1
Cybersecurity: Emerging Threats to Hospitals
June 9, 2016
CHA Webinar
Welcome
Mary BarkerCalifornia Hospital Association
2
4
Cheri Hummel is CHA’s vice president of emergency management and facilities. In this role, Cheri is the liaison to numerous state and federal agencies with regard to hospital emergency management and facility issues, including the California Department of Public Health, Office of Emergency Services, California Emergency Medical Services Authority, Office of Statewide Health Planning and Development, and other entities.
Prior to CHA, Ms. Hummel worked for the California Emergency Medical Services Authority in the Disaster Medical Services Division and was instrumental in launching the first national effort to revise the Hospital Incident Command System.
CHA Staff
3
5
Lois Richardson, Esq., is CHA’s vice president of privacy, and legal publications and education. Ms. Richardson is CHA’s issue specialist for all matters relating to the privacy of protected health information and she is responsible for the development of legal publications. She is the author of CHA’s California Health Information Privacy Manual, which addresses state and federal laws regarding the use and disclosure of health informationincluding HIPAA, HITECH and breach laws.
Lois also authored CHA’s popular Consent Manual, the most comprehensive resource available on patient consent for medical treatment and related health care laws.
CHA Staff
6
Steve Giles is chief information officer for Hollywood Presbyterian Medical Center, where he focuses on enhancing the hospital’s information systems to improve patient care delivery and overall business operations. He has more than 30 years of health care information technology experience and has served in a number of executive positions throughout his extensive career. Mr. Giles is a member of several professional associations, including ACHE, HIMSS and HFMA, and often serves as a guest lecturer at the University of Southern California’s Graduate School of Public Health.
Faculty
4
Cybersecurity: Emerging Threats
to HospitalsJune 9, 2016
Hollywood Presbyterian
• 434 licensed beds
• Operating at 250-275 beds
• 37,000 ER visits per year
• 4th largest baby manufacturer in LA
• Safety net general hospital
• Multi-ethnic patient/provider population
8
5
The Event
• Feb. 5 – Evening all systems inaccessible
• Feb. 6 – 3 a.m. internal disaster declared – most Microsoft technology locked up – CryptoWall, RSA-2048 encryption code
• Feb. 6 – Extortion demand appeared
• Feb. 6 – LAPD and FBI notified
• Feb. 6 – Bitcoin education started
9
The Event (cont.)
• Feb. 7 – Made first extortion payment, $9k
• Feb. 8 – Made second payment, $8k
• Feb. 8 – CDPH, insurance notified
• Feb. 8 – Privacy attorney and Kroll engaged
• Feb. 9 – Received 900+ decrypting codes – 1 unique code per each unique device
• Feb. 9 – Initiated testing decrypting codes
10
6
System Impact
• HIS/EMR completely down
• ERP applications completely down
• Back-up and antivirus servers down
• Patient medical records were inaccessible
• Laboratory, radiology, med cabinets were operational
• Neither PHI nor PII were accessed
11
Hospital Impact
• Déjà vu, it was 1970 all over again
• Downtime procedures – return to paper
• Missing medical records and eMAR information
• Physicians were more happy than not
• Internal communications improved
• More time spent with patients
12
7
Hospital Impact (cont.)
• Detailed review by CDPH
• Detailed review by CMS
• Detailed review by CA Board of Pharmacy
• The press did not validate anything
• None fully understood nor appreciated the magnitude of the ransomware attack
• Patient care was NOT compromised
13
Recovery
• Feb. 10 – Time clocks first – payroll week
• Feb. 14 – HIS registration went live
• Feb. 15 – Entire HIS/EMR came back online. Hospital was operational with the exception of a few applications
• File servers/exchange remained down until March 1
14
8
Lessons Learned – The Good
• In a crisis, people really do care for the patient
• All parties worked very well together
• Industry help was offered repeatedly
• HPMC’s IS team fully committed
• HPMC benefitted from practicing outages
• Patient care does not need to suffer
15
Lessons Learned – The Bad
• Government agencies need a better understanding and appreciation for the magnitude of this type of situation and the victim
• The news media would be well served to do a better job researching its stories
• The health care industry needs to take this risk very seriously
16
9
Lessons Learned – The Ugly
• Health care and other industries are in for constant and significant risk mitigation
• It’s NOT a matter of IF one is attacked, BUT WHEN
• Security expenditures in health care need to be a high priority
• Health care organizations need to re-evaluate their back-up strategies
17
Lessons Learned - General
• To minimize regulator interruption, ensure you are in compliance
• Determine the essentials needed to deliver patient care when ALL systems are down and maintain it separately
• Train, test and train again all staff who have access to the system to avoid malware
18
10
In Conclusion
• Prepare for the worst, it can happen and probably will
• Make network security a priority – be alert, this is NOT going away
• Work with regulators to develop greater sensitivity to this type of disaster
• Remove bitcoin as a payment option
• You can survive this, be prepared!!!19
Thank You
Steve GilesChief Information OfficerHollywood Presbyterian Medical Center
20
11
21
Tom Osborne is assistant special agent in charge for the Federal Bureau of Investigation’s (FBI) National Security Branch. In this role, he oversees international and domestic terrorism programs, as well as counterintelligence and cyber programs. A 20-year veteran, Mr. Osborne previously worked with the FBI’s Computer Crimes Squad and the Sacramento Division’s Cyber Crimes Program, and served as Unit Chief of the Counterterrorism Internet Target Unit, where he led a team that managed investigations targeting terrorists’ use of the Internet.
Faculty
California Hospital Association A Cyber Crime and Cyber Security Discussion
June 9, 201622
12
FBI Sacramento
Assistant Special Agent in Charge
Tom Osborne
National Security Branch
Assistant Special Agent in Charge
Tom Osborne
National Security Branch
Objectives
FBI cyber program/strategy
Understanding risk
Threat trends
Current cyber events
Common attack techniques and vectors
National security intrusions
Cyber security
Community outreach/Infragard
This presentation contains neither recommendations nor conclusions of the FBI.
FBI cyber program/strategy
Understanding risk
Threat trends
Current cyber events
Common attack techniques and vectors
National security intrusions
Cyber security
Community outreach/Infragard
This presentation contains neither recommendations nor conclusions of the FBI. 24
13
FBI Priorities
1. Protect the United States from terrorist attack
2. Protect the United States against foreign intelligence operations and espionage
3. Protect the United States against cyber-based attacks and high-technology crimes
4. Combat public corruption at all levels
5. Protect civil rights
6. Combat transnational/national criminal organizations and enterprises
7. Combat major white-collar crime
8. Combat significant violent crime
9. Support federal, state, local and international partners
10. Upgrade technology to successfully perform the FBI's mission
1. Protect the United States from terrorist attack
2. Protect the United States against foreign intelligence operations and espionage
3. Protect the United States against cyber-based attacks and high-technology crimes
4. Combat public corruption at all levels
5. Protect civil rights
6. Combat transnational/national criminal organizations and enterprises
7. Combat major white-collar crime
8. Combat significant violent crime
9. Support federal, state, local and international partners
10. Upgrade technology to successfully perform the FBI's mission
25
On Cybersecurity
“America's economic prosperity in the 21st century will depend on cybersecurity …”
-President Barack Obama, May 29, 2009
“The United States faces real [cybersecurity] threats from criminals, terrorists, spies and malicious cyber actors. The playground is a very dangerous place right now.”
-FBI Director James Comey, February 2014, RSA Conference
26
14
The Cyber Environment Never Stops … Accelerating, Evolving and Expanding
1995:16 million Internet users
27
The Cyber Environment Never Stops … Accelerating, Evolving and Expanding (cont.)
2001:458 million Internet users
28
15
The Cyber Environment Never Stops … Accelerating, Evolving and Expanding (cont.)
2015:3.1 billion Internet users
China 668 m/US 266* *statista.com 29
Cyber CriminalMethods and Tools
• Types of attacks:– Social engineering
– Phishing
– Malware
– Ransomware
– Spyware
– Denial of service (DDOS)
– Blended
• Types of attacks:– Social engineering
– Phishing
– Malware
– Ransomware
– Spyware
– Denial of service (DDOS)
– Blended
16
Social Engineering
• Obtaining information by manipulating legitimate users
• Talking people out of information via– Email
– IM
– Telephone
– Face to face
• Obtaining information by manipulating legitimate users
• Talking people out of information via– Email
– IM
– Telephone
– Face to face
31
Phishing
• Attempt to fraudulently acquire sensitive information
– Personal identifying information, prescription information
• Electronic communication masquerading as:
– A trustworthy person
– An official-looking business
• Can also be phone/voice phishing –“vishing”
• Attempt to fraudulently acquire sensitive information
– Personal identifying information, prescription information
• Electronic communication masquerading as:
– A trustworthy person
– An official-looking business
• Can also be phone/voice phishing –“vishing”
17
Threats More Complex as Attackers Proliferate
Password GuessingSelf-Replicating Code
Password CrackingExploiting Known Vulnerabilities
Disabling Audits
Hijacking Sessions
Sweepers
Sniffers
Distributed Attack Tools
Denial of Service
GUIPacket Spoofing
Network Management Diagnostics
Automated Probes/ScansWWW Attacks
“Stealth”/AdvancedScanning Techniques
1980 1985 1990 1995 2000 2005 2010
Intr
ud
er K
no
wle
dg
e
High
Low
Attackers
Back Doors
ZombiesBOTS
MorphingMalicious Code
Att
ack
So
ph
isti
cati
on Era of Modern
Information Technology
Era of Legacy Process Control
Technology
Threat Trends
Lipson, H. F., Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues, Special Report CMS/SEI-2002-SR-009,
November 2002, page 10.
33
Who are the Adversaries?
SECRET//NOFORN
Threat Level 1
• Inexperienced
• Limited funding
• Opportunistic behavior
• Target known vulnerabilities
• Use viruses, worms, rudimentary trojans, bots
• In it for thrills, bragging rights
• Easily detected
Threat Level 2
• Higher-order skills
• Well-financed
• Target known vulnerabilities
• Use viruses, worms, trojans, bots to introduce more sophisticated tools
• Target and exploit valuable data
• Detectable, but hard to attribute
Threat Level 3
• Very sophisticated tradecraft
• Foreign Intel Agencies
• Very well financed
• Target technology as well as info
• Use wide range of tradecraft
• Establish covert presence on sensitive networks
• Undetectable?
Sophistication Expertise Funding Patience Target Value
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO34
18
What Are They After?
• Data:– Intellectual property
– Financial/Identity information
– Communications content
• Resources:– Communications functions
– Bandwidth
– CPU cycles
• Conducting business:– Day-to-day operations
– Disaster/Emergency response
• Data:– Intellectual property
– Financial/Identity information
– Communications content
• Resources:– Communications functions
– Bandwidth
– CPU cycles
• Conducting business:– Day-to-day operations
– Disaster/Emergency response35
UNCLASSIFIED
36
19
Hacktivists Intrusions
• Scope – limited to “socially relevant” issues
– Political activism
• Targets – private sector and government entities
• Subjects – anonymity is key (Anonymous)
– Ferguson and unrest associated with officer-involved shootings
– Hawthorn PD
• Motivation
• Scope – limited to “socially relevant” issues
– Political activism
• Targets – private sector and government entities
• Subjects – anonymity is key (Anonymous)
– Ferguson and unrest associated with officer-involved shootings
– Hawthorn PD
• Motivation37
Criminal Intrusions
• Scope - widespread• Targets – individuals,
financial sector, internet-based businesses with PII and other data
• Subjects – individuals and criminal enterprises located throughout the globe (emphasis on U.S. and Europe/Asia)
• Motivation
• Scope - widespread• Targets – individuals,
financial sector, internet-based businesses with PII and other data
• Subjects – individuals and criminal enterprises located throughout the globe (emphasis on U.S. and Europe/Asia)
• Motivation
38
20
Ransomware
39
Ransomware (cont.)
• Infection VectorsEmail compromise via phishing emails to end users (malware attached) or hyperlink to website hosting an exploit kit
• Disaster Recovery Plans! What is the difference? What is your risk – an earthquake, fire, CNA, insider threat???
• Prevention Considerations-Focus on prevention, business continuity and remediation-Awareness/Training-Patch O/S, software, firmware-Antivirus, anti-malware updates-Privileged accounts – managed them “least privilege”
-Implement software restriction policies
40
21
Ransomware (cont.)• Business Continuity Considerations
– Back up your data securely and verify its integrity
– Backups should not be connected to the computers and networks they are backing up
– Cloud, offsite? Persistent synchronization could be an issue
• Other Considerations– Implement application white listing
– Use virtualization environments to execute O/S or specific programs
– Categorize data based upon value to you
– Implement physical/logical separation of networks and data for different org. units. Example: sensitive R&D should not reside on same server or network as organization’s email environment
• The Ransom– FBI does not advocate paying a ransom
– Ultimately your decision
• Payment– Virtual Wallet
– Bitcoin
• Business Continuity Considerations– Back up your data securely and verify its integrity
– Backups should not be connected to the computers and networks they are backing up
– Cloud, offsite? Persistent synchronization could be an issue
• Other Considerations– Implement application white listing
– Use virtualization environments to execute O/S or specific programs
– Categorize data based upon value to you
– Implement physical/logical separation of networks and data for different org. units. Example: sensitive R&D should not reside on same server or network as organization’s email environment
• The Ransom– FBI does not advocate paying a ransom
– Ultimately your decision
• Payment– Virtual Wallet
– Bitcoin 41
State-Sponsored Intrusions
22
State-Sponsored Intrusions (cont.)
• Scope - APT• Targets – DoD
contractors, technology companies, Supervisory Control and Data Acquisition (SCADA) systems
• Subjects – “usual suspects”
• Motivation
• Scope - APT• Targets – DoD
contractors, technology companies, Supervisory Control and Data Acquisition (SCADA) systems
• Subjects – “usual suspects”
• Motivation
43
Intrusion Phases(Advanced Persistent Threat)
Infiltration
• Reconnaissance
• Infection
Persistence
• Escalate privileges
• Install utilities
• Enumerate the network
• Establish backdoors
Exfiltration
• Harvest data
• Exfiltration
• Conceal activity
Intrusion Phases
UNCLASSIFIED//FOR OFFICIAL USE ONLY
UNCLASSIFIED//FOR OFFICIAL USE ONLY 44
23
ECONOMIC ESPIONAGEEvery year, billions of dollars are lost to foreign and domestic competitors who deliberately target economic intelligence in U.S. industries and technologies. Through cyber intrusions, these intruders search for intellectual property, prototypes and company trade secrets to gain an illegitimate advantage in the market.
Every year, billions of dollars are lost to foreign and domestic competitors who deliberately target economic intelligence in U.S. industries and technologies. Through cyber intrusions, these intruders search for intellectual property, prototypes and company trade secrets to gain an illegitimate advantage in the market.
UNCLASSIFIED
UNCLASSIFIED 45
9/25/2015
46
24
Terrorism (motivated) Intrusions
• Scope – limited to threats and website defacements – also chat rooms leading to radicalization
• Targets – media-worthy targets, social media platforms
• Subjects – terrorist sympathizers
• Motivation – recruit, show support
• Scope – limited to threats and website defacements – also chat rooms leading to radicalization
• Targets – media-worthy targets, social media platforms
• Subjects – terrorist sympathizers
• Motivation – recruit, show support
47
STATE-SPONSORED DISRUPTIONS/WAR
Several nations are aggressively working to develop cyber warfare doctrine, programs and capabilities. Cyber warfare enables a single entity to have a significant and serious impact by disrupting the supply, communications and economic infrastructures that support military power – impacts that could affect the lives of citizens across the country.
Several nations are aggressively working to develop cyber warfare doctrine, programs and capabilities. Cyber warfare enables a single entity to have a significant and serious impact by disrupting the supply, communications and economic infrastructures that support military power – impacts that could affect the lives of citizens across the country.
UNCLASSIFIED
UNCLASSIFIED 48
25
Individuals
Nation-States
Hacktivist Groups
Organized Crime Syndicates
InfrastructureIndustry Law Enforcement & Government
Nation StatesIndividuals
UNCLASSIFIED
UNCLASSIFIED
49
What Can You Do?
• Step 1 – Understand the threat and your RISK to that threat
• Step 2 – Understand your Vulnerability
• Step 3 – Understand what the Consequences of your actions or inactions will cost you
• Step 1 – Understand the threat and your RISK to that threat
• Step 2 – Understand your Vulnerability
• Step 3 – Understand what the Consequences of your actions or inactions will cost you
50
26
Risk
51
Risk = Threat x Vulnerability x Consequence• Threat: Any person, circumstance or event
with the potential to cause loss or damage• Vulnerability: Any weakness that can be
exploited by an adversary or through accident
• Consequence: The amount of loss or damage that can be expected from a successful attack
The Risk EquationThe Risk Equation
NIPP 1.7.1
52
27
Vulnerability
• Network vulnerability comes from inadequate oversight by System Admins, defects in the information systems and vendors that fail to disclose the defects
• Health information systems, as an example, are as critical as banking systems; however banking systems have elaborate security measures sitting on top of them
• Network vulnerability comes from inadequate oversight by System Admins, defects in the information systems and vendors that fail to disclose the defects
• Health information systems, as an example, are as critical as banking systems; however banking systems have elaborate security measures sitting on top of them
53
2016 Verizon Data Breach Report
54
28
2016 Verizon Data Breach Report (cont.)
• Highlights/Lowlights:– 89% of all attacks were financially or espionage
motivated
– Known vulnerabilities exploited
– 63% of breaches involved weak, default or stolen passwords
– 16% increase in ransomware
– Basic net-defenses sorely lacking in many organizations
• Highlights/Lowlights:– 89% of all attacks were financially or espionage
motivated
– Known vulnerabilities exploited
– 63% of breaches involved weak, default or stolen passwords
– 16% increase in ransomware
– Basic net-defenses sorely lacking in many organizations
Pre-Breach/Attack Advice
• Plan, Plan and oh yeah, DEVELOP A PLAN
• Engage with information security professionals
• Develop relationship with federal law enforcement
• Ensures internal policies are documented and up-to-date
– Ensure management buy-in at highest level possible
– Train your employees!• Identify CIRT members• Conduct BCP and DRP
training (TTX)• Threat and vulnerability
assessments/testing– Engage a third party if
necessary
• Plan, Plan and oh yeah, DEVELOP A PLAN
• Engage with information security professionals
• Develop relationship with federal law enforcement
• Ensures internal policies are documented and up-to-date
– Ensure management buy-in at highest level possible
– Train your employees!• Identify CIRT members• Conduct BCP and DRP
training (TTX)• Threat and vulnerability
assessments/testing– Engage a third party if
necessary
56
29
Pre-Breach/Attack Advice (cont.)
• Use an antivirus/malware solution
• Use the protections offered by the vendors
• Two-factor authentication (something you know + something you have)
• Ensure your operating system and applications are kept up-to-date (updates/patches)
• Triage your email – do not respond to or click on links in unsolicited emails from suspicious sources
• Use complex passwords – practice good password management
• Engage in a backup process to ensure ability to recover lost data
• Use an antivirus/malware solution
• Use the protections offered by the vendors
• Two-factor authentication (something you know + something you have)
• Ensure your operating system and applications are kept up-to-date (updates/patches)
• Triage your email – do not respond to or click on links in unsolicited emails from suspicious sources
• Use complex passwords – practice good password management
• Engage in a backup process to ensure ability to recover lost data
57
Cyber Security -Mobile Devices
• Threats– Mobile malware– Unsecured wireless networks (avoid them)
• Mobile Device (Smartphone) Security Tips:– Set your phone to lock, or time out, after a certain
period of inactivity and require a password to unlock the phone
– Check for updates to the smartphone operating system
– If phone is lost or stolen, have the capability to remotely wipe your phone
– Backup your data– Avoid unencrypted public wireless networks– Watch your apps
• Threats– Mobile malware– Unsecured wireless networks (avoid them)
• Mobile Device (Smartphone) Security Tips:– Set your phone to lock, or time out, after a certain
period of inactivity and require a password to unlock the phone
– Check for updates to the smartphone operating system
– If phone is lost or stolen, have the capability to remotely wipe your phone
– Backup your data– Avoid unencrypted public wireless networks– Watch your apps
58
30
Pre-Breach Advice (cont.)
• National Institute of Standards and Technology (NIST)– Provides guidance on a myriad of topics:
• Applying Risk Management Principles to Security(800-37)
• BCP (800-34)
• International Organization of Standardization (ISO)– 27000 Series addresses information security principles in
detail
• National Institute of Standards and Technology (NIST)– Provides guidance on a myriad of topics:
• Applying Risk Management Principles to Security(800-37)
• BCP (800-34)
• International Organization of Standardization (ISO)– 27000 Series addresses information security principles in
detail
59
Incident Handling
• Preparation
• Identification– Reporting???
• Containment
• Eradication
• Recovery
• LESSONS LEARNED
• Preparation
• Identification– Reporting???
• Containment
• Eradication
• Recovery
• LESSONS LEARNED
60
31
How the FBI Combats Cyber Threats
61
FBI’s Mitigation Strategy
• Proactive Operations
• Prioritization & Prediction of highestthreat areas
• Partnerships with private sector, intelligence community, and domestic and international
law enforcement
• Proactive Operations
• Prioritization & Prediction of highestthreat areas
• Partnerships with private sector, intelligence community, and domestic and international
law enforcement
62
32
NCIJTF Members
63
UNCLASSIFIED//FOUO
64
33
Partnerships
“No one country, company, or agency can stop cyber crime … We must start at the source; we must find those responsible. And the only way
to do that is by standing together.”
Robert Mueller III,
Former FBI Director
UNCLASSIFIED
UNCLASSIFIED
65
34
@FBISacramento
Questions?
Tom OsborneAssistant Special Agent in Charge
FBI Sacramento
https://tips.fbi.gov1-800-CALL-FBI
68
Deron McElroy is the Department of Homeland Security’s (DHS) Cyber Security Advisor for California, Nevada, Arizona, Hawaii and the Pacific Territories, where he is focused on building partnerships to enhance our nation’s cyber resilience. Mr. McElroy helps organizations navigate and access the Critical Infrastructure Cyber Community (C³) Voluntary Program and NIST Cybersecurity Framework. He previously served as Senior Strategist for the DHS Office of Cybersecurity and Communications, leading the creation and development of the nation’s cyber incident response policy, playing a key role in the stand-up of the National Cybersecurity and Communications Integration Center, and participating in information sharing policy development.
Faculty
35
Office of Cybersecurity & Communications
June 2016
Deron McElroy | [email protected] | 415-484-9222
National Security & Emergency Communications
Secure dot-gov Assist in Protectingdot-com
Assist in Securing Critical Infrastructure Common Operational Picture for Cyberspace
Coordinate Cyber and Communications Incident Response
DHS Cybersecurity Roles Include:
70
36
Cybersecurity Across Critical Infrastructure
71
Cybersecurity: Some Key Questions
• How do you determine if your cybersecurity efforts are going well?
