Cybersecurity, the Challenges Healthcare Faces AUGUST 17, 2018 BUILDING LEADERS TRANSFORMING HOSPITALS IMPROVING CARE HTS3 2018

Transcription

1 Cybersecurity, the Challenges Healthcare Faces AUGUST 17, 2018 BUILDING LEADERS TRANSFORMING HOSPITALS IMPROVING CARE

2 45 YEARS OF DELIVERING RESULTS HealthTechS3 is a 45 year old, award-winning healthcare consulting and strategic hospital services firm based in Brentwood, Tennessee with clients across the United States. We are dedicated to the goal of improving performance, achieving compliance, reducing costs, and ultimately improving patient care. Leveraging consultants with deep healthcare industry experience, HealthTechS3 provides actionable insights and guidance that supports informed decision making and drives efficiency in operational performance. Our consultants are former hospital leaders and executives. HealthTechS3 has the right mix of experienced professionals that service hospital clients across the nation. HealthTechS3 offers flexible and affordable services, consulting, and technology as we focus on delivering solutions that can be implemented and provide a positive, measurable impact.

3 STRATEGY SOLUTIONS SUPPORT 3 GOVERNANCE & STRATEGY Affiliation Consulting Executive & Management Leadership Development Strategic Planning & Market share Analysis Community Health Needs Assessment Compliance Consulting Services FINANCE Performance Optimization / Margin Improvement Revenue Cycle & Business Office Operations Productivity & Staffing Consulting CLINICAL CARE & OPERATIONS Continuous Survey Readiness Quality Assurance Performance Improvement Lean Culture Customer Experience Clinical Resource Management Care Coordination Primary Care Practice Physician Practice & Clinic Assessment Long Term Care Consulting Swing Bed Consulting Perioperative RECRUITMENT Executive Recruitment Manager and Clinical Positions Physician / Provider Recruitment Information Technology Professionals Interim Placement

4 3 RD QUARTER WEBINARS Cybersecurity The Challenges Health Care Is Facing Hosts: Diane Bradley, PhD, RN, NEA-BC, CPHQ, FACHE, FACHCA, Regional Chief Clinical Officer Johnathan Buice, MBA, MIS, Chief Information Officer, Upson Regional Medical Center August 17, 2018 at 12pm CST Community Health Needs Assessment: Strategies for Engaging The Community Host: Carolyn St.Charles, RN, BSN, MBA, Regional Chief Clinical Officer September 7, 2018 at 12pm CST Expert Evidence-Based Assistance Where It Matters Most Host: Diane Bradley, PhD, RN, NEA-BC, CPHQ, FACHE, FACHCA, Regional Chief Clinical Officer September 19, 2018 at 12pm CST Incorporating Community Resources In To Your Care Coordination Program Host: Faith M Jones, MSN, RN, NEA-BC, HealthTechS3 Director of Care Coordination and Lean Consulting September 20, 2018 at 12pm CST Questions & Answers On Executive Placement Host: Peter Goodspeed, HealthTechS3, Vice President of Executive Search September 28, 2018 at 12pm CST ALL WEBINARS ARE RECORDED 4

5 INSTRUCTIONS FOR TODAY S WEBINAR 5 You may type a question in the text box if you have a question during the presentation We will try to cover all of your questions but if we don t get to them during the webinar we will follow-up with you by You may also send questions after the webinar to our team (contact information is included at the end of the presentation) The webinar will be recorded and the recording will be available on the HealthTechS3 web site: m HealthTechS3 hopes that the information contained herein will be informative and helpful on industry topics. However, please note that this information is not intended to be definitive. HealthTechS3 and its affiliates expressly disclaim any and all liability, whatsoever, for any such information and for any use made thereof. HealthTechS3 does not and shall not have any authority to develop substantive billing or coding policies for any hospital, clinic or their respective personnel, and any such final responsibility remains exclusively with the hospital, clinic or their respective personnel. HealthTechS3 recommends that hospitals, clinics, their respective personnel, and all other third party recipients of this information consult original source materials and qualified healthcare regulatory counsel for specific guidance in healthcare reimbursement and regulatory matters.

6 FACILITATOR 6 Diane began her healthcare career as a staff nurse in the Emergency Department of a major medical center. She has worked in a variety of staff, administrative and consulting roles and has been in her current position as Regional Chief Clinical Officer with HealthTechS3 for the last eight years. In her role as Regional Chief Clinical Officer, Diane conducts mock surveys for Critical Access Hospitals, Acute Care Hospitals, Long Term Care, Behavioral Health and provides guidance and assistance to senior leaders and middle management with expertise in a variety of areas, especially quality, patient safety, and a holistic approach to the patient experience focusing on relationships. Diane Bradley Regional Chief Clinical Officer One of Diane s special areas of interest is developing innovative approaches to operations that promotes cost-effectiveness, improves efficiencies, encourages continual performance improvement and accountability at all levels of the organization. diane.bradley@healthtechs3.com

7 QUALIFICATIONS 7 15 year hospital employee MBA MIS with a minor in CS GC&SU A+ - CompTIA i-net+ - CompTIA Net+ - CompTIA Security+ - CompTIA Server+ - CompTIA MCP Microsoft CCE Kennesaw State University CEH EC-Council CCNP Route Switch - Cisco CCNP Security Cisco

8 JOHNATHAN BUICE 8

9 SECURITY AT A GLANCE 9 What do we think about when we hear cyber security? Firewalls Perimeter security Passwords Complexity and usage Content Filters Web filtering Software Updates Patches and Service Packs Logging Access and security logs Disaster Plans Disaster recovery Regulations Maintaining compliance

10 GETTING MORE ADVANCED 10 Encryption Transmission At rest Defense in depth Multilayer security Overlapping systems Data Loss Prevention Filtering 802.1x Network security SIEM - System Information Event Monitoring

11 GETTING MORE ADVANCED 11 Internal Penetration Tests Active attempts to breach systems Business Associate testing Social Engineering Tests Media control Phishing attacks Internal Pen Tests Vulnerability Scans Intrusion Detection Systems/Intrusion Prevention Systems Application Filtering Security system testing

12 WHAT ARE ORGANIZATIONS BIGGEST CYBER THREATS? 12

13 WHAT ARE ORGANIZATIONS BIGGEST CYBER THREATS? 13 Users Disgruntled Employees system security Vendors Terrorists Hackers Environmental Disasters

14 CYBERSECURITY TRENDS 14 Limiting Vulnerabilities Cloud based systems Hybrid IT infrastructures Software as a service Direct Connect Storage Artificial Intelligence Internet of Things (IoT) Blockchain

15 LIMITING VULNERABILITIES 15 HIPAA risk assessments generally include vulnerability scans, but what is a vulnerability? Any potential risk or flaw in a system that could be compromised if a particular action or function is performed Often this takes multiple steps in the correct order Not all vulnerabilities are easily compromised There will always be vulnerabilities and we must focus on them based upon their risk and likelihood of being exploited.

16 CLOUD SYSTEM SECURITY 16 Are cloud based systems secure?

17 CLOUD BASED SECURITY 17 Moving to the cloud can actually improve your security posture if the right partner is chosen Shared cost for hardware otherwise unaffordable Ability to layer systems Professional Expertise Improved Disaster Recovery

18 CLOUD SECURITY USE CASE 18 Internet

19 CLOUD SECURITY USE CASE 19 Internet

20 CLOUD SECURITY USE CASE 20 What is more likely to be compromised? A tier 4 data center with a solid defense in depth approach A firewall with improper IPS or ACL rules A user account with a poor password A computer with USB or CD rom access enabled

21 UPSON S APPROACH 21 In 2016 Upson upgraded our electronic health record (EHR) and went cloud based Upson has both our EHR and our Imaging solutions in the cloud Both systems are hosted in the same environment Both systems are included in our DR strategy Our Hybrid IT design won HPE s 2018 award for customer service excellence Looking at aligning the hybrid IT solution to maximize efficiencies and take advantage of cost savings by aligning vendors

22 CHALLENGES 22 Organizational Support User acceptance Administrative Support Reluctance to change Cloud based services create complexity Amazon Web Services and Microsoft Azure Country IP blocking no longer viable IP address can be transferred or bought

23 CHALLENGES 23 Regulations System sunsetting Increased requirements Evolving Technologies Application awareness Artificial Intelligence Proper utilization Proper design Blockchain Direction and Standardization

24 SECURING THE FUTURE 24 Proactive not reactive Active monitoring and system testing Continual training Record and use incidents for user training Mail rules to catch incidents Actively crack passwords and educate users Asset Management Thorough hard drive tracking Thorough media management Remediation Documentation

25 CAN WE BE SECURE? 25 The answer is yes! With proper organizational training and a good security posture we can secure our systems There will always be vulnerabilities, risks and threats, but we can secure our systems to limit our exposure.

26 CAN WE BE SECURE? 26 The answer is yes! With proper organizational training and a good security posture we can secure our systems There will always be vulnerabilities, risks and threats, but we can secure our systems to limit our exposure.

27 THANK YOU 27 Diane Bradley, PhD, RN, NEA-BC, CPHQ, FACHE, FACHCA HealthTechS3 Regional Chief Clinical Officer