mihin cyber-security panel agenda

MICHIGAN HEALTH INFORMATION NETWORK

Cyber Security Panel Discussion – June 20, 2012

CYBER SECU

RITY PAN

EL AGEN

DA

2

Cyber Security Panel Discussion

Agenda

1. Setting the stage – by the numbers

2. Opening remarks

3. Panel challenges

4. Audience questions

WHO STILL THIN

KS FAX AND M

AIL ARE SECURE O

R RELIABLE? Why are security and identity protection important in HIT?

3

A 1915 LETTER, SENT JU

ST TO A NAM

E IN A MI CITY…

. Simple data-based identities

4

HAVE YO

U EVER USED SO

MEO

NE ELSE’S TICKET?

Single Authentication

5

BU

T WHEN IT LO

CKS ME O

UT, IT REALLY LO

CKS ME O

UT…

Two-factor/Dual/Mutual/Multiple Authentication

6

YOU ARE U

NIQ

UELY THE PERSO

N YOU W

ERE BORN AS…

. Biometric Identification

7

EXCITING TO SO

ME, VERY, VERY DISTU

RBING TO O

THERS….

Physical Alteration Identification

8

BREACHES AN

D ID THEFT CAN UTTERLY DESTRO

Y LIVES….

What can be the results of a breach?

9

WHAT IS THE TO

TAL CO

ST OF B

REACH? What does a breach cost these days?

• Learning of breach (patient, 3rd party, internal investigation, news) • Repairing breach ($17 million total for BCBS-TN)

• Cost of investigation (people, time, equipment; external investigators; forensics; legal discovery)

• Notifications (those potentially affected, L/S/F authorities) • Remediation

• Ongoing prevention (monitoring, upgrades, training, audits, assessments) – cost to prevent vs. risk/cost of exploitation

• Cyber liability insurance (tens of thousands $/year) • Fines & settlement ($1.5 million for HITECH breaches, AG settlements) • Class action claims ($1,000 per patient in California) • Legal fees (pay even if you “win”) • Balance Sheet and Income Statement

• Intangible/loss of market goodwill ($ M’s) • Loss of customers/revenues ($ ???’s)

• Impact on patients • Loss of trust • Human cost - permanent effects upon lives and livelihoods

10

AN

D HERE THEY ARE: OU

R SECURITY PAN

ELISTS Opening Remarks – the Panelists

• Gina Bianco-Perez: President, Advances In Management • Peter Alterman: Senior Advisor to NIH CIO for Strategic

Initiatives • Ross Roberts – Information Assurance PM (IAPM) and HIPAA

Security Officer for the U.S. Army Medical Command (MEDCOM) and Office of The Surgeon General

• Mick Talley – SEMHIE Director, Treasurer, and Program Manager for SSA E-Disability E-Filing contract

• Randy Frank – Internet2 Sr Dir. New Business Development

11

DURIN

G THIS PART WE CAN

DISAGREE!

Challenge 1: What is the worst aspect of a security breach? Challenge 2: What do you think are the three single most important issues in IT security today? Challenge 3: What emerging trends do you see in IT security that keep you awake at night? Challenge 4: Standards, standards everywhere. But HOW? Challenge 5: Testing before production? In health care? Challenge 6: What are the business models for security in HIT?

12

Panel Challenges – 10-15 minutes

DU

RING THIS PART W

E HAVE TO BE NICE TO EACH O

THER Audience Questions – 10-15 minutes

Rules: 1. If your initials are called, please be prepared to clarify your

question for the panel 2. If you disagree with the panel’s response to your question

or want to add to their response you may have one minute for rebuttal after the panelists answer your question

3. Please be nice until the break!

13

WE SIN

CERELY APPRECIATE YOU

R TIME AN

D ATTENTIO

N CLOSING and THANK YOU

Security: It is no laughing matter, but we hope you had fun and learned something today

If you have additional comments or suggestions, please email them to

security@mihin.org

For positive comments about this panel session, please email my boss, Tim Pletcher, pletcher@mihin.org

For complaints about this panel, please email

customerservice@yahoo.com

Thank you for your time and attention! Jeff Livesay, livesay@mihin.org

14