COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Similar documents
HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED

HIPAA & Privacy Compliance Update

How to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016

Update on HIPAA Administration and Enforcement. Marissa Gordon-Nguyen, JD, MPH October 7, 2016

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

Lessons Learned: A Real Life Data Breach. Jigar Kadakia Partners HealthCare

Cybersecurity and Hospitals: A Board Perspective

You ve Been Hacked Now What? Incident Response Tabletop Exercise

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Policy and Procedure: SDM Guidance for HIPAA Business Associates

HIPAA Privacy, Security Lessons from 2016 and What's Next in 2017

Ransomware A case study of the impact, recovery and remediation events

A HIPAA Compliance and Enforcement Update from the HHS Office for Civil Rights Session #24, 10:00 a.m. 11:00 a.m. March 6, 2018 Roger Severino, MSPP,

Security Rule for IT Staffs. J. T. Ash University of Hawaii System HIPAA Compliance Officer

Cybersecurity and Nonprofit

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

What to do if your business is the victim of a data or security breach?

Cyber Security Issues

HIPAA Compliance Officer Training By HITECH Compliance Associates. Building a Culture of Compliance

Healthcare Privacy and Security:

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

HIPAA Security and Privacy Policies & Procedures

HIPAA Security. An Ounce of Prevention is Worth a Pound of Cure

Putting It All Together:

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

Service Provider View of Cyber Security. July 2017

CCISO Blueprint v1. EC-Council

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Information Security Controls Policy

Cyber security tips and self-assessment for business

Data Breach Preparedness & Response

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

DON T GET STUNG BY A BREACH! WHAT'S NEW IN HIPAA PRIVACY AND SECURITY

Information Governance, the Next Evolution of Privacy and Security

How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.

Monthly Cyber Threat Briefing

PULSE TAKING THE PHYSICIAN S

Cyber Security. Building and assuring defence in depth

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

CYBER RESILIENCE & INCIDENT RESPONSE

Cybersecurity in Higher Ed

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

2017 Annual Meeting of Members and Board of Directors Meeting

HIPAA SECURITY RISK ASSESSMENT

Agenda. Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More. Health Law Institute

ACM Retreat - Today s Topics:

HIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics

Healthcare HIPAA and Cybersecurity Update

Data Breach Trends: What Local Government Lawyers Need to Know

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

Cybersecurity The Evolving Landscape

HIPAA 2017 Compliancy Group, LLC

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

CYBER SECURITY AND MITIGATING RISKS

Cyber Insurance: What is your bank doing to manage risk? presented by

Cyber Attack: Is Your Business at Risk?

DETAILED POLICY STATEMENT

Ransomware A case study of the impact, recovery and remediation events

What is Cybersecurity?

Protecting your next investment: The importance of cybersecurity due diligence

OA Cyber Security Plan FY 2018 (Abridged)

DATA BREACH NUTS AND BOLTS

Legal Aspects of Cybersecurity

Elements of a Swift (and Effective) Response to a HIPAA Security Breach

Boerner Consulting, LLC Reinhart Boerner Van Deuren s.c.

Incident Response Table Tops

HIPAA Compliance and OBS Online Backup

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance

Data Backup and Contingency Planning Procedure

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Gujarat Forensic Sciences University

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

HIPAA & IT THE HIPAA SECURITY RULE AND THE ROLE OF THE IT PROFESSIONAL DOES YOUR IT PROVIDER UNDERSTAND THEIR ROLE AND ARE THEY COMPLIANT?

HIPAA Federal Security Rule H I P A A

Securing Information Systems

Digital Health Cyber Security Centre

HIPAA Privacy and Security. Kate Wakefield, CISSP/MLS/MPA Information Security Analyst

The Cyber War on Small Business

CONTEMPORARY CYBER ATTACK TRENDS AND CHALLENGES DR SHASHWAT RAIZADA

The Impact of Cybersecurity, Data Privacy and Social Media

Cyber Security Technologies

Cyber Risks in the Boardroom Conference

Cybersecurity Auditing in an Unsecure World

The Data Breach: How to Stay Defensible Before, During & After the Incident

Real-world Practices for Incident Response Feb 2017 Keyaan Williams Sr. Consultant

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

ID Theft and Data Breach Mitigation

Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules

Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.

