SlideShare une entreprise Scribd logo

Protecting Healthcare Data from Hackers

Télécharger en tant que PPTX, PDF
Joshua Spencer
Joshua Spencer
1  sur  22
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C|EH
 Certified Ethical Hacker (C|EH)  Cyber-security Researcher  AVP & Chief Information Security Officer  UT Southwestern Medical Center Joshua Spencer
Overview  Why do hackers want my healthcare data?  Who wants to steal it?  How do they do it?  What is the impact of a breach?  How do I protect against it?
Why do hackers want my healthcare data? 55%30% 10% 5% Financial Fraud Medical Identity Theft IdeologyFun State Sponsored Attacks *2015 Verizon Data Breach Investigations Report
*2015 CSID Medical Identity Theft Report
*2015 CSID Medical Identity Theft Report
Who are the external “hackers”? *Dell Secureworks Healthcare Data Security Threats 5% 15% 80% Advanced Persistant Threats (APT) Script Kiddies Industrialized Hacking Organizations
How am I being hacked? 40% 28% 17% 9% 4% 2% Employee Phishing Vendor Compromise Website Hacking Employee Internet Use Employee Accident On-location Hacking *2014 Ponemon Benchmark Study on Patient Privacy and Data Security
Employee receives fraudulent email reminding employee to “Confirm their Recent Promotion” User clicks link in email and logs into fake HR website Hacker logs Into network remotely using stolen password Hacker scans network and steals databases Hacker sells stolen information on black market to identity thieves Hacker logs into employee email to send fraudulent email to all contacts Employee Phishing
Employee receives fraudulent email reminding employee to “Confirm their Recent Promotion” User clicks link in email and logs into fake HR website Hacker logs into network remotely using stolen password Hacker scans network and steals databases Hacker sells stolen information on black market to identity thieves Hacker logs into employee email to send fraudulent email to all contacts Create and sell fraudulent medical, Social Security and State ID cards Obtain prescriptions for narcotics Partner with illicit providers for fraudulent Medicare billing Employee Phishing
Vendor hacked Hacker accesses customer databases Hacker logs Into your network remotely and steals databases Hacker sells stolen information on black market to identity thieves Hacker logs Into employee email to send fraudulent email to all contacts Vendor Compromise
Website had a software flaw discovered Bug allows a hacker to bypass the login Company fails to apply the security update quickly enough Hacker uses a network of infected computers to attack website Attack installs data stealing program Program scans for juicy data (SSN) Data sent to attacker’s computers Hacker sells stolen information on black market to identity thieves Computer now used to attack other companies Website Hacking
Employee’s computer has a software flaw discovered Employee visits a hacked website Company fails to apply the security update quickly enough Attack installs data stealing program Program scans network for juicy data (tax returns, spreadsheet s with SSN) Data sent to attacker’s computers Hacker sells stolen information on black market to identity thieves Computer now used to attack other companies Internet Use
How am I being successfully hacked? *2014 Ponemon Benchmark Study on Patient Privacy and Data Security 5% 26% 69% Company Specific Attack Healthcare Industry Attack Untargeted Attack
What is the impact of a breach?  Consequences of a breach are much greater than most other industries  Incorrect medical records (blood type, allergies, conditions) causes patient safety risks  HIV status disclosure is much more emotionally damaging than a Home Depot purchase history  Can’t give patients a new identity like you can with Credit Cards *2014 Ponemon Benchmark Study on Patient Privacy and Data Security; Dell Secureworks Healthcare Data Security Threats
What is the impact of a breach?  $398 per health record on average in the U.S.  Does not factor in reputational damage  Increasing civil penalties from HHS, up to $1.5 million  Heavy scrutiny from media and regulators  80% of new patients screen their provider on search engines  Increasing use of “vendor scorecards” will hurt customer growth *2014 Ponemon Benchmark Study on Patient Privacy and Data Security; Dell Secureworks Healthcare Data Security Threats
How do I protect my healthcare data?  Factor security into your 3rd party vendor evaluations  Hire or contract with Information Security specialists  Train employees on recognizing fraud  Know where your data is going  Backup your important data  Use two-factor authentication
Overview  Why do hackers want my healthcare data?  Who wants to steal it?  How do they do it?  What is the impact of a breach?  How do I protect against it?

