Health-ISAC - Singapore - Mastercard Session PDF
Document Details
Uploaded by CooperativeJacksonville
Nanyang Technological University
Tags
Related
Summary
This document provides an overview of cybersecurity threats and best practices within the healthcare industry. It covers topics such as information sharing, trust, and various security risks. It also highlights resources for CISOs and best practices for information sharing.
Full Transcript
Cyber Threat Update Errol Weiss Chief Security Officer, Health-ISAC TLP:WHITE Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. Updated 12.05.2023 What is an ISAC? ISAC is short...
Cyber Threat Update Errol Weiss Chief Security Officer, Health-ISAC TLP:WHITE Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. Updated 12.05.2023 What is an ISAC? ISAC is short for “Information Sharing and Analysis Center” ISACs empower sharing and collaboration in critical infrastructure communities to prevent, detect and respond to cybersecurity and physical security events ISACs collect, analyze, and disseminate actionable threat information to their members and provide them with tools to mitigate risks and enhance resiliency Historical References Executive Order 13010, July 1996 Report to the President’s Commission on Critical Infrastructure Protection July 1997 Presidential Decision Directive (PDD) 63, May 1998 Financial Services ISAC, Oct 1999 2 About Health-ISAC Non-profit 501(c)(6) Community of 12,000+ Global Security Analysts, built on trust and anonymity Healthcare sub-sectors Healthcare Providers Pharmaceutical Healthcare Supply Chain Insurance (Payers) Pharmacies Mortuaries Academic Medical Schools Telehealth R&D Centers Medical Device Manufacturers (MDM) Laboratories Hospice Electronic Medical Records (EMR) Radiological Centers Clearing Houses Group Purchasing Organizations (GPO) Revenue Cycle Management Genomics 3 Community Connect with 12,000+ Security Analyst peers anonymously and in real-time using: Trust The success of information sharing in any community relies on the TRUST established End-to-End Encrypted Chat (Slack) between individuals. Trust is a requirement when an individual wants to share sensitive information with others. Member Sharing Forum Trust is a human quality and cannot be replaced by automation. Member Surveys (Best Practices) Get involved in your information sharing community Help build and maintain trust networks Host and attend in-person meetings,Conferences, Regional workshops, informal gatherings Working Groups, Committees, and Councils The personal relationships that you build with other professionals will help establish a network of trust in the wider information sharing community. 4 Working Groups, Committees and Councils Business Resilience Incident Response Provider Special Interest Group CTI Program Development Information Protection Purple Team Cybersecurity Analytics Insider Threat Risk Management Cybersecurity Awareness and Training Medical Device Security Council Security Architecture Diversity and Inclusion NIS2 Implementation Security Engineering Email Security Operational Technology (OT) Security Social and Political Risks to Healthcare European Council Pharma and Supply Chain Software Security Identity and Access Management (IAM) Physical Security Third Party Risk Governance (TPRG) 5 Member Sharing Forum By reaching out to the Health-ISAC community, Members recently received templates and guidelines for: Acceptable Use Policy Identity and Access Management Policy Password Change Policy API Security Policy Immutable Storage Policy Phishing Awarement Training Baseline SLA/NDA Language Inactive Account Tracking Physical Security Policy Biometric Data Policy Incident Response Plan and Logging Remote User Device Deployment Policy Business Continuity Plan Internal Meeting Recording Policy Remote Workforce Policy Business Process Mapping International Travel Policy Risk Calculator Calendar Sharing Policy IT Steering Committee Charter Securing Microsoft Teams Change Management Policy M365 External Sharing Policy Service Accounts - Track and Manage ChatGPT Policy Medical Device Contract Language Software Licensing Policy Cross Border Data Privacy Medical Device Internal Purchase Process Tabletop Exercise Facilitation Cybersecurity Training for Board Members Medical Device SBOM Management Third Party Risk Questionairre Data Loss Prevention (DLP) Policy Medical Device Secure Lifecycle Policy Vendor Comparison Template Data Privacy Policy Microsoft OS Patching Cadence Vendor Contract Security Language Data Retention Policy New System Intake Process - HIPAA Compliance Vishing Awareness Training DMARC & DKIM Policy and Implementation Non-Employee Account Curation / Management Policy Vulnerability Management Plan Geo-Blocking Policy Offshore PHI Access Policy Web Content Filtering Policy Global Privacy Compliance Online Shopping - Cybersecurity Awareness Tips WhatsApp Usage Policy 6 Benefit Review Visual Review - Threat Intelligence & Cybersecurity Automation 7 Benefit Review Events & Education Summits Rising CISO Training Workshops and Webinars Fall Americas (West) European CTI Analyst Training Tabletop Exercises (TTX) and Spring Americas (East) APAC After-Action Reports 8 Benefit Review The Cyber Threat Spectrum Source: FBI Cyber Division Hacktivism Hacktivists use computer network exploitation to advance their political or social causes Examples Anonymous support for Occupy Wall Street (2011) Panama Papers – 11 million financial and legal records exposed corruption and secretive offshore companies (2016) Revealed offshore holdings of 140 politicians and public officials around the world More than 214,000 offshore entities connected to people in more than 200 countries Hacktivist collective Anonymous took actions to support Black Lives Matter (BlueLeaks 2020) 10 Hacktivism: Healthcare Sector Targets 11 Hacktivism: Healthcare Sector Targets Who is being targeted? What are the risks? Healthcare Providers Exposure of sensitive Patient Gender reassignment surgery Health Information (PHI) Family planning and reproductive Dis- / Mis-information campaigns health / Abortions COVID Vaccines Doxing targeted individuals Healthcare Insurers In extreme cases, transcends to Payers of services above physical attacks 12 Cybercriminal Activity: Ransomware Update Double and Triple Extortion Encrypt your data and pay ransom to get decryption key Steal your data and threaten to release it publicly unless you pay the ransom Launch a Distributed Denial of Service (DDoS) at your website, rendering it useless, until you pay the ransom When Cybercriminals Turn to Blackmailing Patients Evolution of ransomware extortion Alternative means of monetization Cases: Vastaamo Psychotherapy Center– Finland Fred Hutchinson Cancer Center – US The Center for Facial Restoration – US Multiple Plastic Surgery Practices in 2023 – US Cases targeting individuals may increase Legislation prohibiting companies paying ransoms More groups and individuals linked to cybercrime added to Sanctions Lists 14 Notable Nation-State Activity China Phishing campaign to establish remote connectivity Espionage campaigns Russia Espionage KillNet Hacktivist Group targeting critical infrastructure globally including hospitals (Jan 2023) Ties to Russian Intelligence (GRU) Ties to Anonymous Ties to Anonymous Sudan Ties to Anonymous Russia Source: Images from internal analysis 15 Notable Nation-State Activity North Korea Financially motivated and used to generate revenue for state and military objectives https://cloud.google.com/blog/topic s/threat-intelligence/apt45-north- Espionage korea-digital-military-machine Ransomware Cryptocurrency Axie Infinity and Tornado Cash -- $625 million heist https://www.bbc.co.uk/programmes/w13xtvg9/episodes/downloads https://geoffwhite.tech/ Looking Ahead: Artificial Intelligence Artificial What? Large Language Models Generative AI ChatGPT / Google Bard Gemini Threats Adversarial Use Perfect Phishing & Scams Deep Fakes Data Loss Lack of Trust / Integrity AI Poisoning AI Hallucination 17 OTP Bots to Bypass MFA Use of mass-scale automation to bypass security codes for one-time-passwords (OTP) OTP Bots to Bypass MFA Source: https://securelist.com/2fa-phishing/112805/ OTP Bots to Bypass MFA Source: https://securelist.com/2fa-phishing/112805/ OTP Bots to Bypass MFA Use of mass-scale automation to bypass security codes for one-time-passwords (OTP) How it works Attacker gets victim’s credentials and signs in to their account Victim gets an OTP on their phone OTP bot calls the victim and follows a script prepared in advance to talk them into sharing the code Victim punches in the verification code on their phone Attacker receives the code Attacker gains access to the victim’s account by entering the OTP on the legit website Check out https://www.youtube.com/watch?v=Ua-ry1v8ErU for an example Case Studies 22 Targeted Alerts – Killnet 23 CrowdStrike Faulty Update (July 19, 2024) Friday, July 19, 1300 AEST / 1:00 am ET Member survey revealed outages across the via Secure Chat global healthcare ecosystem Health-ISAC members in Australia and the Disruptions were reported from half the Asia Pacific region are sharing reports of member organizations with impacts to Microsoft Windows systems caught in Phone systems repeated reboot loops Secure file transfers Experiencing major operational impact Patient services US members slowly joining in Pharmacy orders By 7:00 am ET, over 500 members in the Electronic medical records dedicated Slack channel discussing root cause and remedies Lab collections Transcription services 8 am ET Shipments Reliable and effective mitigation techniques shared among members and continuously Medicaid and insurance billing updated over the weekend 911 communications Manufacturing, and more. CrowdStrike Faulty Update (July 19, 2024) Health-ISAC webinar with CrowdStrike’s senior leadership Thursday July 25 Nearly 900 Health-ISAC members Discuss what happened Failure of testing procedures Cleared up misinformation and rumors Promised root-cause-analysis Meanwhile… cybercriminals wasted no time Fake "CrowdStrike support" websites and email campaigns Health-ISAC community shared hundreds of malicious domains associated with this scam to help protect the entire sector 25 Looking Ahead into 2025 and beyond Digitization of health delivery and care Healthcare organizations are more desirable targets for ransomware attacks Substantial legal and regulatory burden on healthcare organizations Market value and potential applications of compromised data High proportion of unpatched medical devices Lack of adequate investment in cybersecurity in healthcare organizations Technology Experienced Talent Public/Private Partnership Can Help Incentives for investment in cybersecurity Ransomware Talent & Technology Supply Chain risks Reduce cybercrime by creating deterrents and removing infrastructure they rely on Artificial Intelligence Bullet-proof hosting providers Cryptocurrencies Additional Resources Current and Emerging Healthcare Cyber Threat Landscape: Executive Summary for CISOs https://h-isac.org/current-and-emerging-healthcare-cyber-threat- landscape-executive-summary-for-cisos/ Information Sharing Best Practices https://h-isac.org/h-isac-information-sharing-best-practices/ 27 Thank You Errol Weiss Chief Security Officer, Health-ISAC +1 321-209-9898 [email protected] www.linkedin.com/in/errolweiss/
