycle
Instant access to expertise & best practices
Sustainable, robust, accurate
Dramatically lower cost without hiring
Expert advice on navigating an OCR Audit
Stay current with ongoing knowledge transfer
Mitigates staffing turn-over risks
Broader proactive monitoring coverage
One less compliance priority to worry about
Value to Your Compliance Team
Questions? For more information, please visit:
www.FairWarning.com
Email: Solutions@FairWarning.com
Today’s Speakers
Tara McKibben
HIPAA Director and Privacy Officer Susquehanna Health
Shane Whitlatch
Enterprise Vice President
FairWarning, Inc.
Chuck Burbank
Director of Managed Privacy
Services
FairWarning, Inc.
Ryan Dees
Privacy Analyst
FairWarning, Inc.
top related