Overview: In a hyperconnected healthcare world, what cyber protections have you put in place that allow your human resource assets to sleep at night? Irrespective of size, cyber security is as much about protecting small practice information network assets as it is about protecting complex information networks in large military hospitals and health systems. While failures are unavoidable, you can keep your network from collapsing in the event of an attack, and we will show you how.
In this session, you will learn from small to large health care organizations who have built a controlled "attack plan" to put protections in place. Plans not only identified the outliers within their organization, but also helped leadership respond promptly, efficiently, and how to remediate the attack.
Learn how your cyber security plan stacks up against other organizations your size. Build a threat actor analysis and an impact analysis to determine the financial, brand reputation, legal and regulatory compliance, people and customer losses. Then, test your organization's capabilities to see how well your organization would recover from a cyber-attack.
We will show you how the National Institute of Standards and Technology (NIST) has created a plan-the NIST Cybersecurity Framework-to address each of the critical elements of a successful cyber security implementation.
Why should you Attend: "Who would want to attack our practice?" Perhaps malware already invaded your networks but lay dormant waiting for intelligence on when and how to attack your practice information assets. Last year, 71 percent of attacks began with "spear phishing," an opportunity to invade even the most well-guarded small business networks, gather intelligence and information by masquerading as a trustworthy entity. Complacent strategies may be an invitation against cyber actors to continue attacking wherever they find a weakness.
While big story attacks once stole headlines, today's ransomware has shifted to commodity prices while increasing various ways to hold your network hostage. For example, is the lifeblood of your practice, designated record sets containing vital patient demographic and medical information, sufficiently backed up to survive a protracted ransomware attack?
Trusting your network security vendor is the first big step to building a cyber security program. Know what internal and external network vendors can do for you and what you should ask for before signing an agreement. Do you maintain an inventory of Internet of Things (IoT) devices where malware can creep in and shut down alarms or notifications you depend on for diagnosis, monitoring, and medical treatment? Better yet, how about 24-hour surveillance on those devices that not only save you dollars, but also keep your organization healthy.
HIPAA Privacy and Security Rules, requiring compliance in 2003 and 2005, respectively, predated the era of the smartphone and mobile data exchange. For years, emphasis was on implementation of the privacy and security standards through compliance audits and investigations related to complaints and breach. Now, in the cybersecurity era, enforcement and private litigation following breach increasingly focuses on whether cyber risks are examined on an ongoing basis and whether practices are actually proactively following their policies and procedures and mitigating risks that they have identified. Now, failure to do so endangers the sustainability of a medical practice as a sustainable business endeavor.
Areas Covered in the Session:
How prepared are you?
What are your business risks you are willing to assume and their possible impact?
Evaluate your cyber resilience (mean time to failure, mean time to recovery)
Adopt a holistic approach to managing "cyber risk"
Complete a Threat-Actor Analysis
Know your threat actors and how you can defend against them?
In this session, you will learn from small to large health care organizations who have built a controlled "attack plan" to put protections in place. Plans not only identified the outliers within their organization, but also helped leadership respond promptly, efficiently, and how to remediate the attack.
Learn how your cyber security plan stacks up against other organizations your size. Build a threat actor analysis and an impact analysis to determine the financial, brand reputation, legal and regulatory compliance, people and customer losses. Then, test your organization's capabilities to see how well your organization would recover from a cyber-attack.
We will show you how the National Institute of Standards and Technology (NIST) has created a plan-the NIST Cybersecurity Framework-to address each of the critical elements of a successful cyber security implementation.
Why should you Attend: "Who would want to attack our practice?" Perhaps malware already invaded your networks but lay dormant waiting for intelligence on when and how to attack your practice information assets. Last year, 71 percent of attacks began with "spear phishing," an opportunity to invade even the most well-guarded small business networks, gather intelligence and information by masquerading as a trustworthy entity. Complacent strategies may be an invitation against cyber actors to continue attacking wherever they find a weakness.
While big story attacks once stole headlines, today's ransomware has shifted to commodity prices while increasing various ways to hold your network hostage. For example, is the lifeblood of your practice, designated record sets containing vital patient demographic and medical information, sufficiently backed up to survive a protracted ransomware attack?
Trusting your network security vendor is the first big step to building a cyber security program. Know what internal and external network vendors can do for you and what you should ask for before signing an agreement. Do you maintain an inventory of Internet of Things (IoT) devices where malware can creep in and shut down alarms or notifications you depend on for diagnosis, monitoring, and medical treatment? Better yet, how about 24-hour surveillance on those devices that not only save you dollars, but also keep your organization healthy.
HIPAA Privacy and Security Rules, requiring compliance in 2003 and 2005, respectively, predated the era of the smartphone and mobile data exchange. For years, emphasis was on implementation of the privacy and security standards through compliance audits and investigations related to complaints and breach. Now, in the cybersecurity era, enforcement and private litigation following breach increasingly focuses on whether cyber risks are examined on an ongoing basis and whether practices are actually proactively following their policies and procedures and mitigating risks that they have identified. Now, failure to do so endangers the sustainability of a medical practice as a sustainable business endeavor.
Areas Covered in the Session:
How prepared are you?
What are your business risks you are willing to assume and their possible impact?
Evaluate your cyber resilience (mean time to failure, mean time to recovery)
Adopt a holistic approach to managing "cyber risk"
Complete a Threat-Actor Analysis
Know your threat actors and how you can defend against them?
Speakers
Carolyn Hartley,
Who Should Attend
- Chief Information Security Officials
- Network Security Consultants
- Office Administrators
- Chief Executive Officers
- Chief Medical Information Officers
- Designated HIPAA Privacy and Security Officials
- Business Associates to whom you Have Entrusted Protected Health Information
