Some basic overview about cyber crime @ health industry and 10 cyber security technology controls advises from IT Security system integrator's point of view.

1. Cybercrime vs.
Healthcare
Andris Soroka
2015, WOHIT,
Riga
Riga, Latvia

2. “Data Security Solutions” business cardWhat We Do?
DSS
ICT
Security
Provider
Advisory,
Consulting,
Installation,
Support
Most
Innovative
Portfolio in
Baltics
Member–
ships,
Awareness
Rising
Technology
&
Knowledge
Transfer
ICT
Security
Evangelists
Endpoints
Applications
Networks
Data
Identity
Mobility
Management
Cloud

3. DSS Global Partnerships

4. DSS Delivering Excellent ICT Security Operatitions to
its Customers
Customer ICT
Security
Operations
Excellence
Cooperation with
Industry Top
Technology
Leaders
Recognised by
Gartner, IDC,
Forester
Top level ICT
Security
Professionals
Selected
Cutting Edge
ICT Security
Innovative
Technology
Integration
Pan-
Baltic
Projects
Particular
Focus on
Security

5. Our international cyber security conference
In 2015 included in
World Summit of
Information Society
Prize candidates.
Online voting is ON.
C5 – building the
Confidence in
Security in the
use of ICT.

6. FIRST PART
Digital world of today and health industry
Cybercrime and health organizations
Why industries loose against cybercrime
SECOND PART
10 most important controls to stay safe
Conclusion and Q&A
Agenda (Two acts drama)

7. Trends of the digital future

8. mHealth, including drone drugs delivery
Artificial Intelligence (IBM Watson)
GIS systems (112 or 911)
eHealth in general
Cloud, Mobility, Applications, Self
Service, Telemedicine, BIG data etc. –
whole scosystem of connected
organizations, health pro’s and patients
Digital technolgy advantages

9. The health industry ecosystem
Patients /
Consumers
Healthcare Providers
Integrated Delivery Networks, Large
University Medical Centers, Independent
Community Hospitals, Physician Private
Practices
Public Health
Pandemic readiness
Vaccine inventory &
distribution
Sanitation & public safety
Government Agencies
Regulatory & Research Agencies,
FDA, WHO, DHHSS, CDC, NIH, Health
Ministries
Patient Education
Healthy Lifestyles
Health Clubs
Health & Wellness Programs
Transaction Services
Claims Processing
Banks / Health Savings
Health Plans / Payers
Private – BCBS plans, large national plans,
mid-sized regional plans
Government / National Plans, Medicare
Medicaid
Pharmacies
Pharmacy Benefit
Management
Retail ClinicsSolution Providers
IT Infrastructure and Service Providers,
Application Providers
Medical Devices
Imaging
Archiving & Retention
Drug Developers
Large Pharma, Integrated Biotech,
Research Biotech

10. Cybercrime & health industry

11. Cybercrime & health industry

12. Economics of cybercrime @health
EHR worths in black market 20x more than credit card data
record, however by adding full profile of victim one profile could
cost on average more than 500USD per record..
Health incidents are at least twice harder to detect so valid
much longer time than financial fraud
One database record could be sold up to 8 or more different
criminal groups (blackmail, insurance fraud, identity and
financial fraud, medicine sales, competition and so on)
Just use imagination what could happen to Your medical data...

13. Countermeasures against cybercrime
HIPAA (Anno 1996)
Identifies security process
Identifies inventory
Identifies roles and responsibilities
Sets requirements for training and cyber
security awareness raising
Gives advises for incident management
Sets physical access, identity controls
etc.
ISO 31XXX, ISO 27XXX, many country local,
international (like ENISA’s within EU), regional,
industry regulations, compliances, policies
etc.

15. Security myth #2 – old security works well

16. Sophisticated attacks of today’s cybercrime
Targeted professional attacks
Massive Denials of Services
Watering hole attacks
Advanced persistent threats
Mobile incidents
Cyber wars
Hacktivists
Global virus outbreaks
Complex and very expensive
Insane data leakages
Identity thefts
Cyber espionage
And so on...

17. Summary before 2nd part
Cybercrime is real deal, everyone is affected and
it is next door if haven’t been knocking at Yours
already yet
All traditional securities invented in 80’s and 90’s
aren’t any more efficient, as well all compliances,
regulas and security standards without innovative
technologies and investment in cyber security
always remain one step behind bad guys
World is short on enough smart good guys that
know both – business and IT security – and can
translate IT into business language and manage the
risks with elegance

18. How we can help
Analyze and detect risks
Fulfill audit
Build security action plan
Train the employees
Pass compliance regulations
Save from data leakage
Protect critical assets
Get rid of passwords
Consult Your IT professionals
Protect from attacks
Help creating RFP docs
Be Your IT Security Advisor!
Business value of «Data Security Solutions»

19. Thank You
Merci
Grazie
Gracias
Obrigado
Danke
Japanese
English
French
Russian
GermanItalian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
Korean

20. FIRST PART
Digital world of today and health industry
Cybercrime and health organizations
Why industries loose against cybercrime
SECOND PART
10 most important controls to stay safe
Conclusion and Q&A
Agenda (drama in two acts)

21. World of digital in health

22. Some definitions before we go on
All legitimate entities should experience correct access to
services and facilities.
Availability:
Accountability for all service invocations and for all
network management activities; any entity should be
responsible for any actions initiated.
Accountability:
Protection of stored and transferred information.Integrity:
Confidentiality of stored and transferred information.Confidentiality:

23. DSS top10 cyber security controls

24. 10th place – Traditional security
You cannot forget about traditional minimum
requirements of security in your infrastructure
because bad guys always choose easiest ways
and fastest ROI
Some global level data leakage incidents
happened because of.. turned of firewall by
accident
You will still be able to handle most of threats
except of course targeted and sophisticated ones

25. 9th place – Inventory and audit everything
You need as much as possible visibility
(hardware based, sofware based, any) of your
employees, visitors, devices, applications, data
bases and network perimeter to be able to
protect it or control it accordingly
You need to save and keep all audit data for
basic analysis and possible investigations later,
as well for data integrity reasons (something like
basic log management, could be done without
big investments as there are plenty of tools all
around available, open source etc.)

