Healthcare directed attacks have increased more than 20% a year for the last three years running.
Medical Devices, Wearables & IoT
2016 Healthcare Privacy & Security Outlook
CynergisTek, Inc. ! 512.402.8550 " [email protected]
# cynergistek.com $ @CynergisTek
Sources IDC releases top 10 predictions for healthcare and IT is in the driver's seat: http://www.healthcareitnews.com/blog/idc-releases-top-10-predictions-healthcare-it-drivers-seat Experian 2016 Data Breach Industry Forecast: http://www.experian.com/assets/data-breach/white-papers/2016-experian-data-breach-industry-forecast.pdf HIPAA Enforcement Outlook for 2016: http://www.govinfosecurity.com/blogs/hipaa-enforcement-outlook-for-2016-p-2013 These 5 Facts Explain the Threat of Cyber Warfare: http://time.com/3928086/these-5-facts-explain-the-threat-of-cyber-warfare/ 25 CISOs Identify the Biggest Security Challenges as They Enter 2016: http://www.securitycurrent.com/en/ciso_journal/ac_ciso_journal/cisos-identify-the-biggest-security-challenges-as-they-enter-the-new-year HRI's top ten health industry issues of 2016: http://www.pwc.com/us/en/health-industries/top-health-industry-issues/cybersecurity.html 49% of Consumers Prefer Doctors to Use Their Health Apps Data for Care: http://hitconsultant.net/2015/12/16/consumers-prefer-doctorshealth-apps-data/ Telemedicine, data security expected to grow in 2016: http://www.modernhealthcare.com/article/20160101/MAGAZINE/301029933
Learn more about how to protect your organization’s valuable data in 2016: cynergistek.com/security/
Healthcare as a Target
Hacking & External Threats
In 2016, sophisticated attackers will continue to
focus on insurers and large hospital networks where they have the opportunity for the largest payoff. With the move to electronic health records (EHRs) continuing to gain momentum and becoming more widely accessible through mobile applications, the attack surface continues to grow.
– Experian 2016 Data Breach Industry Forecast
%
&
Increased Enforcement
Credit Card SSN Email Account Medical Record
$50.00
$5.00$1.00$1.00
Black Market Value of Personal Data
Montana Public Health 1.3M
Hacking
2009 2012
Horizon BCBS 840K
Laptop Theft
Emory 315K
Lost Backups
Nemours 1.6M
Lost Backups
Advocate Medical 4.03M
Computer Theft
AvMed 1.2M
Stolen Laptops
20112010
BCBS Tennessee 1.02M
Stolen Hard Drives
NYC Health & Hospitals 1.7M
Stolen Backup Tapes
Health Net 1.9M
Lost Hard Drives
TRICARE 4.9M
Lost Backups
Utah Dept. of Health 780K
Hacking
Boston Children’s Hacked by
Anonymous
Community Health 4.5M
Hacking
Premera BCBS 11M
Hacking
Anthem BCBS 80M
Hacking
Westchester Health Hacked by pro-ISIS
group
CareFirst 1.1M
Hacking
2013 20152014
Beacon Health 225K
Hacking
The Evolving Healthcare Threat Landscape: From Lost or Stolen Devices to Hacking
As security breaches become more common and costly, medical device cybersecurity will emerge as a major issue in 2016, requiring
device companies and healthcare providers to take pre-emptive action to maintain trust in medical equipment and to prevent breaches that could cripple the industry.
– PwC’s Health Research Institute Top Ten Health Industry Issues of 2016
%
&
8 million+hospital medications will be tracked
with IoT in 2016.
FDA issues cybersecurity guidance for
medical devices.
FDA recalls Hospira
pumps due to cybersecurity vulnerability.
Multiple variants of a
popular blood pump
hacked.
DHS tested 300 devices
from 40 vendors. ALL
failed.
MedJack hack shows
vulnerability of network from
medical devices.
Successful hacks of an
insulin pump and ICD.
2010 2014 20162013 20152011 2012
' ' '
In 2015, three of the five largest data breaches were in healthcare. This latest evolution in the threat landscape places our industry in
the crosshairs and as a healthcare provider we need to be prepared for an incident.
– Joe Adornetto, CISO, Quest Diagnostics
%&
This push to collect fines and penalties will provide badly needed funds for the agency to
support its goals of expanding a planned program to audit compliance with the HIPAA Privacy, Security and Breach Notification Rules, as well as other enforcement and regulatory activities.
– David Holtzman VP of Compliance, CynergisTek, Inc.
%
&
According to OCR's website, there are more than 6,000 HIPAA Privacy and
Security Rule complaints and compliance reviews being investigated. I expect the agency will announce more high-profile enforcement actions in 2016, and then use any financial penalties collected to fuel beefed-up enforcement.
– David Holtzman VP of Compliance, CynergisTek, Inc.
%
&
of consumers are currently using mobile apps to track their health and wellness.
24%of consumers are currently using wearable sensors.16%
of consumers are currently using electronic personal health records.
29%of consumers would consider using wearables in the near future.
47%
Consumer Mobile Health Statistics
Medical Device Security Timeline
You can look forward to more hacking.
We're not even close to slowing down.
– Mac McMillan CEO, CynergisTek, Inc.
%&
The U.S. Director of National Intelligence ranks cybercrime as the
No. 1 national security threat, ahead of terrorism, espionage and weapons of
mass destruction.
1 out of 3 individuals will have their
healthcare records compromised by
cyberattacks in 2016.
((()*
*
+
,
We’re still putting a Band-Aid on this instead of actually
addressing the problem and fixing the devices.
– Mac McMillan CEO, CynergisTek, Inc.
%&
Barnaby Jack demonstrates
hacking of pacemaker.