Presented at
Black Hat USA 2020 Virtual,
Aug. 5, 2020, 12:30 p.m.
(40 minutes)
Healthcare has been the most affected industry by ransomware, data breaches, and hacks. Every week there is news of yet another provider that has been hacked. In multiple cases, this has led to practices shutting down, and patients not even able to get their medical records. The guidance provided to many providers has not specifically addressed what organizations need to do to protect their patients and themselves. There has not been a specific list and toolset they can use to protect themselves.
In addition, there have been many snake oil companies out there that have only provided risk assessments, costing smaller providers tens of thousands of dollars, while not delivering anything of value. We want to change that and provide maximum value and immediate returns.
We want people to take what we've developed and released here and use it as guidance for developing their own information security programs at small practices while not wasting money for info they will not use. Our families and friends use these providers and give them their most personal information. We want to make sure that we give back. If we stop at least one attack and protect the information of those patients with this information, it's worth it.
Instead of a toolkit that is meant to demonstrate exploits, or a framework that takes a long time to implement, we're giving something that anyone can use to help their local providers out in securing the information their patients entrust them with.
Presenters:
-
Mitchell Parker
- CISO, Indiana University Health
Mitchell Parker, MBA, CISSP, is the CISO, at IU Health. Mitch has eleven years' experience in this role, having established effective organization-wide programs at multiple organizations. He is responsible for providing policy and governance oversight and research, third-party vendor guidance, proactive vulnerability research and threat modeling services, payment card and financial systems security, and security research to IU Health and IU School of Medicine. In this role, Mitch collaborates across the organization and with multiple third parties to improve the people, processes, and technologies used to facilitate security and privacy for the benefit of IU Health's patients and team members.
Mitch also actively researches and publishes in the academic community. He is an adjunct lecturer in Health Informatics at Indiana University – Purdue University Indianapolis, and also guest lectures at multiple universities, including IUPUI, Purdue, and IU Kelley School of Business. He has also published peer-reviewed papers with collaborators across the world. Previous to his move to Indiana, Mitch was an Adjunct Professor in the Information Technology and Cyber Security (ITACS) program at the Fox School of Business at Temple University, where he taught MIS5903, the Cyber Security capstone course.
He also publishes in multiple publications, including CSO Magazine, Healthcare IT News, HealthsystemCIO.com, Security Current, Healthcare Scene, and HIMSS' blog. He also has contributed a chapter for an upcoming Cybersecurity in Healthcare textbook, an essay to Voices of Innovation, which was published in March 2019 by HIMSS, and has a chapter in an upcoming book on Healthcare Cybersecurity for the American Bar Association's Health Law section. Mitch has also been quoted in numerous publications, including the Wall Street Journal, ISMG, HealthITSecurity, and Becker's Hospital Review.
Mitch also is a prolific presenter, having presented at NIST, IEEE TechIgnite, the national HIMSS conference multiple times, the HIMSS Security Forum, multiple ISMG Healthcare conferences, multiple regional HIMSS conferences, Becker's IT+Revenue Cycle conference, and numerous other regional and national conferences.
Links:
Similar Presentations: