CHIEF INFORMATION OFFICER
|
|
- Kelley Wiggins
- 5 years ago
- Views:
Transcription
1 OFFICE OF THE CHIEF INFORMATION OFFICER DEPARTMENT OF HEALTH AND HUMAN SERVICES U. S. D E P A R T M E N T O F H E A L T H A N D H U M A N S E R V I C E S Public-Private Collaboration - Bridging the Gap to Protect Health Information December 2014
2 Cyber State of the Healthcare & Public Health Sector (HPH) (U) Cyber actors will likely increase cyber intrusions against health care systems to include medical devices The biggest vulnerability was the perception of IT health care professionals beliefs that their current perimeter defenses and compliance strategies were working when clearly the data states otherwise. According to open source reporting from SANS, Ponemon, and EMC²/RSA, the health care industry is not technically prepared to combat against cyber criminals basic cyber intrusion tactics, techniques and procedures (TTPs), much less against more advanced persistent threats (APTs). dated March 2013, 63% of the health care organizations surveyed reported a data breach in the past two years with an average monetary loss of $2.4 million per data breach. FBI PIN #: Source: FBI Cyber Division, Private Industry Notification, (U)Health Care Systems and Medical Devices at Risk for Increased Cyber Intrusions for Financial Gain, 17 April Page 2
3 Improving Critical Infrastructure Cybersecurity It is the policy of the United States Government to increase the volume, timeliness, and quality of cyber threat information shared with U.S. private sector entities so that these entities may better protect and defend themselves against cyber threats. - Executive Order -- Improving Critical Infrastructure Cybersecurity Source: Page 3
4 Healthcare & Public Health Sector and Security Vision The HPH Sector will achieve overall resilience against all hazards. It will prevent or minimize damage to, or destruction of, the Nation s healthcare and public health infrastructure. It will strive to protect its workforce and preserve its ability to mount timely and effective responses (without disruption to services in unaffected areas) and to recover from both routine and emergency situations. Mission To sustain the essential functions of the Nation s healthcare and public health delivery system and to support effective emergency preparedness and response to nationally significant hazards by implementing strategies, evaluating risks, coordinating plans and policy advice, and providing guidance to prepare, protect, prevent, and, when necessary, respond to attacks on the Nation s infrastructure, and support the necessary resilience in infrastructure to recover and reconstitute healthcare and public health services. Goal 4: Cybersecurity Mitigate risks to the sector s cyber assets that may result in disruption to or denial of health services. Source: Healthcare and Public Health Sector-Specific Plan, An Annex to the National Infrastructure Protection Plan, Page 4
5 The HPH Sector Ecosystem HPH Sector Elements Source: Healthcare and Public Health Sector-Specific Plan, An Annex to the National Infrastructure Protection Plan, Page 5
6 HPH Sector Dependencies HPH Sector is dependent on other sectors Source: Healthcare and Public Health Sector-Specific Plan, An Annex to the National Infrastructure Protection Plan, Page 6
7 Layers of Collaboration Page 7
8 Opportunities for Information Sharing Page 8
9 Example 1: HPH Cyber Threat Exercise Scenarios HHS Cyber Scenario 1 Large Virginia hospital cyber security team detects unauthorized outbound connections. After further investigation they decide to make firewall changes to block the source and destination IP connections. Injection 1: Immediately after the IP is blocked at the firewall, the firewall logs start filling up with one source IP identified as an internal server. Further analysis quickly reveals this internal server is a Command & Control server and possessing files with patient medical records. Injection 2: Reporter blogs about a tip that a major hospital has been breached and the actor has patient data on high profile people. The actor states the best is yet to come. Injection 3: News Agency reports that a Pastebin posting shows the medical record of a Virginia Senator that describes his terminal illness in detail. Injection 4: Large Virginia hospital receives an demanding $5 million dollars to be wired to an offshore account or they will start to release the medical records of the 15 senators the hospital has been treating for the last 10 years. Page 9
10 Example 2: HPH Cyber Threat Exercise Scenarios HHS Cyber Scenario 2 Local news reports a Doctor in California is being interrogated on suspicion of altering radiology readings. Injection 1: Industry partner releases a Threat Intelligence Report notifying the health community of a foreign actor forum thread discussing an unidentified medical device vulnerability which has been undetected for months. The foreign actors are known to be associated with fraud activity. Injection 2: Local news report the Doctor is a radiologist and altered his patients x-ray images generated on the x-ray machine. Injection 3: It s reported the FBI is now supporting the investigation, leading to speculation this could be a federal crime. Injection 4: Foreign actor internet blog is found to report that several x-ray machines have been infected across the U.S. with software that randomly adds a mass to images. Injection 5: The FBI reports the Doctor paid hackers to develop malware to randomly add a mass to his patient s images so he could diagnose his patients, administer treatments, and charge for expensive treatments they didn t need. It appears the Doctor thought the actors gave him the only working version of the malware; however, it is believed the actors sold the malware on the black market to the highest bidder(s). The FBI is presently investigating all potential infections of x-ray machines and the potential impact to hospitals and patients. CyberRX 2.0 Level I Playbook Participant and Facilitator Guide: Page 10
11 Real Life Threats Real Life Threats Imagine receiving a diagnosis of cancer and then having to go through chemotherapy or other intensive treatments. Then imagine finding out that you never had cancer in the first place and that your doctor whom you trusted implicitly merely used you in his scheme to fraudulently bill the federal Medicare program and private insurance companies for hundreds of millions of dollars. That s exactly what happened to patients of Dr. Farid Fata, a Detroit-area hematologist and oncologist. And it was not only cancer diagnoses. Some patients were told, wrongly, that they had other conditions which required expensive intravenous therapies, medications, and diagnostic tests...all of which jeopardized their health and wellbeing. Source: Egregious Case of Health Care Fraud, Cancer Doctor Admits Prescribing Unnecessary Chemotherapy. November 6, Retrieved from Page 11
12 Scenario vs. Real Life HHS Cyber Scenario 2 Local news reports a Doctor in California is being interrogated on suspicion of altering radiology readings. Doctor altered his patients x-ray images generated on the x-ray machine FBI is now supporting the investigation The FBI reports the Doctor paid hackers to develop malware to randomly add a mass to his patient s images so he could diagnose his patients, administer treatments, and charge for expensive treatments they didn t need. Real Life Threats Imagine receiving a diagnosis of cancer and then having to go through chemotherapy or other intensive treatments. Then imagine finding out that you never had cancer in the first place and that your doctor whom you trusted implicitly merely used you in his scheme to fraudulently bill the federal Medicare program and private insurance companies for hundreds of millions of dollars. That s exactly what happened to patients of Dr. Farid Fata, a Detroit-area hematologist and oncologist. And it was not only cancer diagnoses. Some patients were told, wrongly, that they had other conditions which required expensive intravenous therapies, medications, and diagnostic tests...all of which jeopardized their health and well-being. Page 12
13 Example 3: Healthcare Threat Operations Center Healthcare Threat Operations Center (HTOC) The HTOC is a partnership of the HPH federal partners strategically and operationally merging cyber security operational capabilities in an effort to improve each partners cyber security capabilities, provide cost saving solutions, and advancements through centralized optimization. HTOC will provide the largest real-time federal healthcare sector cyber threat window under one roof. HPH Federal Partners Department of Veterans Affairs Network Security Operations Center (VA- NSOC) Space and Naval Warfare Systems Center Atlantic s Network Security Operations Center (SPAWAR NSOC) Department of Health & Human Services Computer Security Incident Response Center (HHS CSIRC) Page 13
14 We Each Have a Role to Play Page 14
15 Questions Robert Foster Deputy Chief Information Officer, Acting Chief Information Security Officer U.S. Department of Health and Human Services Sara Hall Deputy Chief Information Security Officer U.S. Department of Health and Human Services Reference: CyberRX 2.0 Level I Playbook Participant and Facilitator Guide: Page 15
Cybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationSecuring the Internet of Things (IoT) at the U.S. Department of Veterans Affairs
Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs Dominic Cussatt Acting Deputy Assistant Secretary / Chief Information Security Officer (CISO) February 20, 2017 The Cyber
More informationUNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21
National and Cyber Security Branch Presentation for Gridseccon Quebec City, October 18-21 1 Public Safety Canada Departmental Structure 2 National and Cyber Security Branch National and Cyber Security
More informationTestimony. of the. American Hospital Association. before the. Subcommittee on Intergovernmental Affairs. of the
Testimony of the American Hospital Association before the Subcommittee on Intergovernmental Affairs of the Committee on Oversight and Government Reform of the U.S. House of Representatives July 18, 2018
More informationDecember 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development
December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination
More informationCOUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017
COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime
More informationGEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards
GEORGIA CYBERSECURITY WORKFORCE ACADEMY NASCIO 2018 State IT Recognition Awards Title: Georgia Cybersecurity Workforce Academy Category: Cybersecurity State: Georgia Contact: Stanton Gatewood Stan.Gatewood@gta.ga.gov
More informationInformation Security Is a Business
Information Security Is a Business Continuity Issue: Are You Ready? Dr. Nader Mehravari Cyber Risk and Resilience Management Team CERT Division Software Engineering Institute Carnegie Mellon University
More informationNIST Cybersecurity Framework Protect / Maintenance and Protective Technology
NIST Cybersecurity Framework Protect / Maintenance and Protective Technology Presenter Charles Ritchie CISSP, CISA, CISM, GSEC, GCED, GSNA, +6 Information Security Officer IT experience spanning two centuries
More informationMedical Device Cybersecurity: FDA Perspective
Medical Device Cybersecurity: FDA Perspective Suzanne B. Schwartz MD, MBA Associate Director for Science and Strategic Partnerships Office of the Center Director (OCD) Center for Devices and Radiological
More informationPROTECTING ARIZONA AGAINST CYBER THREATS THE ARIZONA CYBERSECURITY TEAM
PROTECTING ARIZONA AGAINST CYBER THREATS THE ARIZONA CYBERSECURITY TEAM THE THREAT WE FACE On average, the Department of Administration information officers identify: 200 brute force attempts per day;
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More informationHacking and Cyber Espionage
Hacking and Cyber Espionage September 19, 2013 Prophylactic and Post-Breach Concerns for In-House Counsel Raymond O. Aghaian, McKenna Long & Aldridge LLP Elizabeth (Beth) Ferrell, McKenna Long & Aldridge
More informationCyber Attacks & Breaches It s not if, it s When
` Cyber Attacks & Breaches It s not if, it s When IMRI Team Aliso Viejo, CA Trusted Leader with Solution Oriented Results Since 1992 Data Center/Cloud Computing/Consolidation/Operations 15 facilities,
More informationAchieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)
Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Florida Hospital Association Welcome! John Wilgis Director, Emergency Management Services Florida Hospital Association
More informationRIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015
www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad
More informationToday s cyber threat landscape is evolving at a rate that is extremely aggressive,
Preparing for a Bad Day The importance of public-private partnerships in keeping our institutions safe and secure Thomas J. Harrington Today s cyber threat landscape is evolving at a rate that is extremely
More informationHeavy Vehicle Cyber Security Bulletin
Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin
More informationMaking plans. An integrated and holistic solution
SPECIAL EDITION INNOVATION+RESILIENCE Vulnerability to cyber hacking is exposing and expensive, and it also has the potential to be highly dangerous. In developing a cyber resilience plan, a collaborative
More informationCyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation
Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation COL Michael R. Corpening Deputy Chief, Operations Division (CCJ6-O) 1 December 2014 The overall classification of this brief is UNCLASSIFIED
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationOverview of the Federal Interagency Operational Plans
Overview of the Federal Interagency Operational Plans July 2014 Table of Contents Introduction... 1 Federal Interagency Operational Plan Overviews... 2 Prevention Federal Interagency Operational Plan...2
More information79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90
th OREGON LEGISLATIVE ASSEMBLY-- Regular Session Senate Bill 0 Printed pursuant to Senate Interim Rule. by order of the President of the Senate in conformance with presession filing rules, indicating neither
More informationHPH SCC CYBERSECURITY WORKING GROUP
HPH SCC A PRIMER 1 What Is It? The cross sector coordinating body representing one of 16 critical infrastructure sectors identified in Presidential Executive Order (PPD 21) A trust community partnership
More informationNATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium
NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities September 10, 2009, Crystal Gateway Marriott, Arlington,
More informationCYBERSECURITY. Protecting Against the Financial, Regulatory and Reputational Impacts of Cyber Attack
CYBERSECURITY Protecting Against the Financial, Regulatory and Reputational Impacts of Cyber Attack An Interview with the Department of Homeland Security s Office of Cybersecurity Since government agencies
More informationMedia Kit. California Cybersecurity Institute
Media Kit Fact Sheet Cybercrime A Growing Threat Cybercriminals are invisible enemies who jeopardize our nation s security in increasingly sophisticated and pervasive ways. According to the Government
More informationDefending Our Digital Density.
