Healthcare directed attacks have increased more than 20% a year for the last three years running.

Medical Devices, Wearables & IoT

2016 Healthcare Privacy & Security Outlook

CynergisTek, Inc. ! 512.402.8550 " info@cynergistek.com

# cynergistek.com $ @CynergisTek

Sources IDC releases top 10 predictions for healthcare and IT is in the driver's seat: http://www.healthcareitnews.com/blog/idc-releases-top-10-predictions-healthcare-it-drivers-seat Experian 2016 Data Breach Industry Forecast: http://www.experian.com/assets/data-breach/white-papers/2016-experian-data-breach-industry-forecast.pdf HIPAA Enforcement Outlook for 2016: http://www.govinfosecurity.com/blogs/hipaa-enforcement-outlook-for-2016-p-2013 These 5 Facts Explain the Threat of Cyber Warfare: http://time.com/3928086/these-5-facts-explain-the-threat-of-cyber-warfare/ 25 CISOs Identify the Biggest Security Challenges as They Enter 2016: http://www.securitycurrent.com/en/ciso_journal/ac_ciso_journal/cisos-identify-the-biggest-security-challenges-as-they-enter-the-new-year HRI's top ten health industry issues of 2016: http://www.pwc.com/us/en/health-industries/top-health-industry-issues/cybersecurity.html 49% of Consumers Prefer Doctors to Use Their Health Apps Data for Care: http://hitconsultant.net/2015/12/16/consumers-prefer-doctorshealth-apps-data/ Telemedicine, data security expected to grow in 2016: http://www.modernhealthcare.com/article/20160101/MAGAZINE/301029933

Learn more about how to protect your organization’s valuable data in 2016: cynergistek.com/security/

Healthcare as a Target

Hacking & External Threats

In 2016, sophisticated attackers will continue to

focus on insurers and large hospital networks where they have the opportunity for the largest payoff. With the move to electronic health records (EHRs) continuing to gain momentum and becoming more widely accessible through mobile applications, the attack surface continues to grow.

– Experian 2016 Data Breach Industry Forecast

%

&

Increased Enforcement

Credit Card SSN Email Account Medical Record

$50.00

$5.00$1.00$1.00

Black Market Value of Personal Data

Montana Public Health 1.3M

Hacking

2009 2012

Horizon BCBS 840K

Laptop Theft

Emory 315K

Lost Backups

Nemours 1.6M

Lost Backups

Advocate Medical 4.03M

Computer Theft

AvMed 1.2M

Stolen Laptops

20112010

BCBS Tennessee 1.02M

Stolen Hard Drives

NYC Health & Hospitals 1.7M

Stolen Backup Tapes

Health Net 1.9M

Lost Hard Drives

TRICARE 4.9M

Lost Backups

Utah Dept. of Health 780K

Hacking

Boston Children’s Hacked by

Anonymous

Community Health 4.5M

Hacking

Premera BCBS 11M

Hacking

Anthem BCBS 80M

Hacking

Westchester Health Hacked by pro-ISIS

group

CareFirst 1.1M

Hacking

2013 20152014

Beacon Health 225K

Hacking

The Evolving Healthcare Threat Landscape: From Lost or Stolen Devices to Hacking

As security breaches become more common and costly, medical device cybersecurity will emerge as a major issue in 2016, requiring

device companies and healthcare providers to take pre-emptive action to maintain trust in medical equipment and to prevent breaches that could cripple the industry.

– PwC’s Health Research Institute Top Ten Health Industry Issues of 2016

%

&

8 million+hospital medications will be tracked

with IoT in 2016.

FDA issues cybersecurity guidance for

medical devices.

FDA recalls Hospira

pumps due to cybersecurity vulnerability.

Multiple variants of a

popular blood pump

hacked.

DHS tested 300 devices

from 40 vendors. ALL

failed.

MedJack hack shows

vulnerability of network from

medical devices.

Successful hacks of an

insulin pump and ICD.

2010 2014 20162013 20152011 2012

' ' '

In 2015, three of the five largest data breaches were in healthcare. This latest evolution in the threat landscape places our industry in

the crosshairs and as a healthcare provider we need to be prepared for an incident.

– Joe Adornetto, CISO, Quest Diagnostics

%&

This push to collect fines and penalties will provide badly needed funds for the agency to

support its goals of expanding a planned program to audit compliance with the HIPAA Privacy, Security and Breach Notification Rules, as well as other enforcement and regulatory activities.

– David Holtzman VP of Compliance, CynergisTek, Inc.

%

&

According to OCR's website, there are more than 6,000 HIPAA Privacy and

Security Rule complaints and compliance reviews being investigated. I expect the agency will announce more high-profile enforcement actions in 2016, and then use any financial penalties collected to fuel beefed-up enforcement.

– David Holtzman VP of Compliance, CynergisTek, Inc.

%

&

of consumers are currently using mobile apps to track their health and wellness.

24%of consumers are currently using wearable sensors.16%

of consumers are currently using electronic personal health records.

29%of consumers would consider using wearables in the near future.

47%

Consumer Mobile Health Statistics

Medical Device Security Timeline

You can look forward to more hacking.

We're not even close to slowing down.

– Mac McMillan CEO, CynergisTek, Inc.

%&

The U.S. Director of National Intelligence ranks cybercrime as the

No. 1 national security threat, ahead of terrorism, espionage and weapons of

mass destruction.

1 out of 3 individuals will have their

healthcare records compromised by

cyberattacks in 2016.

((()*

*

+

,

We’re still putting a Band-Aid on this instead of actually

addressing the problem and fixing the devices.

– Mac McMillan CEO, CynergisTek, Inc.

%&

Barnaby Jack demonstrates

hacking of pacemaker.