26. 8th place – Continuity and incident response
Business continuity and incident response
plan helps to restore back systems with
least possible losses and also helps find out
who was guilty...
In many cases this part could bring
business and IT together as both can use
their imagination to find different theme
scenarios aka «what could go wrong», and if
both parties find it funny and interesting
enough that could lead to some higher in
our top activities..

27. 7th place – Infrastructure security
Centralization, real time visibility and
management of any and every endpoint,
network, mobile and any other elements
regarding patch & configuration
management, application & device
management, vulnerability management and
so on.
Every unpatched or wrongly configured
system can be at risk of targeted or
accidental cyber security attack or incident.
And not even talking about such important
thing as critical infrastructure..

28. 6th place – Identity and Access Mgmt.
Least priviledge principle and priviledged
user management, authentication,
authorization, audit of sessions, any higher
security level implementation and control
such as one-time-passwords, smartcards,
biometrics, physical security linking to
logical security, identity control, fraud or
anomaly prevention/detection and many
much more.
Like seen in movies – identity and access
means a lot in data theft, sabottage etc., as
unauthorized access anyhow ends bad...

29. 5th place – Defenses against attacks
There are advanced persistent threat attacks, there are web
based vulnerability attacks, network based volume and mixed,
complex attacks. There are attacks on endpoint, on servers, on
security encryption certificates, on different protocols and
applications, on mobile devices, on DNS servers, online services
or wi-fi access points and so on.
Practically every attack should be detected and stoped on time.
But that could be done in different levels (f.i. ISP) and with
different tools.

30. 4th place – Mobile security
Expansion of mobile devices changes
security and IT in general.
Mobile phones with their millions of apps
are at biggest risk today.
BYOD is biggest challenge for IT and
Security when You need to be productive but
need also comply with security
requirements.
You need to have not just MDM or MAM or
MCM, but EMM or so called Enterprise
Mobility Management to do safe business.

31. 3rd place – Data Security
EU personal data protection legislation
changes might have some big changes.
Classification of most critical information
assets is very important. And this could be
done on endpoint, on servers, within data
transfers and by number of different
methods.
Here we speak about Database Firewalls,
Data Governance and Data Risk
management tools, Data Forensics tools,
Data Loss and Data Leak Prevention
technologies and so on.

32. 2nd place – Security Operations Center
Integrated, modular, innovative. Just
like IBM Qradar platform with all those
integrated connections to different Data,
Identity, Network or Endpoint Security
solutions, strengthened by integrated
Risk Management, Network Incident
Forensics, Intelligent Vulnerability
Management, Log, flow collectors and
central Security Intelligence console and
platform.
Without SOC there is no bright future
for organizations even starting SMB’s.

33. 1st place – Security training (human factor)

35. Suspected
Incidents
Prioritized Incidents
Servers and mainframes
Data activity
Network and virtual activity
Application activity
Configuration information
Security devices
Users and identities
Vulnerabilities and threats
Global threat intelligence
Extensive Data Sources
Automated
Offense
Identification
•Massive data reduction
•Automated data collection,
asset discovery and profiling
•Automated, real-time,
and integrated analytics
•Activity baselining
and anomaly detection
•Out-of-the box rules
and templates
Embedded
Intelligence
Security intelligence for automated offense detection

36. Prevent. Detect. Respond.

37. Business part
Business processes analysis from tech perspective
Assessment and management of cyber security risks
Related technological part
Inventory of devices and software
Secure configuration of everything (end-users, devices)
Vulnerability assessment and management
Malware defenses, application security, pen tests
Wifi security
Mobile security
Data security
Continuos skills training and learning
Access control and visibility
Audit, monitoring, analysis, incident response and more
Business & technology must come together

38. How we can help
Analyze and detect risks
Fulfill audit
Build security action plan
Train the employees
Pass compliance regulations
Save from data leakage
Protect critical assets
Get rid of passwords
Consult Your professionals
Protect from attacks
Help creating RFP docs
Be Your IT Security Advisor!
Business value of «Data Security Solutions»

39. Balancing costs and risk – floods happen..

40. Contact UsAndris Soroka
andris@dss.lv
Mob. +371 29162784
Riga, Latvia
www.dss.lv
LinkedIn: http://lv.linkedin.com/in/andsor
Twitter: @andris_soroka / @dss_it_security
Facebook: http://www.facebook.com/lvdss
Youtube: http://ow.ly/FAfEN
SlideShare: http://www.slideshare.net/andsor

41. Thank You
Merci
Grazie
Gracias
Obrigado
Danke
Japanese
English
French
Russian
GermanItalian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
Korean

42. Think Security First