CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Skip Hubbard, MBA, FCHIME, LCHIME, CHCIO, SVP, Business Intelligence & Performance Improvement, Bon Secours Health Systems
CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Skip Hubbard, MBA, FCHIME, LCHIME, CHCIO, SVP, Business Intelligence & Performance Improvement, Bon Secours Health Systems
Similaire à CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Skip Hubbard, MBA, FCHIME, LCHIME, CHCIO, SVP, Business Intelligence & Performance Improvement, Bon Secours Health Systems
Bab 11 pembelajaran manajemen Komputer.pptxHermanTusiadi
Similaire à CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Skip Hubbard, MBA, FCHIME, LCHIME, CHCIO, SVP, Business Intelligence & Performance Improvement, Bon Secours Health Systems (20)
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Skip Hubbard, MBA, FCHIME, LCHIME, CHCIO, SVP, Business Intelligence & Performance Improvement, Bon Secours Health Systems
1. Creating an Effective
Cyber Security Strategy
________
Key Attributes for Success, Challenges and Critical Success Factors
Skip Hubbard, MBA, FCHIME, LCHIME, CHCIO
SVP, Business Intelligence & Performance Improvement
Bon Secours Health System
#LEAD14
A CHIME Leadership Education and Development Forum in collaboration with iHT2
2. 2
A $3.4 billion not-for-profit Catholic health system, Bon Secours Health System, Inc. (BSHSI) owns, manages or joint ventures:
•19 Acute Care Hospitals
‒14 Owned
‒5 Joint Ventures
•15 Post-acute Centers
•14 Home Care/Hospice Providers
•2.3 Million Patient Care Encounters
•9 Communities in 6 states
•Over 23,000 caregivers
•850 Physicians
•60,000 System users
•136,000 Clinical Portal users
A CHIME Leadership Education and Development Forum in collaboration with iHT2
3. What is Needed
•Build Relationships
•Establish the Culture
•Education
•Risk Analysis
•Build a Core Security Team
•Build Infrastructure
A CHIME Leadership Education and Development Forum in collaboration with iHT2
4. Build Relationships
•Board (Governance & Relationship)
•Executive Awareness & Support
•Internal, Teams Across Disciplines
–IA, Privacy, CRO
–HR, Legal, Technology …
•External Relationships
–Law Enforcement
–Media Firm
–Cyber liability Insurer
•Education
A CHIME Leadership Education and Development Forum in collaboration with iHT2
5. Establish the Culture
•Leaders are aware and talk about security
•Education of everyone (staff, faculty, physicians, …)
•Framework – Detailed Plan – Testing
–Are you using NIST or ISO …
–Issues and Investigations protocols
–Incident Reporting: (PHI, PII, PCI, Hacks)
•Do Audits of:
–Easy-to-guess password on system audits
–Vendor management – SSAE16, SOC2 Type2 Reports
–Access modes & points - Cloud computing
•In healthcare security involves Privacy & Cyber Security
A CHIME Leadership Education and Development Forum in collaboration with iHT2
6. Risk Analysis
•Risk Assessment:
–Part of the companies ‘ERM’ ?
–What is your risk tolerance, for each class of data
•Level of user access to data & systems
•Leakage thru employee – (error, misuse)
–"Lifecycle" approach to Policy and Procedures
–Technology portfolio
•Spending/Budget for Security
•Up-to-date ? –
–System Patch Levels - Virus Protection Levels
A CHIME Leadership Education and Development Forum in collaboration with iHT2
7. Build a Core Security Team
•Determine Core Security Team
–Knowledge of Regulation (Federal & State)
•what states people live in, if data accessed
–Turnover & Retention
–Tools & Training
•Incident Response Team Needs
–Plans & Escalation plan
–Breach reporting
–How & Where to document
–Where are the logs? Do you have the right logs?
Great
Workplace
A CHIME Leadership Education and Development Forum in collaboration with iHT2
8. Build Infrastructure
•Understand your environment
–DLP, IDS, Firewalls
–Segmentation
–Strong passwords
•Physical Security (& Education)
•Encryption - ‘everything’
•Change Management (i.e iOS 8.0.1)
•Disaster Recovery
•Team training
Basic must be in place
A CHIME Leadership Education and Development Forum in collaboration with iHT2
9. Understanding your Environment
•Users
–Login patterns (service accounts during night time, login after terms)
–Account Volumes
–Last used and time since password change
–Failed Login Attempts
–Internal and External access
•Usage
–Understand Both Systems & Network Configurations
–Identity of New Network Segments
–Bandwidth usage of network
–FTP (22) and Secure (443) site statistics and destinations
–Website attempts; Blacklisted sites (i.e. outbound blocked sites) or do Whitelisting
Metrics; There is a strong relationship between metrics and problems
A CHIME Leadership Education and Development Forum in collaboration with iHT2
10. A CHIME Leadership Education and Development Forum in collaboration with iHT2
Be Prepared
•The Board wants answers
•HHS-CMS-OCR demands quick answers
•Staff wants full access
•Your community – Public wants assurances
•You want to sleep at night
11. Q & A
Skip Hubbard
Skip_Hubbard@BSHSI.org
A CHIME Leadership Education and Development Forum in collaboration with iHT2