Recommandé

Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...M2SYS Technology
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHNovell
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019Jose Ivan Delgado, Ph.D.
 
Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1jhietala
 
3 Steps to Automate Compliance for Healthcare Organizations
3 Steps to Automate Compliance for Healthcare Organizations3 Steps to Automate Compliance for Healthcare Organizations
3 Steps to Automate Compliance for Healthcare OrganizationsAvePoint
 
HIPAA Privacy and Security
HIPAA Privacy and SecurityHIPAA Privacy and Security
HIPAA Privacy and SecurityParsons Behle & Latimer
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simpleJose Ivan Delgado, Ph.D.
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rssupportc2go
 

Recommandé

Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...M2SYS Technology
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHNovell
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019Jose Ivan Delgado, Ph.D.
 
Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1jhietala
 
3 Steps to Automate Compliance for Healthcare Organizations
3 Steps to Automate Compliance for Healthcare Organizations3 Steps to Automate Compliance for Healthcare Organizations
3 Steps to Automate Compliance for Healthcare OrganizationsAvePoint
 
HIPAA Privacy and Security
HIPAA Privacy and SecurityHIPAA Privacy and Security
HIPAA Privacy and SecurityParsons Behle & Latimer
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simpleJose Ivan Delgado, Ph.D.
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rssupportc2go
 
Third Annual Study on Patient Privacy
Third Annual Study on Patient PrivacyThird Annual Study on Patient Privacy
Third Annual Study on Patient Privacy- Mark - Fullbright
 
Challenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataChallenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataCitiusTech
 
Hipaa checklist for healthcare software
Hipaa checklist for healthcare softwareHipaa checklist for healthcare software
Hipaa checklist for healthcare softwareConcetto Labs
 
Confidentiality Training
Confidentiality Training Confidentiality Training
Confidentiality Training Kendra Guyton-Sheppard
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 
Healthcare Data Quality & Monitoring Playbook
Healthcare Data Quality & Monitoring PlaybookHealthcare Data Quality & Monitoring Playbook
Healthcare Data Quality & Monitoring PlaybookCitiusTech
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Compliancy Group
 
HIPAA
HIPAA HIPAA
HIPAA ravelo1212
 
Approach to enable your IT systems for FHIR (HL7 standards) compliance
Approach to enable your IT systems for FHIR (HL7 standards) complianceApproach to enable your IT systems for FHIR (HL7 standards) compliance
Approach to enable your IT systems for FHIR (HL7 standards) complianceShubaS4
 
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...CitiusTech
 
Big data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesBig data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesKapil Mehrotra
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
Keys To HIPAA Compliance
Keys To HIPAA ComplianceKeys To HIPAA Compliance
Keys To HIPAA ComplianceCBIZ, Inc.
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
Hitech Act
Hitech ActHitech Act
Hitech ActDeborah Obasogie
 
The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...CureMD
 
Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...
Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...
Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...Medical Billers and Coders
 
Speeding up Healthcare Application with HTTP/2
Speeding up Healthcare Application with HTTP/2Speeding up Healthcare Application with HTTP/2
Speeding up Healthcare Application with HTTP/2CitiusTech
 
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSMANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSijsptm
 
HIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersHIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersJason Karn
 
PH700A- Group Project
PH700A- Group ProjectPH700A- Group Project
PH700A- Group ProjectAlnino Guarino
 
부평오피.마포오피≒다솜넷≒평촌오피걸.부천오피방
부평오피.마포오피≒다솜넷≒평촌오피걸.부천오피방부평오피.마포오피≒다솜넷≒평촌오피걸.부천오피방
부평오피.마포오피≒다솜넷≒평촌오피걸.부천오피방dasom0040
 

