Preparing for a Breach October 14, 2016

Similar documents
ID Theft and Data Breach Mitigation

Cyber Insurance: What is your bank doing to manage risk? presented by

Cybersecurity The Evolving Landscape

DeMystifying Data Breaches and Information Security Compliance

Sage Data Security Services Directory

The Data Breach: How to Stay Defensible Before, During & After the Incident

DATA BREACH NUTS AND BOLTS

Cyber Risks in the Boardroom Conference

PTLGateway Data Breach Policy

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Putting It All Together:

CACUBO Higher Education Accounting Workshop Top 10 Cyber Security Issues for Higher Education Business Managers. May 2017

Cybersecurity and Nonprofit

Information Governance, the Next Evolution of Privacy and Security

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

University of Pittsburgh Security Assessment Questionnaire (v1.7)

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

Cyber Security Risk Management and Identity Theft

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

Healthcare HIPAA and Cybersecurity Update

What It Takes to be a CISO in 2017

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

locuz.com SOC Services

Security Audit What Why

CCISO Blueprint v1. EC-Council

Employee Security Awareness Training

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

How to Prepare a Response to Cyber Attack for a Multinational Company.

Cybersecurity in Higher Ed

Regulation P & GLBA Training

Why you MUST protect your customer data

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

encrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?

Cybersecurity Today Avoid Becoming a News Headline

Encrypting PHI for HIPAA Compliance on IBM i. All trademarks and registered trademarks are the property of their respective owners.

Data Compromise Notice Procedure Summary and Guide

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

PULSE TAKING THE PHYSICIAN S

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

2017 RIMS CYBER SURVEY

Personal Cybersecurity

2017 Annual Meeting of Members and Board of Directors Meeting

Lessons Learned: A Real Life Data Breach. Jigar Kadakia Partners HealthCare

50+ Incident Response Preparedness Checklist Items.

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

HIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017

PROVIDING INVESTIGATIVE SOLUTIONS

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

It s About the Data, Stupid.

Altitude Software. Data Protection Heading 2018

You ve Been Hacked Now What? Incident Response Tabletop Exercise

Data Breach Preparedness & Response

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

Cyber Security. The Question of the Day. Sylint Group, Inc. How did we come up with the company name Sylint and what does it mean?

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

June 2 nd, 2016 Security Awareness

Cybersecurity. Securely enabling transformation and change

Top Ten IT Security Risks CHRISTOPHER S. ELLINGWOOD SENIOR MANAGER, IT ASSURANCE SERVICES

How Breaches Really Happen

TECHLAW AUSTRALIA. Update on cyber security and data protection. Thursday, 22 June Thursday, 22 June

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Business continuity management and cyber resiliency

Cybersecurity Auditing in an Unsecure World

CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL

Privacy & Information Security Protocol: Breach Notification & Mitigation

People risk. Capital risk. Technology risk

ecare Vault, Inc. Privacy Policy

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

PCI Compliance. What is it? Who uses it? Why is it important?

Defense in Depth Security in the Enterprise

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

Credit Card Data Compromise: Incident Response Plan

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

GUIDE. Navigating the General Data Protection Regulation Mini Guide

What is Penetration Testing?

REAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI)

HEALTH CARE AND CYBER SECURITY:

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Turning Risk into Advantage

Payment Card Industry Data Security Standard (PCI DSS) Incident Response Plan

THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155

The Impact of Cybersecurity, Data Privacy and Social Media

Digital Health Cyber Security Centre

Information Security Incident Response Plan

Transcription:

Preparing for a Breach October 14, 2016 Jeremy Gilbert, GCFE, GASF, EnCE, CPA Manager, DHG Forensics forensics 1

Agenda Medical data breaches Why? Types? Frequency? Impact of a data breach How to prepare for a breach Streamline the breach response effort Not if, when 2

There are two kinds of big companies in the United States. There are those who ve been hacked [ ] and those who don t know they ve been hacked [ ] -James Comey, FBI Director October 5, 2014 60 Minutes interview Speaking about China 3

2013 Breaches by Industry Business Education Healthcare 42.5% Government Financial Healthcare http://www.idtheftcenter.org/itrc-surveys-studies/2013-data-breaches.html 4

