Upload
efax-corporate
View
364
Download
3
Tags:
Embed Size (px)
Citation preview
World Leader in Digital Faxing 1
IN PARTNERSHIP WITH:
World Leader in Digital Faxing 2
Meet the Speakers
Michael FlavinSr. Product Marketing Managerj2 Cloud Services
Michael PearsonChief Information Security ConsultantHealth Security Solutions
World Leader in Digital Faxing 3
Michael FlavinSr. Product Marketing Managerj2 Cloud Services
Michael PearsonCISSP
World Leader in Digital Faxing 4
Cyber Hacking in Healthcare: Snapshot
HHS Office for Civil Rights
1,199 incidents41.5 million individuals
FBI warnings to industry: “The FBI has observed malicious actors targeting healthcare related systems…for the purpose of obtaining Protected Healthcare Information (PHI)”
Top 5 Health Data Breaches in
2014
7.4 million individuals
affected
Data BreachesYear to date
90+ million individuals
affected
Huge change in scope
1,800%! increase from
2008-2013
World Leader in Digital Faxing 5
Sources of a Breach
ORGANIZED
CRIMINAL
WELL-MEANING
INSIDER
MALICIOUS
INSIDER
World Leader in Digital Faxing 6
Stages of a Breach
CAPTURE
Access data on unprotected systems
Install root kits to capture
network data
3
DISCOVERY
Map organization’s systems
Automatically find confidential data
2
INCURSION
Attacker breaks in via targeted
malware, improper credentials or SQL
injection
1
EXFILTRATION
Confidential data sent to hacker team in the
clear, wrapped in encrypted packets or in zipped files with passwords
4
World Leader in Digital Faxing 7
Six Best Practices for Securing ePHI Using the SANS Security Model and HIPAA Compliance
• SANS Security Model provides a good framework for protecting, storing and transmitting ePHI – focus on security!
• HIPAA Compliance does NOT equal a plan secure PHI
• IT Executives must balance security, data protection and training with conduct of regular business
World Leader in Digital Faxing 8
SANS Security Model
Defensive Wall 1: Proactive Software Assurance
Application Security Skills Assessment & Certification
World Leader in Digital Faxing 9
SANS Security Model
Defensive Wall 2: Blocking Attacks: Network Based
IDS/IPS, FW, MSS
World Leader in Digital Faxing 10
SANS Security Model
Defensive Wall 3: Blocking Attacks: Host Based
Endpoint Security, NAC
World Leader in Digital Faxing 11
SANS Security Model
Defensive Wall 4: Eliminating Security Vulnerabilities
Vulnerability Management, Patch Management, Penetration testing.
World Leader in Digital Faxing 12
SANS Security Model
Defensive Wall 5: Safely Supporting Authorized Users
Encryption, VPN, DLP
World Leader in Digital Faxing 13
SANS Security Model
Defensive Wall 6: Tools to Manage Security and Maximize Effectiveness
Log Management, SIEM, Training, Forensics
World Leader in Digital Faxing 14
Firewalls Are Not Enough
NIDS Monitoring
NIDS Monitoring - Botnet C&C Detection
NIDS Monitoring - Watchlist Detection
NIDS Monitoring
NIDS Monitoring - Botnet C&C Detection
NIDS Monitoring - Watchlist Detection
Firewall Logs Associated with IDS Alerts
NIDS Monitoring
NIDS Monitoring - Botnet C&C Detection
NIDS Monitoring - Watchlist Detection
Firewall Logs Associated with IDS Alerts
Firewall Logs - Scan Detection
Firewall Logs - Botnet C&C Detection
Firewall Logs - Backdoor Detection
Firewall Logs - Anomaly Detection
Firewall Logs - Watchlist Detection
NIDS Monitoring
NIDS Monitoring - Botnet C&C Detection
NIDS Monitoring - Watchlist Detection
Firewall Logs Associated with IDS Alerts
Firewall Logs - Scan Detection
Firewall Logs - Botnet C&C Detection
Firewall Logs - Backdoor Detection
Firewall Logs - Anomaly Detection
Firewall Logs - Watchlist Detection
HIDS Alerts
OS / Application / Database Logs
Endpoint Protection Alerts
Average: NIDS Monitoring
~32%
Good: NIDS Monitoring +
Core Firewall Monitoring
~50%
Better: NIDS Monitoring +
Firewall Advanced Analysis
~80%
Best: NIDS Monitoring +
Firewall Advanced Analysis +
HIDS + LMS + MEP
Approaching 100%
World Leader in Digital Faxing 15
What are the Threats? Technology Impacting.
