GNYHA & CYBERSECURITYApril 26, 2018

□Cybersecurity concerns expand as industries modernize

□Healthcare sector has gone digital, largely insecurely

□ Greater than 95% EHR utilization exposed to threats emanating

from employees to sophisticated cybercriminals

□ $$ for PHI on the dark web

□ Ransomware most common attack vector

□ Lost revenue and reputational damage for impacted facility

Overview: Cybersecurity in Healthcare 2

3

4

□Attention at Federal level □ Cybersecurity Act of 2015

□ Health Care Industry Cybersecurity (HCIC) Task Force Report

□ CISA 405(d)

□Attention from NYS□ NYS DOH Medicaid increased security to

protect sharing of Medicaid data

□Attention in NYC □ NYC CISO/DA/NYP Cyber Command

Overview: Cybersecurity in Healthcare 5

Graphic from CISA 405(d) draft report

□ Agency Players:

□ Preparedness (ex. DHS, HHS)

□ Response (ex: FBI, NYPD)

□ Recovery (ex: DOH, DHS)

□ Regulatory (ex: CMS/OCR)

Overview: Cybersecurity in Healthcare 6

Graphic from HCIC Task Force Report 2017

□ Interdisciplinary team model:

□ Emergency preparedness

□ Legal

□ Health information technology

□ Regulatory

□ Supply chain

GNYHA & Cybersecurity 7

□Past and Existing Programs & Resources:

□ (Event) GNYHA & NYCDOHMH Emergency Preparedness

Symposia/Cybersecurity: Included CIO of Hollywood

Presbyterian Medical Center discussing ransomware attack

□ (Event) GNYHA & DHS Tabletop Exercise

□ (Resource) Hospital Guide to Cybersecurity

Reporting/Resources

□ (Business Offering) Cybersecurity Targeted Solution Set

GNYHA & Cybersecurity 8

9

□Events & Resources Continued –

□ (Event) Threat Briefing with DHS

□ (Event) Erie County Medical Center shares Lessons

Learned from Cyber Attack

□ (Event) Cyberattack at the Bedside: Live Simulation for

Clinicians

□ (Event) Cybersecurity Webinar with Drs. Halamka and

Baker

GNYHA & Cybersecurity 10

□Upcoming Events and Sharing of Relevant Information

□ (Event) Cybersecurity Tactical Simulation (CTS) with vendor

Sensato

□ (Event) Cybersecurity Insurance Webinar

□ (Member Info) Cybersecurity Bulletin: GNYHA Cyber Team

continues to send relevant cyber alerts and recommendations

GNYHA & Cyber 11

□What are your biggest concerns related to cybersecurity

preparedness and response?

□Who is involved in planning efforts at your facility/system?

□How can GNYHA assist your facility/system in this area?

Conclusion & Suggested Next Steps12

Logan A. Tierney Project Manager, Regulatory and Professional Affairs GREATER NEW YORK HOSPITAL ASSOCIATIONphone: 212.554.7207email: ltierney@gnyha.org