Why do criminals want health info? Common prices for ID information: Credit card account - $4 to $13 Date of birth - $11 Health Insurance Credentials - $20 US Fullz - $30 Bank account with $75,000 - less than $300 Source: Dell SecureWorks 5

Attacks on health care providers typically not terribly well protected from a network-security standpoint, even given the regulations and the data at stake are the next big breach wave that's coming. -Brian Krebs, March/April 2015 Fraud Magazine 6

Recent Large Breaches 7

Recent medical data breaches 8

https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf 9

Breach Type Frequency, 2013 Insider Theft Hacking Data on the Move Accidental Exposure Subcontractor Employee Negligence Physical Theft Other http://www.idtheftcenter.org/itrc-surveys-studies/2013-data-breaches.html 13

Statistics 1.5 million monitored cyber attacks in the United States in 2013 12% year-to-year increase in security events Average Cost = $3.5 million http://www-935.ibm.com/services/us/en/it-services/security-services/data-breach/index.html http://www.ponemon.org/blog/ponemon-institute-releases-2014-cost-of-data-breach-global-analysis 14

Data Breach Response What information does a forensic consultant need to conduct an investigation? 15

Incident Responders Initial Steps 1. Information gathering meeting with IR team and management 2. Provide a list of requested reports, logs, and system access 16

Incident Responders Need prompt access to critical systems and information Access and support from IT personnel List of systems with PII or PHI Copy of Incident Management Policy List of Incident Response Team Members and IT personnel 17

Information About the Environment Core business functions and processes Current and complete network diagram Population of servers Location of all critical applications Processing Applications EMR Systems Databases Web server 18

Incident Responders Initial Steps 1. Information gathering meeting with IR team and management 2. Provide a list of requested reports, logs, and system access 3. Begin forensic acquisition of data from suspect systems 19

Forensic Acquisition Proper forensic procedures important Methodology depends on Impact of system downtime Particulars of infection Nature of information on system 20

Incident Responders Initial Steps 1. Information gathering meeting with IR team and management 2. Provide a list of requested reports, logs, and system access 3. Begin forensic acquisition of data from suspect systems 4. Review key logs and reports 21

Security Logs and Reports Firewall logs IDS logs Operating system event logs Core application (database, web server, etc.) logs Antimalware scan logs Antimalware update logs 22

Preparing for a Breach Critical controls that can help expedite an investigation 23

Incident Response Plan Documented Incident Response Plan Management Buy-in Incident Response Team Senior Management IT Legal Public Relations 24

Incident Response Plan (continued) Are IT security controls reviewed? Current reporting requirements (HIPAA, state regulations, etc.)? Vendors & Business Associates Does IT have a thorough process for vetting Business Associate Agreements? Are they prepared? Regularly review and update the plan 25

IR Plan - Triage Procedures Critical to Document: What is the suspicious activity? Who identified the suspicious activity? What investigative actions have been taken and by whom? Exactly when did the actions take place and by whom? Why were those actions performed? Who handled the evidence? Where is the evidence stored? 26

Critical Control - Logging LOGGING, LOGGING, LOGGING! Does IT know what is being logged? Does IT periodically review logs or have an alerting system? Sufficient log retention - attacks may last for months or years Can IT quickly gather logs in the event of investigation? Log aggregation 27

Additional Controls Perimeter defense Strong access controls Intrusion detection/prevention Antimalware Physical security Spam filtering Encryption 28

Security Awareness Information Security Awareness Develop a Security Awareness Program Culture of awareness Clear, consistent training Regular updates of current threats Social Engineering Testing 29

Fusion: Real Future, episode 8

Engaging an Incident Response Consultant Beyond typical IT consultants Different skill set Have a trusted partner before you need one Be open, honest, and responsive 31

To Summarize Data breaches are costly You have data thieves want Not if but when mentality Preparation can reduce Investigation cost Regulatory fines and penalties Brand damage 32

@DHG_Cyber Jeremy Gilbert, GCFE, GASF, EnCE, CPA Manager, DHG Jeremy.Gilbert@dhgllp.com 843-722-6443 33

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback