The Cyber Threat Landscape and Risk Mitigation Strategies for Hospitals and Nursing HomesJoEllen Frain

Agenda• Understand the who behind cybercrime• Understand what they are after• Understand what role we as individuals and as an organization

play in protecting our data and ourselves from this criminal activity.

3TECHNOLOGYHAS CHANGED US…

CYBER CRIME HAPPENS EVERY DAY …the threat to you and to your organization is real

NATION-STATE Cyberterrorism, hacktivist, IP

SYNDICATED CRIME Access data for sale

INSIDER THREAT Personal Gain

OURSELVES Mixed data, lack of awareness

THE INTERNET OF THINGS …more devices than people

Changing Threat LandscapeThen… Now…

Perimeter defense

Fantasy of 100% compliance with zero-risk

System focusAssume the inside is secure

Defense-in-depth

Transparent information risk management

Data focusMonitor everything

Security control focus Security culture focus

• “There are a couple of highways the attackers like to use. Blocking those slows them down. Attempting to block all possible paths is a fool’s game. “

Source: 2016 Veriozon Report

10

How Do We Get There• Alignment with NIST-CSF (National Institute of Standards and

Technology – Cybersecurity Framework)

https://www.nist.gov/topics/cybersecurity

Device Management• Identify and document all networked devices

• Asset inventory is critical to understand your threat landscape• Medical Devices are often connected but not part of the

inventory• Supply Chain and IT are key to this work

• Stay up to date on software updates• Define accountability and timeframes• Have a process for being informed of and acting upon off cycle

software updates• Hold the vendors accountable

• Use vendors who have demonstrated ability and commitment to updating and securing their product

https://nhisac.org/

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwj014Pgme7NAhXDbiYKHYm4A1oQjRwIBw&url=http://blogs.rsa.com/ransomware-the-new-cyber-kryptonite/&psig=AFQjCNH38ec7wnSeumPIOTdbkjdMEkzSxQ&ust=1468422308936376

Heard it on the News

Ransomware

Ransomware in Healthcare

• Why is healthcare being targeted? • Healthcare information is valuable• Technology lags other industry• Dependency on real-time access to information

Ransomware

• WANNACRY• Microsoft issued a patch for vulnerability

3/14/17• Wannacry is launched 5/12/17 – infects

unpatched Windows systems

Secure the People• The weakest link, most often in cyber security, is the end user• Ensure your staff are equipped to recognize the risk and

respond appropriately

https://securingthehuman.sans.org/resources

Business Case• It is estimated that over 156 million phishing emails are sent

on a daily basis, with 80,000 falling victim*• The sophistication of these types of attacks constantly

evolve and improve, bypassing the technology that is meant to stop it

• Activating the “Human Sensor” is a low cost, but highly effective way to increase your security posture (for prevention, detection and reduction in time to remediation)

*IT ProPortal

• Proactive Phishing began in Sept 2015

• Objectives– Increase good security behaviors among staff– Decrease susceptible email behavior – Encourage users to report all suspicious emails

Proactive Phishing Overview

Proactive Phishing Overview

• Campaigns were inclusive of 65k+ employees/students

• Third party vendor (PhishMe) was the partner for conducting campaigns

• Campaigns were standard campaigns that could be benchmarked against other organizations

• Project included endorsement from various governance groups

Proactive Phishing Overview

• Trending data is available on susceptibility rates, reporter rates and no-action rates.

• Susceptibility Rates = individuals who have fallen victim because they clicked on a link or opened an attachment within the simulated training exercise.

• Reporter Rates = individuals who have identified the simulated training exercise as suspicious, did not click any links or attachments and have reported the email using the Report Phishing button.

• Did Nothing Rates = individuals who have not reported or fallen victim to the simulated training exercise.

Security Awareness Module• Launched February 2016• General Information Security Awareness Module launched to 65,000

• Focused on raising awareness to the threat and highlighted phishing awareness

• 97% completion rate by March 2016

We all have a role to play to protect our information

©2013 MFMER | slide-28

BEHAVIORCHANGE

ONLINE…...it’s always phishing season

Phishing

• Deceitful emails designed to capture personal information from the recipient

• Coax recipient to click on a link, open a document or submit credentials

• It is estimated that 85%-95% of all cyber breach incidents begin with a phishing email

EXAMPLE:

• PhishMe button deployed to all Windows workstations

• Click any time you suspect a phishing attempt

HOW TO REPORT

Outcomes

• First report from end user was 2 minutes after first email arrived, 11 people interacted

• 200 total reporters• Security Operations Center was able to determine the

email was malicious• Immediately blocked the malicious link• Removed remaining emails from end user mailboxes• Identified 11 users who had interacted with the link for

remediation

Business Case

• Decreases the risk of end users interacting with suspicious emails

• Increases the ability for the organization to identify the threat before harm

• Decision on the up front preventative cost vs. the cost of remediation or a breach

• Consistency in the plan and utilize the data to track the risk reduction to the organization

*IT ProPortal

Assess, Plan and Practice• Perform risk assessments to gain an understanding of where

your vulnerabilities are.• Understanding your weak spots help prioritize where to focus

first• Have a plan in place if/when you are the victim of an intrusion

• Understand in-house capabilities vs. where you would need to augment

• Practice the plan• Table top exercises are invaluable in preparation

https://staysafeonline.org/

Questions

38