Contenu connexe

Tendances

Third Annual Study on Patient Privacy
Third Annual Study on Patient PrivacyThird Annual Study on Patient Privacy
Third Annual Study on Patient Privacy- Mark - Fullbright
 
Challenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataChallenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataCitiusTech
 
Hipaa checklist for healthcare software
Hipaa checklist for healthcare softwareHipaa checklist for healthcare software
Hipaa checklist for healthcare softwareConcetto Labs
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 
Healthcare Data Quality & Monitoring Playbook
Healthcare Data Quality & Monitoring PlaybookHealthcare Data Quality & Monitoring Playbook
Healthcare Data Quality & Monitoring PlaybookCitiusTech
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Compliancy Group
 
Approach to enable your IT systems for FHIR (HL7 standards) compliance
Approach to enable your IT systems for FHIR (HL7 standards) complianceApproach to enable your IT systems for FHIR (HL7 standards) compliance
Approach to enable your IT systems for FHIR (HL7 standards) complianceShubaS4
 
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...CitiusTech
 
Big data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesBig data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesKapil Mehrotra
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
Keys To HIPAA Compliance
Keys To HIPAA ComplianceKeys To HIPAA Compliance
Keys To HIPAA ComplianceCBIZ, Inc.
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...CureMD
 
Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...
Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...
Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...Medical Billers and Coders
 
Speeding up Healthcare Application with HTTP/2
Speeding up Healthcare Application with HTTP/2Speeding up Healthcare Application with HTTP/2
Speeding up Healthcare Application with HTTP/2CitiusTech
 
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSMANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSijsptm
 
HIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersHIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersJason Karn
 

Tendances (20)

Third Annual Study on Patient Privacy
Third Annual Study on Patient PrivacyThird Annual Study on Patient Privacy
Third Annual Study on Patient Privacy
 
Challenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataChallenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials Data
 
Hipaa checklist for healthcare software
Hipaa checklist for healthcare softwareHipaa checklist for healthcare software
Hipaa checklist for healthcare software
 
Confidentiality Training
Confidentiality Training Confidentiality Training
Confidentiality Training
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit Implementation
 
Healthcare Data Quality & Monitoring Playbook
Healthcare Data Quality & Monitoring PlaybookHealthcare Data Quality & Monitoring Playbook
Healthcare Data Quality & Monitoring Playbook
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2
 
HIPAA
HIPAA HIPAA
HIPAA
 
Approach to enable your IT systems for FHIR (HL7 standards) compliance
Approach to enable your IT systems for FHIR (HL7 standards) complianceApproach to enable your IT systems for FHIR (HL7 standards) compliance
Approach to enable your IT systems for FHIR (HL7 standards) compliance
 
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
 
Big data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesBig data and cyber security legal risks and challenges
Big data and cyber security legal risks and challenges
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your Problem
 
Keys To HIPAA Compliance
Keys To HIPAA ComplianceKeys To HIPAA Compliance
Keys To HIPAA Compliance
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
 
Hitech Act
Hitech ActHitech Act
Hitech Act
 
The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...
 
Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...
Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...
Are Orthopedics Justified in Embracing HIPAA Compliant Orthopedic Billing to ...
 
