data security in healthcare
TRANSCRIPT
Enterprise Security Solutions by
Data SecurityFOR THE HEALTHCARE INDUSTRY
Enterprise Security Solutions by
INTRODUCTION
Technology has touched every aspect of ourlives, be it using Google Maps to get to a newplace or getting on a quick Skype call with afamily physician.
And amidst all the benefits that technologyhas delivered, lies our personally identifiableinformation (PII). While we have started tobecome cognizant about data security, stillmost of our information remains vulnerableto cybercriminals.
And one such information ishealthcare data and records.
2
Enterprise Security Solutions by
HEALTHCARE INFORMATION IS IN HIGH DEMAND BY CYBERCRIMINALS.THE REASON IS OBVIOUS.
These records include:- Home addresses- Phone number- Email IDs- Insurance details- Medical history- Driver license details- Emergency contacts- Credit/debit card information, etc.
ONCE CAPTURED, THIS DATA CAN BE USED TO LAUNCH SPEAR PHISHING SCAMS, IDENTITY THEFT, & SOCIAL ENGINEERING FRAUDS.
3
Enterprise Security Solutions by
Cyberattacks on healthcare industry have increased by 125%since 2010.
100 million healthcare records were compromised in 2015.
In 2015, healthcare was the number one target for hackers.
According to Bloomberg Business, criminal acts against healthcare industry have increased more than two times in the past five years.
DATA BREACHES ARE COSTING THE HEALTHCARE INDUSTRY
$6 BILLION ANNUALLY.
The loss mainly includesFINES, PENALTIES, LAWSUITS, and DATA RECOVERY COSTS.
88% of all ransomware is detected in the healthcare industry.
Sources:- www.solutionary.com- Ponemon Institute- IBM- PwC
The estimated cost of a major healthcare breach is $200 per-patientrecord
2015 has been dubbed as “THE YEAR OF THE HEALTHCARE HACK”.
4
Enterprise Security Solutions by
TOP 5
HEALTHCARE
SECURITY THREATSIN
5
Enterprise Security Solutions by
#1
Sources:PhishMe
RANSOMWAREA malicious program that locks an infected computer or encrypts data stored in it, and then demands a ransom to unlock the system or decrypt the data.
93%of phishingemails contain ransomware. The Ponemon Institute
Unplanned downtime caused by ransomware at healthcare organizations may cost an average of $7,900 a minute, per incident.
“
6
Enterprise Security Solutions by
#2INSIDERSAn insider threat could be a current or a formeremployee who is responsible for a security breach in an organization.
While most of these threats are malicious, some of them are unintentional.
INSIDER THREATS ARE RESPONSIBLE FOR 90% OF SECURITY INCIDENTS.
Sources:Verizon 2015 Data Breach Investigations Report
Malicious
Unintentional
33%
67%- Co-worker- Disgruntled employee- Unauthorized physician access
- Lost/stolen device- Bad security hygiene- Misuse of systems
7
Enterprise Security Solutions by
#3HEALTH INFORMATION IS WORTH 10 TIMES AS MUCH AS CREDIT CARDS, ON THE ONLINE BLACK MARKET.
Sources:Verizon 2015 Data Breach Investigations Report
ADVANCEDPERSISTENTTHREATS (APT)A malicious campaign where the attacker breaches a network, stays there, and keeps gathering intelligence about the target. Such campaigns sometimes can go undetected for months or years.
Federal Bureau of Investigation
“Likelihood of an APT Attack.
Study conducted by ISACA on respondents from 17 industries in 2015 (including Healthcare) | http://www.isaca.org
52%
22%
1%
25%
Likely
Very likelyNot very likely
Not at all likely
8
Enterprise Security Solutions by
#4
Sources:Bitglasst
MOBILEDEVICESHealthcare providers are increasingly using mobile devices for services such as submitting patient data, submitting bills, scheduling appointments, exchanging diagnosis details, etc. This means, tons of patient data get accessed everyday.
LOST/STOLEN MOBILE DEVICE ARE ONE OF THE LEADING CAUSES OF HEALTHCARE DATA BREACH.Office for Civil Rights (OCR)
68%of healthcare security breaches were due to lost/stolen mobile devices.
9
Enterprise Security Solutions by
EMPLOYEE
While cyberattacks are the leading cause of data breaches in healthcare, negligent employees have a major role to play in several security incidents that occur.
NEGLIGENCE
Responding to phishing emailsUsing infected USB
drives
Clicking on malicious ads
#5
TCS Healthcare Technologies
COMMON EMPLOYEE MISTAKES THAT CAUSE DATA BREACHES
Visitinginfected websites
91%of data breachesstart with a phishing attack.