New Jersey Cybersecurity & Communications Integration Cell Defending Our Digital Density. @NJCybersecurity www.cyber.nj.gov NJCCIC@cyber.nj.gov The New Jersey Cybersecurity & Communications Integration
More informationCyber Insurance: What is your bank doing to manage risk? presented by
Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationStanding Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report. November 19, 2015
Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report November 19, 2015 Table of contents Background Exercise objectives Quantum Dawn 3 (QD3) cyberattack scenario QD3 results
More informationExecutive Order on Coordinating National Resilience to Electromagnetic Pulses
Executive Order on Coordinating National Resilience to Electromagnetic Pulses The Wh... Page 1 of 11 EXECUTIVE ORDERS Executive Order on Coordinating National Resilience to Electromagnetic Pulses INFRASTRUCTURE
More informationDHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017
DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.
More informationAmerican Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment
American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment July 20, 2017 DECIDEPLATFORM.COM The new Reality of Cyber Security
More informationLessons Learned: A Real Life Data Breach. Jigar Kadakia Partners HealthCare
Lessons Learned: A Real Life Data Breach Jigar Kadakia Partners HealthCare Introductions Jigar Kadakia Partners HealthCare Chief Information Security and Privacy Officer jkadakia@partners.org 61-6-121
More informationCybersecurity Survey Results
Cybersecurity Survey Results 4 November 2015 DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
More informationPIPELINE SECURITY An Overview of TSA Programs
PIPELINE SECURITY An Overview of TSA Programs Jack Fox Pipeline Industry Engagement Manager Surface Division Office of Security Policy & Industry Engagement May 5, 2014 TSA and Pipeline Security As the
More informationNew Zealand National Cyber Security Centre Incident Summary
New Zealand National Cyber Security Centre 2013 Incident Summary National Cyber Security Centre 2013 Incident Summary Foreword The incidents summarised in this report reinforce that cyber security is truly
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationEMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS
Information Technology Shared Service Team North Dakota Cyber Security Across North Dakota Threats and Opportunities 15 September 2018 EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS AGENDA SIRN / FirstNet
More informationEmerging Issues: Cybersecurity. Directors College 2015
Emerging Issues: Cybersecurity Directors College 2015 Agenda/Objectives Define Cybersecurity Cyber Fraud Trends/Incidents FFIEC Cybersecurity awareness initiatives Community Bank expectations FFIEC Cybersecurity
More informationISACA West Florida Chapter - Cybersecurity Event
ISACA West Florida Chapter - Cybersecurity Event Presented by Sri Sridharan Managing Director & Chief Operating Officer Florida Center for Cybersecurity CURRENT TRENDS Top Cybersecurity Trends of 2015
More informationAdversary Playbooks. An Approach to Disrupting Malicious Actors and Activity
Adversary Playbooks An Approach to Disrupting Malicious Actors and Activity Overview Applying consistent principles to Adversary Playbooks in order to disrupt malicious actors more systematically. Behind
More informationMember of the County or municipal emergency management organization
EMERGENCY OPERATIONS PLAN SUUPPORT ANNEX B PRIVATE-SECTOR COORDINATION Coordinating Agency: Cooperating Agencies: Chatham Emergency Management Agency All Introduction Purpose This annex describes the policies,
More informationSTRATEGIC PLAN VERSION 1.0 JANUARY 31, 2015
VERSION 1.0 JANUARY 31, 2015 2015-2018 STRATEGIC PLAN NATIONAL ALLIANCE FOR PUBLIC SAFETY GIS FOUNDATION 1250 24TH STREET NW SUITE 300 WASHINGTON, DC 20037 2015-2018 STRATEGIC PLAN VISION A Nation of emergency
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationDigital Health Cyber Security Centre
Digital Health Cyber Security Centre Current challenges Ransomware According to the ACSC Threat Report 2017, cybercrime is a prevalent threat for Australia. Distributed Denial of Service (DDoS) Targeting
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationNational Policy and Guiding Principles
National Policy and Guiding Principles National Policy, Principles, and Organization This section describes the national policy that shapes the National Strategy to Secure Cyberspace and the basic framework
More informationGreg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security
1 Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security 2 Government Services 3 Business Education Social CYBERSPACE
More informationEngaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,
Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Deloitte & Touche LLP 1 Speaker Introduction Sanjeev
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationSecurity Survey Executive Summary October 2008
A government technology Executive Survey Summary: HP Security Survey Executive Summary October 2008 Produced by: In Partnership With: Introduction Information is paramount to the survival of government
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationTIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE
TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,
More informationAll-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011
All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011 Copyright 2009 American Water Works Association Copyright 2011 American Water Works Association Security
More informationDepartment of Homeland Security Updates
American Association of State Highway and Transportation Officials Special Committee on Transportation Security and Emergency Management 2016 Critical Infrastructure Committee Joint Annual Meeting Department
More informationHIPAA Privacy & Security Training. Privacy and Security of Protected Health Information
HIPAA Privacy & Security Training Privacy and Security of Protected Health Information Course Competencies: This training module addresses the essential elements of maintaining the HIPAA Privacy and Security
More informationIncident Response Table Tops
Incident Response Table Tops Agenda Introductions SecureState overview Need for improved incident response capability https://pollev.com/securestate Overview of the exercise: Sample incident response table
More informationEscalated Threats to PHI Require a New Approach to Privacy and Security Wednesday, March 2, 2016
Escalated Threats to PHI Require a New Approach to Privacy and Security Wednesday, March 2, 2016 Kurt J. Long, CEO & Founder, FairWarning, Inc. Robert Rost, IT Operations Director of Defensive Services,
More informationSecurity for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape
White Paper Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape Financial services organizations have a unique relationship with technology: electronic data and transactions
More informationHIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED
HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED HEALTHCARE ORGANIZATIONS ARE UNDER INTENSE SCRUTINY BY THE US FEDERAL GOVERNMENT TO ENSURE PATIENT DATA IS PROTECTED Within
More informationHEALTH CARE AND CYBER SECURITY:
HEALTH CARE AND CYBER SECURITY: Increasing Threats Require Increased Capabilities kpmg.com 1 HEALTH CARE AND CYBER SECURITY EXECUTIVE SUMMARY Four-fifths of executives at healthcare providers and payers
More informationCalifornia Cybersecurity Integration Center (Cal-CSIC)
California Cybersecurity Integration Center (Cal-CSIC) Agenda Mission and Scope Whole of State Government Approach Where is the Cal-CSIC? Cal-CSIC Partners Attaining Cyber Maturity in Parallel Machine
More informationOA Cyber Security Plan FY 2018 (Abridged)
OA Cyber Security Plan FY 2018 (Abridged) 1 Table of Contents Vision... 3 Goals, Strategies, and Tactics... 5 Goal #1: Create a Culture that Fosters the Adoption of Cyber Security Best Practices... 5 1.1
More informationCybersecurity and Nonprofit
Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit
More informationHow NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity
How NSFOCUS Protected the G20 Summit Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity SPONSORED BY Rosefelt is responsible for developing NSFOCUS threat intelligence and web
More informationThe Cost of Denial-of-Services Attacks
The Cost of Denial-of-Services Attacks Sponsored by Akamai Technologies Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report The Cost of Denial-of-Service
More informationStanding Together for Financial Industry Resilience Quantum Dawn IV after-action report June 2018
Standing Together for Financial Industry Resilience Quantum Dawn IV after-action report June 2018 Contents Background 3 Exercise objectives 4 Day 1 Cyber-range exercise 5 Day 2 Cyberattack scenario 6-7
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationAddressing Cybersecurity in Infusion Devices
Addressing Cybersecurity in Infusion Devices Authored by GEORGE W. GRAY Chief Technology Officer / Vice President of Research & Development Ivenix, Inc. INTRODUCTION Cybersecurity has become an increasing
More informationDefense in Depth Security in the Enterprise
Defense in Depth Security in the Enterprise Mike Mulville SAIC Cyber Chief Technology Officer MulvilleM@saic.com Agenda The enterprise challenge - threat; vectors; and risk Traditional data protection