Speeding up Healthcare Application with HTTP/2
Speeding up Healthcare Application with HTTP/2Speeding up Healthcare Application with HTTP/2
Speeding up Healthcare Application with HTTP/2
 
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSMANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
 
HIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersHIPAA and Privacy for Researchers
HIPAA and Privacy for Researchers
 

En vedette

부평오피.마포오피≒다솜넷≒평촌오피걸.부천오피방
부평오피.마포오피≒다솜넷≒평촌오피걸.부천오피방부평오피.마포오피≒다솜넷≒평촌오피걸.부천오피방
부평오피.마포오피≒다솜넷≒평촌오피걸.부천오피방dasom0040
 
DowHighNickelss2016FinalPaper
DowHighNickelss2016FinalPaperDowHighNickelss2016FinalPaper
DowHighNickelss2016FinalPaperAndrew Wong
 
Dartmouth teamskatepics nov2012
Dartmouth teamskatepics nov2012Dartmouth teamskatepics nov2012
Dartmouth teamskatepics nov2012SCADWordPress
 
Artículo.- LA METODOLOGÍA DE LA PLANEACIÓN PARA LA MEJORA DE LA VIDA SOCIAL.
Artículo.- LA METODOLOGÍA DE LA PLANEACIÓN PARA LA MEJORA DE LA VIDA SOCIAL.Artículo.- LA METODOLOGÍA DE LA PLANEACIÓN PARA LA MEJORA DE LA VIDA SOCIAL.
Artículo.- LA METODOLOGÍA DE LA PLANEACIÓN PARA LA MEJORA DE LA VIDA SOCIAL.Marel Damian
 
DK_Resume 04JAN16
DK_Resume 04JAN16DK_Resume 04JAN16
DK_Resume 04JAN16Doug King
 

En vedette (6)

PH700A- Group Project
PH700A- Group ProjectPH700A- Group Project
PH700A- Group Project
 
부평오피.마포오피≒다솜넷≒평촌오피걸.부천오피방
부평오피.마포오피≒다솜넷≒평촌오피걸.부천오피방부평오피.마포오피≒다솜넷≒평촌오피걸.부천오피방
부평오피.마포오피≒다솜넷≒평촌오피걸.부천오피방
 
DowHighNickelss2016FinalPaper
DowHighNickelss2016FinalPaperDowHighNickelss2016FinalPaper
DowHighNickelss2016FinalPaper
 
Dartmouth teamskatepics nov2012
Dartmouth teamskatepics nov2012Dartmouth teamskatepics nov2012
Dartmouth teamskatepics nov2012
 
Artículo.- LA METODOLOGÍA DE LA PLANEACIÓN PARA LA MEJORA DE LA VIDA SOCIAL.
Artículo.- LA METODOLOGÍA DE LA PLANEACIÓN PARA LA MEJORA DE LA VIDA SOCIAL.Artículo.- LA METODOLOGÍA DE LA PLANEACIÓN PARA LA MEJORA DE LA VIDA SOCIAL.
Artículo.- LA METODOLOGÍA DE LA PLANEACIÓN PARA LA MEJORA DE LA VIDA SOCIAL.
 
DK_Resume 04JAN16
DK_Resume 04JAN16DK_Resume 04JAN16
DK_Resume 04JAN16
 

Similaire à Protecting Healthcare Data from Hackers

Safeguarding Patient Privacy in a Digital Age (Brian Kalis)
Safeguarding Patient Privacy in a Digital Age (Brian Kalis)Safeguarding Patient Privacy in a Digital Age (Brian Kalis)
Safeguarding Patient Privacy in a Digital Age (Brian Kalis)U.S. News Healthcare of Tomorrow
 
Systems Thinking on a National Level, Part 2Drew David.docx
Systems Thinking on a National Level, Part 2Drew David.docxSystems Thinking on a National Level, Part 2Drew David.docx
Systems Thinking on a National Level, Part 2Drew David.docxperryk1
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdframsetl
 
[Infographic] 5 Security Threats in Healthcare Industry
[Infographic] 5 Security Threats in Healthcare Industry [Infographic] 5 Security Threats in Healthcare Industry
[Infographic] 5 Security Threats in Healthcare Industry Seqrite
 
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?Diaspark
 
telemedicineppt.pptx
telemedicineppt.pptxtelemedicineppt.pptx
telemedicineppt.pptxRiyaMathur18
 
Cybersecurity Challenges in the Healthcare Industry.pdf
Cybersecurity Challenges in the Healthcare Industry.pdfCybersecurity Challenges in the Healthcare Industry.pdf
Cybersecurity Challenges in the Healthcare Industry.pdfMobibizIndia1
 
Systems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxSystems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxssuserf9c51d
 
Hot Topics in Privacy and Security
Hot Topics in Privacy and SecurityHot Topics in Privacy and Security
Hot Topics in Privacy and SecurityPYA, P.C.
 