• Do people communicate about the current state of cybersecurity in your organization?
• Where do you get cybersecurity information?
• Is your workforce trained and aware?
• Have you planned for cyber incident management and exercised that plan?
72
37
SophisticationRequired of Threat Actors is Declining
Sophisticationof Available Tools
is Growing
1983 2016
73
Services for Security and Resilience Operational Assistance National Cybersecurity and
Communications Integration Center (NCCIC)
Incident Response Remote and On-Site
Assistance
Malware Analysis
Incident Response Teams
Industrial Control Systems Experts
Information Sharing Products, Programs and
Best Practices
Resilience and Planning Assessments Cyber Resilience Review
Cyber Infrastructure Survey Tool
Cyber Security Evaluation Tool
Design Architecture Review
Penetration Tests and Vulnerability Scans
Advisory Services Cyber Security Advisors
Planning Guides
Exercises
Training and Awareness Resources
74
38
• Download tools and access resources• Work to increase your cyber resilience• Better manage cybersecurity as part of an
all-hazards approach to enterprise risk management
• Adopt the NIST Cybersecurity Framework and measure your progress through the Cyber Resilience Review (CRR)
C3 Voluntary Program
75
www.hsdl.org/?abstract&did=789781
DHS Cyber Tabletop Exercise
76
39
us-cert.gov/ccubedvp77
The Link to Emergency Preparedness and Concluding Comments
Cheri Hummel
California Hospital Association
40
79
The Link to Emergency Preparedness
Cyber threats are real – always evolving
Network security is a priority
All-hazards approach to enterprise risk management
Educate and train staff
Determine how continuity of operations will be provided and patient care will be delivered
The Link to Emergency Preparedness (cont.)
Exercise plans and downtime procedures
Response – incident management team Activate HICS as appropriate
Information sharing
Utilize available resources and services
80
41
CHA Emergency Preparedness Website
www.calhospitalprepare.org 81
CHA Quick Reference Tool
82
Hospital Cybersecurity Planning Quick Reference Tool
A helpful tool providing information and resources for health care organizations, tools to assist with gap analysis and state support systems, a mitigation checklist, and suggestions for where to report attacks, as well as share information.
The tool can be found at:
www.calhospitalprepare.org/cha-tools www.calhospital.org/cybersecurity-participant-info
42
Questions
Online questions:Type your question in the Q & A box, hit enter
Phone questions:To ask a question, hit *1
HASC Comprehensive Cyber Liability Program
Available to all California hospitals and medical groups
Broad insurance coverage, including primary and excess
Risk mitigation and consultation Employee awareness/training (e.g., phishing)
Shunning services
Vulnerability testing
Threat assessment
Legal review
Breach notification team includes legal, forensic investigation, public relations
Contact: Shauna Day at (213) 538-0772 or [email protected]
84
43
CHA Disaster Planning Conference
85
CHA Disaster Planning for California Hospitals
September 19-21, 2016
Sacramento, CA
Annual conference that brings together more than 800 hospital emergency preparedness coordinatorsstatewide. Three-day program includes sessions forall members of hospital disaster planning teams, communitypartners and first responders.
www.calhospital.org/disaster-planning
CHA Staff Contacts
Cheri HummelVice President, Emergency Management & FacilitiesCalifornia Hospital Association(916) [email protected]
Lois RichardsonVice President, Privacy & Legal Publications/EducationCalifornia Hospital Association(916) [email protected]
86
44
Thank You and Evaluation
Thank you for participating in today’s webinar. An online evaluation will be sent to you shortly. To receive CEs, you must complete the evaluation and attest to your participation. CEs will be emailed to registrants.
A recording of this program will be available to all registrants.
For education questions, contact Mary Barker at (916) 552-7514 or [email protected].