Cyber fraud and its impact on the NHS: How organisations can manage the risk

PLEASE NOTE. - Text the phrase MICHAELBERWA428 to the number /23/2016 1

Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations. Christopher S. Yoo University of Pennsylvania July 12, 2018

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Transcription:

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1

HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2

HIPAA Rules Combat Cyber Crime HIPAA Rules Easy to Follow Step-by-Step When You Know the Steps 3

HIPAA Rules Combat Cyber Crime Paul R. Hales Attorney at Law HIPAA Privacy and Security The HIPAA E-Tool Legal Education Not Legal Advice Paul.Hales@AttorneyHales.com Direct Tel: 314-534-3534 4

HIPAA Rules Combat Cyber Crime Are there still Cyber Crime Deniers? 5

HIPAA Rules Combat Cyber Crime 2017 6

HIPAA Rules Combat Cyber Crime 2014 7

HIPAA Rules Combat Cyber Crime 2015 8

HIPAA Rules Combat Cyber Crime 2016 9

HIPAA Rules Combat Cyber Crime 2016 10

HIPAA Rules Combat Cyber Crime 2016 11

HIPAA Rules Combat Cyber Crime 2017 12

HIPAA Rules Combat Cyber Crime 13

HIPAA Rules Combat Cyber Crime Your Workforce Your Strongest Defense against Cyber Crime and your Weakest Link Insider Threats Cyber Criminal Workforce Member? 14

HIPAA Rules Combat Cyber Crime Insider misuse is a major issue for the Healthcare industry; in fact it is the only industry where employees are the predominant threat actors in breaches. Verizon Data Breach Report April 28, 2017 15

HIPAA Rules Combat Cyber Crime 16

HIPAA Rules Combat Cyber Crime Think Before You Click! Workforce Training Personal Stake 17

HIPAA Rules Combat Cyber Crime 18

HIPAA Rules Combat Cyber Crime Agenda Strategies to Combat Cyber Crime 1. Who are the Cyber Criminals & How Do We Defend against Them? 2. HIPAA A Blueprint to Combat Cyber Crime 3. Prevent Cyber Crime 4. Respond to Cyber Crime 5. Recover from Cyber Crime 19

1. Who are the Cyber Criminals? 4 Categories 1. Amateurs Unskilled Hackers Script Kiddies RaaS 2. Professional Social Engineers With Sophisticated Malware 3. Professional Hackers including Nation States 4. Insiders 20

1. How Do We Defend Against Them? Amateurs and Professional Social Engineers Contingency Plan Policy and Procedures Workforce Training Information System Safeguards Protective Software Update and Patch All Software 21

1. How Do We Defend Against Them? Professional Hackers Contingency Plan Policy and Procedures Trained Expert Workforce or IT Services Information System Safeguards Managed Protective Software Information System Monitoring, Updating, Data Backup 22

1. How Do We Defend Against Them? Insiders Contingency Plan Policy and Procedures Workforce Training Alert to Unusual, Improper or Inappropriate Behavior Trained Expert Workforce or IT Services Information System Safeguards Employee Monitoring Procedures 23

2. HIPAA Blueprint - Combat Cyber Crime Your Money or Your PHI: New Guidance on Ransomware Ransomware is a type of malware (malicious software) distinct from other malware; its defining characteristic is that it attempts to deny access to a user s data. July 11, 2016 By: Jocelyn Samuels, Director, Office for Civil Rights Summary: To help health care entities better understand and respond to the threat of ransomware, FACT SHEET: the HHS Ransomware Office for Civil and Rights HIPAA has released new HIPAA guidance. Malicious software means software, for example, a virus, designed to damage or disrupt a system. 45 CFR 164.304 www.hhs.gov/sites/default/files/ransomwarefactsheet.pdf 24

2. HIPAA Blueprint - Combat Cyber Crime FACT SHEET: Ransomware and HIPAA A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000 daily ransomware attacks reported in 2015). This document describes ransomware attack prevention and recovery from a healthcare sector perspective, including the role the Health Insurance Portability and Accountability Act (HIPAA) has in assisting HIPAA covered entities and business associates to prevent and recover from ransomware attacks, and 25

2. HIPAA Blueprint - Combat Cyber Crime FACT SHEET: Ransomware and HIPAA Can HIPAA compliance help covered entities and business associates prevent infections of malware, including ransomware? Yes. The HIPAA Security Rule requires implementation of security measures that can help prevent the introduction of malware, including ransomware. Can HIPAA compliance help covered entities and business associates recover from infections of malware, including ransomware? Yes. The HIPAA Security Rule requires covered entities and business associates to implement policies and procedures that can assist an entity in responding to and recovering from a ransomware attack. 26

2. HIPAA Blueprint - Combat Cyber Crime FACT SHEET: Ransomware and HIPAA What should covered entities or business associates do if their computer systems are infected with ransomware? The presence of ransomware (or any malware) on a covered entity s or business associate s computer systems is a security incident under the HIPAA Security Rule. HIPAA covered entities and business associates are required to develop and implement security incident procedures and response and reporting processes that they believe are reasonable and appropriate to respond to malware and other security incidents, including ransomware attacks. 27

2. HIPAA Blueprint - Combat Cyber Crime 28

2. HIPAA Blueprint - Combat Cyber Crime 29

2. HIPAA Blueprint - Combat Cyber Crime 30

2. HIPAA Blueprint - Combat Cyber Crime FACT SHEET: Ransomware and HIPAA Guidance Blueprint to Combat Cyber Crime 1. Policies and Procedures 2. Workforce Training 3. Information System Safeguards 31