Why healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfWhy healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfSparity1
 
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...Protected Harbor
 
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...mosmedicalreview
 
Protected Harbor Data Breach Trend Report
Protected Harbor Data Breach Trend ReportProtected Harbor Data Breach Trend Report
Protected Harbor Data Breach Trend ReportProtected Harbor
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industryNumaan Huq
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsESET North America
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsKristie Allison
 
[Infographic] Healthcare Cyber Security: Threat Prognosis
[Infographic] Healthcare Cyber Security: Threat Prognosis[Infographic] Healthcare Cyber Security: Threat Prognosis
[Infographic] Healthcare Cyber Security: Threat PrognosisFireEye, Inc.
 

Similaire à Protecting Healthcare Data from Hackers (20)

Safeguarding Patient Privacy in a Digital Age (Brian Kalis)
Safeguarding Patient Privacy in a Digital Age (Brian Kalis)Safeguarding Patient Privacy in a Digital Age (Brian Kalis)
Safeguarding Patient Privacy in a Digital Age (Brian Kalis)
 
Systems Thinking on a National Level, Part 2Drew David.docx
Systems Thinking on a National Level, Part 2Drew David.docxSystems Thinking on a National Level, Part 2Drew David.docx
Systems Thinking on a National Level, Part 2Drew David.docx
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
 
[Infographic] 5 Security Threats in Healthcare Industry
[Infographic] 5 Security Threats in Healthcare Industry [Infographic] 5 Security Threats in Healthcare Industry
[Infographic] 5 Security Threats in Healthcare Industry
 
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
 
telemedicineppt.pptx
telemedicineppt.pptxtelemedicineppt.pptx
telemedicineppt.pptx
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
Cybersecurity Challenges in the Healthcare Industry.pdf
Cybersecurity Challenges in the Healthcare Industry.pdfCybersecurity Challenges in the Healthcare Industry.pdf
Cybersecurity Challenges in the Healthcare Industry.pdf
 
Systems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxSystems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docx
 
Hot Topics in Privacy and Security
Hot Topics in Privacy and SecurityHot Topics in Privacy and Security
Hot Topics in Privacy and Security
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
Why healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfWhy healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdf
 
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...
 
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
 
Protected Harbor Data Breach Trend Report
Protected Harbor Data Breach Trend ReportProtected Harbor Data Breach Trend Report
Protected Harbor Data Breach Trend Report
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industry
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and Solutions
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and Solutions
 
[Infographic] Healthcare Cyber Security: Threat Prognosis
[Infographic] Healthcare Cyber Security: Threat Prognosis[Infographic] Healthcare Cyber Security: Threat Prognosis
[Infographic] Healthcare Cyber Security: Threat Prognosis
 

Protecting Healthcare Data from Hackers

  • 1. External Threats to Healthcare Data Joshua Spencer, CPHIMS, C|EH
  • 2.  Certified Ethical Hacker (C|EH)  Cyber-security Researcher  AVP & Chief Information Security Officer  UT Southwestern Medical Center Joshua Spencer
  • 3. Overview  Why do hackers want my healthcare data?  Who wants to steal it?  How do they do it?  What is the impact of a breach?  How do I protect against it?
  • 4. Why do hackers want my healthcare data? 55%30% 10% 5% Financial Fraud Medical Identity Theft IdeologyFun State Sponsored Attacks *2015 Verizon Data Breach Investigations Report
  • 5. *2015 CSID Medical Identity Theft Report
  • 6. *2015 CSID Medical Identity Theft Report
  • 7. Who are the external “hackers”? *Dell Secureworks Healthcare Data Security Threats 5% 15% 80% Advanced Persistant Threats (APT) Script Kiddies Industrialized Hacking Organizations
  • 8. How am I being hacked? 40% 28% 17% 9% 4% 2% Employee Phishing Vendor Compromise Website Hacking Employee Internet Use Employee Accident On-location Hacking *2014 Ponemon Benchmark Study on Patient Privacy and Data Security
  • 9. Employee receives fraudulent email reminding employee to “Confirm their Recent Promotion” User clicks link in email and logs into fake HR website Hacker logs Into network remotely using stolen password Hacker scans network and steals databases Hacker sells stolen information on black market to identity thieves Hacker logs into employee email to send fraudulent email to all contacts Employee Phishing
  • 10. Employee receives fraudulent email reminding employee to “Confirm their Recent Promotion” User clicks link in email and logs into fake HR website Hacker logs into network remotely using stolen password Hacker scans network and steals databases Hacker sells stolen information on black market to identity thieves Hacker logs into employee email to send fraudulent email to all contacts Create and sell fraudulent medical, Social Security and State ID cards Obtain prescriptions for narcotics Partner with illicit providers for fraudulent Medicare billing Employee Phishing
  • 11.
  • 12.
  • 13. Vendor hacked Hacker accesses customer databases Hacker logs Into your network remotely and steals databases Hacker sells stolen information on black market to identity thieves Hacker logs Into employee email to send fraudulent email to all contacts Vendor Compromise
  • 14. Website had a software flaw discovered Bug allows a hacker to bypass the login Company fails to apply the security update quickly enough Hacker uses a network of infected computers to attack website Attack installs data stealing program Program scans for juicy data (SSN) Data sent to attacker’s computers Hacker sells stolen information on black market to identity thieves Computer now used to attack other companies Website Hacking
  • 15. Employee’s computer has a software flaw discovered Employee visits a hacked website Company fails to apply the security update quickly enough Attack installs data stealing program Program scans network for juicy data (tax returns, spreadsheet s with SSN) Data sent to attacker’s computers Hacker sells stolen information on black market to identity thieves Computer now used to attack other companies Internet Use
  • 16. How am I being successfully hacked? *2014 Ponemon Benchmark Study on Patient Privacy and Data Security 5% 26% 69% Company Specific Attack Healthcare Industry Attack Untargeted Attack
  • 17. What is the impact of a breach?  Consequences of a breach are much greater than most other industries  Incorrect medical records (blood type, allergies, conditions) causes patient safety risks  HIV status disclosure is much more emotionally damaging than a Home Depot purchase history  Can’t give patients a new identity like you can with Credit Cards *2014 Ponemon Benchmark Study on Patient Privacy and Data Security; Dell Secureworks Healthcare Data Security Threats
  • 18. What is the impact of a breach?  $398 per health record on average in the U.S.  Does not factor in reputational damage  Increasing civil penalties from HHS, up to $1.5 million  Heavy scrutiny from media and regulators  80% of new patients screen their provider on search engines  Increasing use of “vendor scorecards” will hurt customer growth *2014 Ponemon Benchmark Study on Patient Privacy and Data Security; Dell Secureworks Healthcare Data Security Threats
  • 19.
  • 20.
  • 21. How do I protect my healthcare data?  Factor security into your 3rd party vendor evaluations  Hire or contract with Information Security specialists  Train employees on recognizing fraud  Know where your data is going  Backup your important data  Use two-factor authentication
  • 22. Overview  Why do hackers want my healthcare data?  Who wants to steal it?  How do they do it?  What is the impact of a breach?  How do I protect against it?

Notes de l'éditeur

  1. Apple – 183b, ATT 128b, Siemens 102b, McKesson 137b,,, over $700/person/year
  2. 2FA – 68% effective