Security Architecture – Firewalls, Anti-Virus
Unpatched Client Side Software and Applications
Advanced Malware and Ransomware
Accessing Malicious Website
World Leader in Digital Faxing 16
What are the Threats? Technology Impacting.
Poor Configuration Management
Cloud Computing/Storage
Unencrypted ePHI and Removable Media
Mobile Devices, aka BYOD
Botnets
Phishing
World Leader in Digital Faxing 17
What are the Threats? Business Impacting.
Marketplace Reputation and Customer Loyalty
Liability
o Legal costso Credit assistance for customerso Training, call center triageo Fraudulent chargeso Stock price, earnings, etc.o IT Resources
World Leader in Digital Faxing 18
Most Common Pitfalls
Risk Assessment
Lack of Accurate Data Inventory/Controlso Audit logs (critical for compliance and root cause)
Humanso “Accidents happen”o Social Engineering and o Security Awareness Training
World Leader in Digital Faxing 19
Most Common Pitfalls
Missing Policies and Procedures
Incident Response Team and Plan & Audit Trail
World Leader in Digital Faxing 20
Most Common Pitfalls
Password Security (may overlap with 3rd Party vendors)
o 40% have a password from the top 100
o 79% have a password from the top 500
o 91% have a password from the top 1000
World Leader in Digital Faxing 21
Why do Compliance Mandates get More Complicated?
Compliance ≠ Security
Compliance is the output of post-mortem
– Some organization did not secure their data, and now everyone
else must deploy solutions, software, policies, and guidelines
Compliance will always be a step behind the latest threat
World Leader in Digital Faxing 22
Faxing in Healthcare Today - Trends
Faxing is still a widely used, especially in highly regulated
industries such as healthcare, finance, legal (1)
Trend is toward cloud faxing from on premise faxing
Cloud faxing offers a secure, reliable way to send ePHI and
to covered entities or business associates, enhancing
HIPAA Compliance
World Leader in Digital Faxing 23
Email, Secure Browser, Mobile App & eFax
Messenger User Interfaces
TLS Encrypted in Transit
Hosted Fax ServiceEncrypted Fax Storage
via eFax Secure (optional)
PSTNTelco Service
Inbound/Outbound Faxes
The world’s #1 online fax company – and the industry’s most experienced hosted fax service
The most widely deployed online fax service for the Fortune 500
Trusted by more major healthcare, legal, financial and other highly-regulated firms than any other online fax provider to transmit sensitive documents
World Leader in Digital Faxing 24
Product Spotlight: eFax Secure™
Secure: TLS-encrypted transmission and storage of ePHI data to enhance security and HIPAA compliance – encryption at rest and motion
Reduce costs – eliminate cost of physical fax servers, phone lines, and enhance compliance with routing to specific user’s email
Improve your overall communications with our highly redundant network delivering 99.5% uptime SLAs and unparalleled transmission security
Tier III or IV colocations for servers with high redundancy and failover capabilities
World Leader in Digital Faxing 25
Helpful Links
SANS Security Model
DHS HIPAA Security 101 for Covered Entities
DHS HIPAA Security: Physical Safeguards
enterprise.eFax.com
Recorded slides of this presentation
Whitepaper: “Is Cloud-based Faxing Right for You?”
World Leader in Digital Faxing 26
Q&A
Visit us at enterprise.eFax.com
Visit us at HIMSS Booth #7756
Email:
Michael Flavin: [email protected]
Mike Pearson: [email protected]
World Leader in Digital Faxing 27
Thank You