chime lead dc 2014 “key attributes for success, challenges and critical success factors” with...
Post on 24-Jun-2015
150 Views
Preview:
DESCRIPTION
TRANSCRIPT
Creating an Effective Cyber Security Strategy
________ Key Attributes for Success, Challenges and
Critical Success Factors
Skip Hubbard, MBA, FCHIME, LCHIME, CHCIO SVP, Business Intelligence & Performance Improvement
Bon Secours Health System
#LEAD14
A CHIME Leadership Education and Development Forum in collaboration with iHT2
2
A $3.4 billion not-for-profit Catholic health system, Bon Secours Health System, Inc. (BSHSI) owns, manages or joint ventures:
• 19 Acute Care Hospitals ‒ 14 Owned ‒ 5 Joint Ventures
• 15 Post-acute Centers • 14 Home Care/Hospice Providers • 2.3 Million Patient Care Encounters • 9 Communities in 6 states • Over 23,000 caregivers • 850 Physicians • 60,000 System users • 136,000 Clinical Portal users
A CHIME Leadership Education and Development Forum in collaboration with iHT2
What is Needed
• Build Relationships
• Establish the Culture
• Education
• Risk Analysis
• Build a Core Security Team
• Build Infrastructure
A CHIME Leadership Education and Development Forum in collaboration with iHT2
Build Relationships
• Board (Governance & Relationship)
• Executive Awareness & Support
• Internal, Teams Across Disciplines – IA, Privacy, CRO
– HR, Legal, Technology …
• External Relationships – Law Enforcement
– Media Firm
– Cyber liability Insurer
• Education
A CHIME Leadership Education and Development Forum in collaboration with iHT2
Establish the Culture
• Leaders are aware and talk about security
• Education of everyone (staff, faculty, physicians, …)
• Framework – Detailed Plan – Testing – Are you using NIST or ISO …
– Issues and Investigations protocols
– Incident Reporting: (PHI, PII, PCI, Hacks)
• Do Audits of: – Easy-to-guess password on system audits
– Vendor management – SSAE16, SOC2 Type2 Reports
– Access modes & points - Cloud computing
• In healthcare security involves Privacy & Cyber Security
A CHIME Leadership Education and Development Forum in collaboration with iHT2
Risk Analysis
• Risk Assessment:
– Part of the companies ‘ERM’ ?
– What is your risk tolerance, for each class of data • Level of user access to data & systems
• Leakage thru employee – (error, misuse)
– "Lifecycle" approach to Policy and Procedures
– Technology portfolio • Spending/Budget for Security
• Up-to-date ? – – System Patch Levels - Virus Protection Levels
A CHIME Leadership Education and Development Forum in collaboration with iHT2
Build a Core Security Team
• Determine Core Security Team
– Knowledge of Regulation (Federal & State) • what states people live in, if data accessed
– Turnover & Retention
– Tools & Training
• Incident Response Team Needs – Plans & Escalation plan
– Breach reporting
– How & Where to document
– Where are the logs? Do you have the right logs?
Great Workplace
A CHIME Leadership Education and Development Forum in collaboration with iHT2
Build Infrastructure
• Understand your environment – DLP, IDS, Firewalls
– Segmentation
– Strong passwords
• Physical Security (& Education)
• Encryption - ‘everything’
• Change Management (i.e iOS 8.0.1)
• Disaster Recovery
• Team training
Basic must be in place
A CHIME Leadership Education and Development Forum in collaboration with iHT2
Understanding your Environment
• Users – Login patterns (service accounts during night time, login after terms)
– Account Volumes
– Last used and time since password change
– Failed Login Attempts
– Internal and External access
• Usage – Understand Both Systems & Network Configurations
– Identity of New Network Segments
– Bandwidth usage of network
– FTP (22) and Secure (443) site statistics and destinations
– Website attempts; Blacklisted sites (i.e. outbound blocked sites) or do Whitelisting
Metrics; There is a strong relationship between metrics and problems
A CHIME Leadership Education and Development Forum in collaboration with iHT2
A CHIME Leadership Education and Development Forum in collaboration with iHT2
Be Prepared
• The Board wants answers
• HHS-CMS-OCR demands quick answers
• Staff wants full access
• Your community – Public wants assurances
• You want to sleep at night
Q & A
Skip Hubbard Skip_Hubbard@BSHSI.org
A CHIME Leadership Education and Development Forum in collaboration with iHT2
top related