Securing and Protecting Patient Data

TCS Cybersecurity for
H lth
Healthcare
Securing and Protecting Patient Data
©2013, TeleCommunication Systems, Inc. (TCS). Proprietary Level 2

State of Cybersecurity and Healthcare
» Nearlyy one in five healthcare

CIOs have had a security
breach within the past 12
months -McKesson
» The number of health data

breaches is growing with the
push to electronic records,
and increasingly thieves are
targeting their attacks
» 94% of health care

organizations
i i have
h had
h d at
least one breach in the
previous two years
2
» Health data is targeted for the value

it holds and the ease with which
hackers can gain access to it.
» While there are still plenty of

breaches occurring due to lost or
stolen laptops, many instances of
data loss or exposure are no
accident – they are a result of
malicious attacks.
94% of health care organizations

have had at least one breach in the
previous two years
3
» Hackers often are more interested in

financial information they can use in
identity theft and other fraud schemes.
» Healthcare data generally goes for $50

per record on the black market and
thieves increasingly will sit on stolen
data for some length of time before
trying to sell or access it. That, he
added, means that organizations need
to implement
l response plans
l that
h
include long-term diligence and
monitoring.
4
» Too manyy organizations

g relyy too heavilyy on technology
gy to
protect their data rather than focusing on how they can
use the technology correctly and training employees to be
better stewards of the data.
» They also need to be vigilant in training business

associates,, who will be subject
j to the same HIPPA
regulations as providers starting in September 2013.
5
» Of the 131 data breaches reported to the CA Attorney General’s

General s
office in 2012, 55% were intentional intrusions by outsiders or
by unauthorized insiders. The other 45% were mostly the result
of failures
o a u es to
o adop
adopt or
o carry
ca y out
ou appropriate
app op a e security
secu y measures.
easu es
» The health care industry had the third most-reported incidents

at 15%
15%.
Breach report by California Attorney General Kamala Harris
6
» Another new potential source of breaches are the statewide

health information exchanges that were funded under the Health
Information Technology for Economic and Clinical Health Act,
because many are short on cash and might not have the means
to protect their data from all targets.
7
TCS Cyber Solutions
TCS is at the forefront of developing and deploying leading technologies, and

on the frontlines of protecting against advanced persistent threats.
We operate in mission critical environments where success is measured in lives

saved, and operational excellence is achieved by reducing downtime to
minutes p
per year.
y Our cyber
y solutions group
g p leverages
g these capabilities
p to
provide elite cyber protection for your
most critical assets.
8
TCS Cyber Solutions: ESP
TCS created Enterprise Security and Protection

(ESP) as an integrated, end-to-end suite of scalable
security applications and services to safeguard
corporate
co po a e networks
e o s from o risk.
s
Our approach is based on:
» 10 years supporting DoD
» 25 years experience supporting industry
» The 20 Critical Security Controls
9
TCS Cyber Solutions: ESP
10
ESP Assessment
Tailored security analysis based on corporate presence,

presence
posture and risk:
» Information Security
» Physical Security
» Network Security
» Wireless Security
» Regulatory Compliance
» User Policy
» Map of Vulnerabilities
11
ESP Validation
Examines the ability of a system to endure deliberate

malicious attempts Assessment Description
to compromise security Open Source  Gather all publicly available information on the customer
 Organization structure
 Subsidiaries
 Clients/partners
» Open Source Evaluation 


Network blocks
Personnel

Network Discovery
Social networking
»  Blogs

» Penetration Tests et o sco e y
Network Discovery

Identify publicly available hosts (Internet Protocols [IPs])
yp y (
Identify available ports on identified hosts
[ ])
 Identify application versions on ports
» “White Box” Testing  Identify security mechanisms and locations
Penetration Testing  Identify vulnerabilities in identified applications
 Attempt exploitation of vulnerabilities
 Social engineering
 Targeted phishing
 Structured Query Language (SQL) injection
 Cross‐‐Site Scripting (XSS)
Cross
 Upon successful exploitation, establish covert presence on
vulnerable
vulnerable host
host
12
ESP Validation
Deliverables
» Open Source Report
» Network Reconnaissance
R
Reportt
» Exploitation Report
» Impact Report
» Recommendations Deliverable
Deliverable Contents
Open Source Report Open source view of corporation;
(Appendix A) preliminary network map.
Network Discovered IPs, operating systems,
Reconnaissance
Reconnaissance installed applications, security devices.
installed applications, security devices.
Report (Appendix B)
Exploitation Report Captured IPs; established presence in
(Appendix C) network; significant accesses acquired.
Impact Report Information retrieved through access.
(Appendix D)
Final Assessment
Final Assessment All previous information as well as
All previous information as well as
Report recommended actions to further
secure network.
13
ESP Training
Cyber security training suite for IT security personnel

» Offensive mindset to security training
» Hands-on, practical application focused
» Training where and when you need it
» Modular in design
Subjects include
S
» Security it A T i i
Awareness Training
» Penetration Testing
» Intrusion Detection
» Reverse Engineering
» Information Assurance
» Forensics
» Custom Client Courses
14
Thank you!
Christina Wiegand
410-280-4931
cwiegand@telecomsys.com
www.telecomsys.com
275 West Street

Annapolis, MD 21401

Securing and Protecting Patient Data - TCS PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Securing and Protecting Patient Data - TCS PDF

Uploaded by

Copyright:

Available Formats

TCS Cybersecurity for

©2013, TeleCommunication Systems, Inc. (TCS). Proprietary Level 2

» Nearlyy one in five healthcare

» The number of health data

» 94% of health care

» Health data is targeted for the value

» While there are still plenty of

94% of health care organizations

» Hackers often are more interested in

» Healthcare data generally goes for $50

» Too manyy organizations

» They also need to be vigilant in training business

» Of the 131 data breaches reported to the CA Attorney General’s

» The health care industry had the third most-reported incidents

» Another new potential source of breaches are the statewide

TCS is at the forefront of developing and deploying leading technologies, and

We operate in mission critical environments where success is measured in lives

TCS created Enterprise Security and Protection

Tailored security analysis based on corporate presence,

Examines the ability of a system to endure deliberate

» Open Source Evaluation 

Cyber security training suite for IT security personnel

275 West Street

©2013, TeleCommunication Systems, Inc. (TCS). Proprietary Level 2

You might also like