mihin cyber-security panel agenda
DESCRIPTION
TRANSCRIPT
MICHIGAN HEALTH INFORMATION NETWORK
Cyber Security Panel Discussion – June 20, 2012
CYBER SECU
RITY PAN
EL AGEN
DA
2
Cyber Security Panel Discussion
Agenda
1. Setting the stage – by the numbers
2. Opening remarks
3. Panel challenges
4. Audience questions
WHO STILL THIN
KS FAX AND M
AIL ARE SECURE O
R RELIABLE? Why are security and identity protection important in HIT?
3
A 1915 LETTER, SENT JU
ST TO A NAM
E IN A MI CITY…
. Simple data-based identities
4
HAVE YO
U EVER USED SO
MEO
NE ELSE’S TICKET?
Single Authentication
5
BU
T WHEN IT LO
CKS ME O
UT, IT REALLY LO
CKS ME O
UT…
Two-factor/Dual/Mutual/Multiple Authentication
6
YOU ARE U
NIQ
UELY THE PERSO
N YOU W
ERE BORN AS…
. Biometric Identification
7
EXCITING TO SO
ME, VERY, VERY DISTU
RBING TO O
THERS….
Physical Alteration Identification
8
BREACHES AN
D ID THEFT CAN UTTERLY DESTRO
Y LIVES….
What can be the results of a breach?
9
WHAT IS THE TO
TAL CO
ST OF B
REACH? What does a breach cost these days?
• Learning of breach (patient, 3rd party, internal investigation, news) • Repairing breach ($17 million total for BCBS-TN)
• Cost of investigation (people, time, equipment; external investigators; forensics; legal discovery)
• Notifications (those potentially affected, L/S/F authorities) • Remediation
• Ongoing prevention (monitoring, upgrades, training, audits, assessments) – cost to prevent vs. risk/cost of exploitation
• Cyber liability insurance (tens of thousands $/year) • Fines & settlement ($1.5 million for HITECH breaches, AG settlements) • Class action claims ($1,000 per patient in California) • Legal fees (pay even if you “win”) • Balance Sheet and Income Statement
• Intangible/loss of market goodwill ($ M’s) • Loss of customers/revenues ($ ???’s)
• Impact on patients • Loss of trust • Human cost - permanent effects upon lives and livelihoods
10
AN
D HERE THEY ARE: OU
R SECURITY PAN
ELISTS Opening Remarks – the Panelists
• Gina Bianco-Perez: President, Advances In Management • Peter Alterman: Senior Advisor to NIH CIO for Strategic
Initiatives • Ross Roberts – Information Assurance PM (IAPM) and HIPAA
Security Officer for the U.S. Army Medical Command (MEDCOM) and Office of The Surgeon General
• Mick Talley – SEMHIE Director, Treasurer, and Program Manager for SSA E-Disability E-Filing contract
• Randy Frank – Internet2 Sr Dir. New Business Development
11
DURIN
G THIS PART WE CAN
DISAGREE!
Challenge 1: What is the worst aspect of a security breach? Challenge 2: What do you think are the three single most important issues in IT security today? Challenge 3: What emerging trends do you see in IT security that keep you awake at night? Challenge 4: Standards, standards everywhere. But HOW? Challenge 5: Testing before production? In health care? Challenge 6: What are the business models for security in HIT?
12
Panel Challenges – 10-15 minutes
DU
RING THIS PART W
E HAVE TO BE NICE TO EACH O
THER Audience Questions – 10-15 minutes
Rules: 1. If your initials are called, please be prepared to clarify your
question for the panel 2. If you disagree with the panel’s response to your question
or want to add to their response you may have one minute for rebuttal after the panelists answer your question
3. Please be nice until the break!
13
WE SIN
CERELY APPRECIATE YOU
R TIME AN
D ATTENTIO
N CLOSING and THANK YOU
Security: It is no laughing matter, but we hope you had fun and learned something today
If you have additional comments or suggestions, please email them to
For positive comments about this panel session, please email my boss, Tim Pletcher, [email protected]
For complaints about this panel, please email
Thank you for your time and attention! Jeff Livesay, [email protected]
14