Speakers. Shellie Zavatsky Director of Internal Audit at Hurley Medical Center. Trent Long Director of Managed Privacy Services at FairWarning, Inc

Transcription

1 View the Replay

2 Speakers Shellie Zavatsky Director of Internal Audit at Hurley Medical Center Trent Long Director of Managed Privacy Services at FairWarning, Inc

3 Agenda What are the new advanced threats to patient data? Implications of global cybersecurity attacks to your organization Response tactics to global cybersecurity attacks Implications of terror to securing patient data Response tactics to terror attacks Implications of identity theft and fraud Response tactics to identity theft and fraud Driving threats out of your organization through technology and culture

4 Protecting Patient Information in the Age of Advanced Threats Threats to patient data now include: Global Cybersecurity Attacks Terror Identity Theft Fraud Drug Addiction Basic HIPAA Violations & OCR Investigations Threats to patient information have advanced in a short amount of time Advanced threats require innovative tactics to secure patient data People Approach combining technology and training

5 Here s Why We are Able to Obtain this Data Global Customer Base 40% + US Market Share of Major Healthcare Providers FairWarning s Managed Privacy Services (MPS) monitors over 500,000 healthcare provider employees and affiliates MPS reviews thousands of potential incidents per month Over 5,000 confirmed privacy and security incidents

6 Global Cybersecurity Attacks Here s why it s important to know 2017 there s been an increase in the number of organizations affected by global cybersecurity attacks/terror Here are the implications to your organization Interrupt services to your healthcare patients Reputational Damage Business Continuity Here is what we have seen Hacktivist groups Compromised user credentials

7 Response Tactics Global Cybersecurity Attacks Statistical Deviations Visualization Intelligent Filtering Day to Day or Forensically Behavior Analysis w/machine Learning Network Compromise - Forensics Investigation of Clinical Apps & EHRs FairWarning Ready Information Security Partners

8 Happens without notice Terror Attacks Instantaneous worldwide media attention Breaking News On CNN Massive international curiosity over victims - patients Immediate escalation of patient and institutional risks Poor handling can jeopardize law enforcement, legal proceedings, and prosecution of the accused

9 Response Tactics: Terror Attacks Privacy and Security Partner Every effort to proactively reach out to customers FairWarning MPS Specialists Available Close partnership with our customers Comprehensive behavior analysis packages put in place to instantly monitor victims

10 Identity Theft and Fraud Here s why it s important to know Widescale fraud and identity theft are prevalent at any organization no matter the size or location Fueled by IRS tax fraud and medical identity theft Active identity theft criminal networks in major metros Has become business as usual for care providers Here are the implications to your organization Happens at a moment s notice Local law enforcement, FBI, and Department of Justice investigate 3 rd party tips that lead to the care provider $1.3 Billion strike force Here is what we have seen FairWarning called in to meet highest stake cases

11 Response: Identity Theft and Fraud Close Partnership with Customers Rapid Escalation Upon Detection Professional and Legal Documentation of Potential Incidents in the FairWarning Platform Statistical Deviations Visualization Intelligent Filtering Day to Day or Forensically Behavior Analysis w/machine Learning Dynamic Identity Intelligence

12 Basic HIPAA and OCR Investigations Snooping Remains a Challenge Expanded Emphasis on Employees OCR Requires Documented Appropriate Monitoring Program Read more Read more Create Culture of Privacy and Compliance Read more Read more

13 Under OCR Resolution Agreement Upticks related to new behavioral analytics implemented

14 Enterprise Upticks related to new facilities acquired by covered entity

15 Mitigating Threats to Patient Data Through Technology and People Training We want to note that the threats to patient data are mitigated through a combined approach of technology and training your workforce. Culture of Privacy and Security: Executive Support - support from the CEO New hire HIPAA training Ongoing training with security incidents Employee accountability Dynamic Identity Intelligence