3. Prevent Cyber Crime 1. Policies and Procedures Security Management Process Risk Analysis Risk Management Information Access Management Protection from Malicious Software Password Management Workstation Security (BYOD) Workforce Training 32

3. Prevent Cyber Crime Risk Analysis Risk Management = A 3 Act Play Act 1 Setup Risk Analysis 1. Assemble Information PHI Locations Workforce - Business Associates Threats and Vulnerabilities 2. Identify Risks 33

3. Prevent Cyber Crime Act 2 Confrontation Risk Management Action Act 3 Resolution Risk Management Plan Active Documented In Place 34

3. Prevent Cyber Crime Act 1 Act 2 Act 3 35

3. Prevent Cyber Crime 36

3. Prevent Cyber Crime 2. Workforce Training Combat Phishers Amateurs Professional Social Engineers 1. Phishing Emails Anthem 78.8 M 2. Spear Phishing Emails 3. Malvertising 37

3. Prevent Cyber Crime Phishing 38

3. Prevent Cyber Crime Spear Phishing 39

3. Prevent Cyber Crime Malvertising 40

3. Prevent Cyber Crime Malvertising 41

3. Prevent Cyber Crime 42

3. Prevent Cyber Crime Think Before You Click! Workforce Training Personal Stake 43

3. Prevent Cyber Crime 3. Information System Safeguards Risk Analysis Risk Management Include Ransomware Threat & Vulnerabilities Identify Risk Levels Ransomware T/V Pairs Manage Risks Update Software Operating & Applications Install and Update Protective Software Evaluation - Periodic Technical & Non- Technical 44

3. Prevent Cyber Crime 3. Information System Safeguards Protective Software 45

3. Prevent Cyber Crime 3. Information System Safeguards Protective Software 46

3. Prevent Cyber Crime 3. Information System Safeguards Managed Protective Software 47

3. Prevent Cyber Crime 3. Information System Safeguards Professional Hackers Managed Protective Software Expert IT Services Monitor System, Protective Software, All Software Updates & Patches, Data Backup Insiders Expert IT Services Employee Monitoring Software 48

4. Respond to Cyber Crime 1. Policies and Procedures Contingency Plan IT Response Team Ready and Trained Management Team Ready and Trained Legal Counsel Ready and Prepared PR Team Identified - Ready if Needed Cyber Insurance 49

4. Respond to Cyber Crime 50

4. Respond to Cyber Crime 51

4. Respond to Cyber Crime 1. Policy and Procedures Contingency Plan - All Elements including: Pay Ransom? When to contact Law Enforcement? Breach Risk Assessment Tool Security Incident Response and Reporting Breach Notification Policy and Procedures Sanctions 52

4. Respond to Cyber Crime 2. Workforce Training Becomes Workforce Implementation Workforce Members implement Contingency Plan 53

4. Respond to Cyber Crime 3. Information System Safeguards Expert IT Services Contain and Mitigate Ransomware Attack Forensic Analysis and Documentation Maintain Operations with Data Backup Implement Disaster Recovery Plan Sanitize Affected Information System Components 54

5. Recover from Cyber Crime 1. Policy and Procedures Implement Contingency Plan Disaster Recovery Procedures Sanctions Risk Analysis - Risk Management Revise Policies and Procedures Contingency Plan Incorporate Lessons Learned Revise Workforce Training - Incorporate Lessons Learned 55

5. Recover from Cyber Crime 2. Workforce Training Explain What Happened and Why Emphasize - Importance of Constant Vigilance Provide Training - All Revised Policies and Procedures Practice and Test New Procedures Practice and Test Contingency Plan 56

5. Recover from Cyber Crime 3. Information System Safeguards Risk Analysis Risk Management Evaluation Keep IT Software Safeguards Up to Date Data Backup IT Response Team Ready and Trained 57

HIPAA Rules Combat Cyber Crime We Have Reviewed Strategies to Combat Cyber Crime 1. Who are the Cyber Criminals & How Do We Defend against Them? 2. HIPAA A Blueprint to Combat Cyber Crime 3. Prevent Cyber Crime 4. Respond to Cyber Crime 5. Recover from Cyber Crime 58

HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 59

HIPAA Rules Combat Cyber Crime HIPAA Rules Easy to Follow Step-by-Step When You Know the Steps 60

HIPAA Rules Combat Cyber Crime Your Workforce Your Strongest Defense against Cyber Crime and your Weakest Link Insider Threats Cyber Criminal Workforce Member? 61

HIPAA Rules Combat Cyber Crime Think Before You Click! Workforce Training Personal Stake 62

HIPAA Rules Combat Cyber Crime CEU: 2DFD Questions - Discussion The HIPAA E-Tool info@hipaaetool.com www.hipaaetool.com 800-570-5879 63

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback