270 likes | 395 Views
Dr. Evil Goes Mobile. The Doctor will Text You Now: Security and Risk with Electronic Transmission and Exchange 2012-09-25 Steve Goldsby. Agenda. Introductions Mobile & Security Statistics Implications for Your Organization Discussion Free Love Q&A. Introductions. Introductions.
E N D
Dr. Evil Goes Mobile. The Doctor will Text You Now: Security and Risk with Electronic Transmission and Exchange 2012-09-25 Steve Goldsby
Agenda • Introductions • Mobile & Security Statistics • Implications for Your Organization • Discussion • Free Love • Q&A
Introductions • You • Your organization (name, size, location, etc) • Using mobile? Challenges? • Maturity of Security Program • Experienced a breach in 2011/2012?
Ponemon Study + • Ponemon's second annual Benchmark Study on Patient Privacy and Data Security. • DataLoss DB • Whitepapers & Gov’t data
Healthcare Data Breaches up 32% Has your department suffered a data breach involving the loss or theft of patient data?*
Mobile & People Biggest Problem Nature or root causes of the data breach incident
Hope is Not a Strategy Does your organization use any of the following security solutions or procedures to safeguard patient data contained on mobile devices?
Pay Me Now or Pay Me Later… What best describes the negative impact of data breach experienced by your organization? 81% report time and productivity loss from breach
Pay Me Now or Pay Me Later… What best describes the economic impact of breach incidents experienced by your org? $2,243,700 is estimated financial impact of data breach per organization
Implications • Incident cost: $2,247,700 per incident • Brand damage: $113,400 per patient • Legal: $249,290 per incident • Patient Collateral Damage: Identity + Medical ID theft • Opportunity cost: Cleanup time is not delivering value • Organizational Brain Damage / Involuntary Turnover
Discussion • Have you been impacted by PHI leak? Mobile? • Do you know anyone? Mobile? • How are you using mobile? • Dedicated vs BYOD? • What security controls do you have in place? • What are biggest hurdles to successfully securing PHI? • How are you assessing risk?
Free Love • Risk Assessment (+ likelihood + cost determination) • Privacy rule prescribes it • Due Diligence and Due Care • Cyber insurance • Optimize Spend • Policy + Training (with Anecdotes)
Free Love • No BYOD ever • Deliver organic capability • Dedicated assets with strict control • PHI Management Strategy • PHI lifecycle management • Provision through Disposal
Free Love • Technical Controls - Strategic Implementation • USB Control (physical + technical) • Whitelisting Mobile Configurations • A/V & HIPS • Passwords • Encrypt all storage (FDE) • Remote Brick • DLP + Proactive Data Management
Ponemon - Second Annual Benchmark Study on Patient Privacy & Data Security http://www2.idexpertscorp.com/assets/uploads/PDFs/2011_Ponemon_ID_Experts_Study.pdf The 5 (PHIve) steps you can take now to protect PHI http://www.govhealthit.com/news/5-phive-steps-you-can-take-now-protect-phi Open Security Foundation - Dataloss DB http://datalossdb.org/ References