healthcares losing battle against the hyper-connected machines
TRANSCRIPT
![Page 1: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/1.jpg)
The Leader in Active Cyber Defense
CONFIDENTIAL DO NOT DISTRIBUTE
Healthcare’s Losing Battle Against
the Hyper-Connected Machines
Kurt Hagerman CISO
MARCH 1, 2016
Dr. Chase
Cunningham
Director of Cyber Threat
Research
![Page 2: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/2.jpg)
CONFIDENTIAL DO NOT DISTRIBUTE | BETWEEN YOU AND THE THREAT
Your Armor Presenters
2
Dr. Chase Cunningham
• Former Cryptologist for the
National Security Agency
• U.S. Navy (Chief Ret.)
• PhD in Cybersecurity
• TRU Team Founder
• Co-Author of The Cynja
Director of Cyber Threat
Research & Innovation
Kurt Hagerman
• CISA- and CISSP-certified
• Frequent speaker and
author on security for the
payments industry,
healthcare industry and
cloud security
• 25-year veteran in IT,
security, consulting and
auditing
Chief Information
Security Officer
![Page 3: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/3.jpg)
Is IOT Leaving Hospitals Vulnerable
to the Cruelest Attack Vectors?
3
![Page 4: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/4.jpg)
CONFIDENTIAL DO NOT DISTRIBUTE | BETWEEN YOU AND THE THREAT
Inside the Healthcare Threat Landscape
4
![Page 5: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/5.jpg)
Security Gaps Affect Real Patients
5
![Page 6: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/6.jpg)
6
Ender’s Game© 2013 Lionsgate Films
![Page 7: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/7.jpg)
CONFIDENTIAL DO NOT DISTRIBUTE | BETWEEN YOU AND THE THREAT
SCOTT ERVEN
Associate Director
Protiviti
It’s going to come to
a breaking point
sooner or later.
7
During the 2016
Kaspersky Lab Security
Analyst Summit in Spain
“
“
![Page 8: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/8.jpg)
CONFIDENTIAL DO NOT DISTRIBUTE | BETWEEN YOU AND THE THREAT
Healthcare Threats
8
“Thousands of
medical devices
are vulnerable to
hacking, security
researchers say”
Devices Innovation Treatment
Healthcare is “10 to
15 years” behind
the retail sector
when it comes to
security.
Systems for cardiology,
infusion and MRIs all
showed more than 30
vulnerabilities per device.
This will soon have a
direct impact on
treatment and patient
care. — Threatpost | February 2016— PCWorld | September 2015 — Threatpost | February 2016
![Page 9: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/9.jpg)
The Threat Actor Methodology
9
![Page 10: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/10.jpg)
CONFIDENTIAL DO NOT DISTRIBUTE | BETWEEN YOU AND THE THREAT
What Threat Actors Target in Healthcare
10
“Securing Hospitals: A Research Study & Blueprint”
— Independent Security Evaluators, February 23, 2016
Patient Assets Hospital Assets
Patient Health
Patient Records
Service Availability
Community Confidence
Research / IP
Business Advantages
Hospital Finances
Hospital Reputation
Physician Reputation
$
![Page 11: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/11.jpg)
CONFIDENTIAL DO NOT DISTRIBUTE | BETWEEN YOU AND THE THREAT
How Threat Actors Select
11
“Securing Hospitals: A Research Study & Blueprint”
— Independent Security Evaluators, February 23, 2016
How do threat actors choose their attacks?
It’s a simple business proposition.
If the cost and reward are the same,
choose the lower risk attack.
If the risk and reward are the
same, choose the lower cost
attack.
<Cost + Risk Reward = Do It
![Page 12: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/12.jpg)
CONFIDENTIAL DO NOT DISTRIBUTE | BETWEEN YOU AND THE THREAT
Why The Formula Matters
12
As healthcare
becomes more
connected,
more devices
are available.
As more attack
vectors are
added, it drives
down the
operating cost for
threat actors.
As more devices
are connected,
there’s more
opportunity for
compromise.
As the cost goes down
and the value of
healthcare data
increases, more and
more attacks will
occur.
21 3 4
![Page 13: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/13.jpg)
Why Can’t We Do Better?
13
![Page 14: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/14.jpg)
CONFIDENTIAL DO NOT DISTRIBUTE | BETWEEN YOU AND THE THREAT
Defending the Healthcare Landscape
14
• Don’t Understand My Data Landscape
• Poor Authentication
• Weak Role-Based Controls
• Stubborn End-User Adoption
• Compliance Isn’t Prescriptive
Objectives Challenges
• Protect ePHI Data
• Build Secure Infrastructure
• Secure Medical End Points
• Enable Seamless Processes
• Make Security Easy for End-Users
(e.g., doctors, nurses, administrators)
![Page 15: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/15.jpg)
CONFIDENTIAL DO NOT DISTRIBUTE | BETWEEN YOU AND THE THREAT
It’s Just ’Ones & Zeroes’
15
Only so many ways to secure data
that’s stored, transmitted,
processes or accessed.
Simplify Learn
Understand FollowYou and your organization are
responsible for the data of your
patients, customers and partners.
Take responsibility for securing it.
Get to know your data — where it’s
stored, what it is and who is accessing it.
Learn to do the big things right.
Use other compliance controls — PCI or
NIST — as guideposts. They are more
prescriptive and will help you achieve
compliance and basic security objectives.
![Page 16: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/16.jpg)
Security Must Be Bi-Directional
16
![Page 17: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/17.jpg)
CONFIDENTIAL DO NOT DISTRIBUTE | BETWEEN YOU AND THE THREAT 17
Think Bi-Directionally
![Page 18: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/18.jpg)
‘0000’
18
![Page 19: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/19.jpg)
Segment & Defend
19
![Page 20: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/20.jpg)
CONFIDENTIAL DO NOT DISTRIBUTE | BETWEEN YOU AND THE THREAT
Big Cloud Problems
20
InternetMassive
Healthcare Cloud
![Page 21: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/21.jpg)
CONFIDENTIAL DO NOT DISTRIBUTE | BETWEEN YOU AND THE THREAT
A Micro-Cloud Approach
21
Internet
HSC ICU Rx Imaging
App App App App App App App AppApp App
![Page 22: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/22.jpg)
The Time to Act?
Now.
22
![Page 23: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/23.jpg)
CONFIDENTIAL DO NOT DISTRIBUTE | BETWEEN YOU AND THE THREAT
Remember Three
23
Understand
Your Data
Everything,
Everywhere Is
Connected
Leverage
Clouds the
Correct Way
![Page 24: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/24.jpg)
QUESTIONS?
24
![Page 25: Healthcares Losing Battle Against the Hyper-Connected Machines](https://reader031.vdocuments.net/reader031/viewer/2022030401/58f033001a28ab5c588b4623/html5/thumbnails/25.jpg)
The Leader in Active Cyber Defense
CONFIDENTIAL DO NOT DISTRIBUTE
Thank YouKurt Hagerman | [email protected]| CISO
Dr. Chase Cunningham | chase.cunningham.com| Director of Cyber Threat Research
MARCH 1, 2016