More informationManaged Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts
Managed Enterprise Phishing Protection Comprehensive protection delivered 24/7 by anti-phishing experts MANAGED ENTERPRISE PHISHING PROTECTION 24/7 expert protection against phishing attacks that get past
More informationU.S. Department of Homeland Security Office of Cybersecurity & Communications
U.S. Department of Homeland Security Office of Cybersecurity & Communications Council of State Governments Cybersecurity Session November 3, 2017 Cybersecurity & Communications (CS&C) CS&C s Mission ensure
More informationBradford J. Willke. 19 September 2007
A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure
More informationYou ve Been Hacked Now What? Incident Response Tabletop Exercise
You ve Been Hacked Now What? Incident Response Tabletop Exercise Date or subtitle Jeff Olejnik, Director Cybersecurity Services 1 Agenda Incident Response Planning Mock Tabletop Exercise Exercise Tips
More informationQuadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters
Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters QHSR Background Implementing Recommendations of the 9/11 Commission Act of 2007 directed DHS to Conduct a Quadrennial Homeland
More informationPresidential Documents
Federal Register Vol. 84, No. 61 Friday, March 29, 2019 Presidential Documents 12041 Title 3 Executive Order 13865 of March 26, 2019 The President Coordinating National Resilience to Electromagnetic Pulses
More informationCYBER SOLUTIONS & THREAT INTELLIGENCE
CYBER SOLUTIONS & THREAT INTELLIGENCE STRENGTHEN YOUR DEFENSE DarkTower is a global advisory firm focused on security for some of the world s leading organizations. Our security services, along with real-world
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationOverview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive
More informationNATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC
NATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC Draft Version incorporating Management Review [MR] Edits and Comments Document Date: July 2013 Goal One: Ensure Interoperable
More informationMedical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.
Medical Devices and Cyber Issues JANUARY 23, 2018 AHA and Cybersecurity Policy Approaches Role of the FDA FDA Guidance and Roles Pre-market Post-market Assistance during attack Recent AHA Recommendations
More informationStephanie Zierten Associate Counsel Federal Reserve Bank of Boston
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationCyber Security & Homeland Security:
Cyber Security & Homeland Security: Cyber Security for CIKR and SLTT Michael Leking 19 March 2014 Cyber Security Advisor Northeast Region Office of Cybersecurity and Communications (CS&C) U.S. Department
More informationFDA & Medical Device Cybersecurity
FDA & Medical Device Cybersecurity Closing Keynote, February 19, 2017 Suzanne B. Schwartz, M.D., MBA Associate Director for Science & Strategic Partnerships Center for Devices and Radiological Health US
More informationCanada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?
Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY
More informationCyber Risk and Third Party Risk Management. Lisa Murphy First Horizon National Corporation
Cyber Risk and Third Party Risk Management Lisa Murphy First Horizon National Corporation The Cyber Risks Third Party Breach Advance Persistent Threat The Headlines Goodwill Names Vendor in Breach C&K
More informationCYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW
CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW May 2018 Ed Plawecki General Counsel & Director of Government Relations UHY LLP Jamie See Manager UHY LLP Iowa Public
More informationHow Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity
How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity Why is the NIST framework important? GOH Seow Hiong Executive Director, Global Policy & Government Affairs, Asia Pacific
More informationFEMA Region III Cyber Security Program
FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019) (Presented again at the October 16, 2018, meeting of the Maryland Cybersecurity Council and published with permission.)
More informationSecurity & Phishing
Email Security & Phishing Best Practices In Cybersecurity Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2 What Is Phishing?
More informationIntegrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO
More informationCritical Infrastructure Sectors and DHS ICS CERT Overview
Critical Infrastructure Sectors and DHS ICS CERT Overview Presented by Darryl E. Peek II REGIONAL INTELLIGENCE SEMINAR AND NATIONAL SECURITY FORUM 2 2 Authorities and Related Legislation Homeland Security
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening
More information