“10
Enterprise Security Solutions by
Helps mitigate all such security threats in healthcare with its range ofDynamic, Scalable, and Future Ready solutions:
SEQRITE Endpoint Security
SEQRITE Unified Threat Management Solution (TERMINATOR)
SEQRITE Mobile Device Management
SEQRITE Data Loss Prevention
11
Enterprise Security Solutions by
Endpoint Security FEATURES
PATCH MANAGEMENTEnables IT administrators to check and install missing security patches for Microsoft applications installed on enterprise endpoints from a centrally managed console.
WEB SECURITYAutomatically blocks websites infected with malware or designed for phishing attacks.
APPLICATION CONTROLCategories of applications can be authorized or unauthorized from being executed within the network.
DATA BACKUP AND RESTORE TOOLAutomatically and periodically (multiple times a day), takes a backup of all important and well-known file formats like PDF and Microsoft Office files that are present on a computer.
RISKS MITIGATED
RANSOMWARE ATTACKS
INSIDER THREATS
CORE PROTECTION (IDS/IPS & FIREWALL)IDS/IPS blocks threats that exploit software vulnerabilities and Firewall thwarts malicious attempts to access the corporate network.
BEHAVIOR DETECTIONDetects and blocks unknown viruses and malware in real-time.
INFECTED WEBSITES
PHISHING ATTACKSINFECTED EXTERNAL DEVICES
SECURITY VULNERABILITIES
12
Enterprise Security Solutions by
Data Loss Prevention
ADVANCED DEVICE CONTROL- Configure access policies for more than 25 device types.- Blocks unverified devices.- Prevents autorun infections.
ENHANCED PRIVACY PROTECTION & COMPLIANCE- Identifies Office documents based on their origin.- Prevents data leakage propagated by worms, Trojans,
and other malware threats.- Issues regular notifications to reinforce user behavior on
data security.
LOWER COMPLEXITY & COST OF DEPLOYMENT- Easy integration with existing Seqrite EPS.- Defines DLP security polices and reports across multiple
endpoints in scattered locations.- Centralized management and monitoring of crucial business
data.
CONTENT AWARE PROTECTION- Monitors all actions on confidential files.- Instantly notifies admins about unauthorized data leakage.- Ensures that no confidential data leaves the organization.
- Targeted Attacks- Human Error- Bluetooth
- USB Drives- Web Email- Cloud Storage
DATA LEAKAGE caused by:
RISKS MITIGATED
FEATURES
13
Enterprise Security Solutions by
TERMINATOR
GATEWAY ANTIVIRUSScans all incoming and outgoing network traffic at the gateway level. Augments existing virus solutions by reducing the window of vulnerability (WoV).
FIREWALLAdmins can permit or block access for traffic between internal and external networks based on enterprise compliance policies.
VIRTUAL PRIVATE NETWORKProvides IT administrators with a means for secure communications between the company's remote users and for building site-to-site connections.
IDS / IPSScrutinizes network traffic in real-time and prevents a broad range of DoS and DDoS attacks before they penetrate the network.
DoS & DDoS ATTACKS
INTERNET DOWNTIME
GATEWAY MAIL PROTECTIONScans incoming/outgoing emails or attachments at the gateway level to block spam and phishing emails before they enter the network.
CONTENT FILTERINGAllows blocking of non-business related websites including streaming media sites, downloads, instant messaging, etc., in order to reduce unnecessary load on enterprise bandwidth.
MALICIOUS INTERNET TRAFFIC
MALICIOUS EMAILSMAN-in-the-MIDDLE ATTACKS
ADVANCED PERSISTENT THREATS
FEATURES
RISKS MITIGATED
14
Enterprise Security Solutions by
MDM
APPLICATION CONTROLApps can be remotely managed/ installed/ blocked in order to maintain policy compliance and productivity within the network.
VIRTUAL FENCINGPreset virtual boundaries that restrict device usage and functionality. These boundaries can be triggered by geolocation-based, time-based or Wi-Fi network-based data.
UNIFIED MANAGEMENT CONSOLEManage and synchronize all connected devices through a centralized graphical interface.
NETWORK DATA MONITORINGAdmins can view details of Internet data used over mobile networks or Wi-Fi. They can also monitor all incoming and outgoing calls and SMSs on enterprise mobile devices.
DATA THEFT FROM LOST/ STOLEN MOBILE PHONES
ANTI-THEFTPrevents misuse of lost/stolen mobile phones by remotely tracking and locking them. Also prevents data breach by remotely erasing the phone’s data.
INTERNET THREATS
JAILBREAKING/ ROOTING OF MOBILE DEVICES
MALICIOUS MOBILE APPS
SECURITY MANAGEMENTFeatures such as browsing protection, web filtering, anti-theft, and geolocation tracking ensure the safety of enterprise devices.
MOBILE MALWARE
BAD SECURITY HYGIENE
FEATURES
RISKS MITIGATED
15
Enterprise Security Solutions by
THANK YOU
Protecting your business from today’s attacks and tomorrow’s threats.
16
Enterprise Security Solutions by
THANK YOUTHANK YOU
17