Monthly Archives: August 2016

Banner Health nailed by huge cyberattack that compromised personal data of 3.7 million people

Individuals’ data may have been compromised by hackers that cracked in via food and beverage payment systems and infiltrated patient healthcare data.

Banner_Health

Banner Health revealed that hackers may have accessed the healthcare, payment and health plan information of up to 3.7 million individuals.

Attackers reportedly gained access through payment processing systems for food and beverage purchases at the Phoenix-based health system.

“On July 13, 2016, we discovered that cyber attackers may have gained unauthorized access to information stored on a limited number of Banner Health computer servers,” Banner Health said in a statement. “We immediately launched an investigation, hired a leading forensics firm, took steps to block the cyber attackers, and contacted law enforcement. The investigation revealed that the attack was initiated on June 17, 2016.”

Stolen information may have included names, birthdates, social security numbers, addresses, dates of service and claims information, as well as health insurance information as a current or former member of one of Banner’s health plans or as a beneficiary of a Banner Health employee benefits plan.

“Most of the time these healthcare organizations have no systems in place to alert them when lots of data is being sucked out using some privileged account,” said Mansur Hasib, program chair, cybersecurity technology, at the graduate school of the University of Maryland University College, and author of the book “Cybersecurity Leadership.”

Mansur added that Anthem, for instance, did not originally have such protections but after its massive breach installed such systems.

“As a precaution, we have secured the services of Kroll to provide credit and identity monitoring at no cost to the affected members for one year,” Banner Health said. “Kroll is a global leader in risk mitigation and response, and their team has extensive experience helping people who have sustained an unintentional exposure of confidential data.”

Further, Banner Health is enhancing the security of its systems to help prevent another such attack in the future, and has established a call center for individuals to call with any questions, the health system said.

“Banner is committed to maintaining the privacy and security of information of our patients, employees, plan members and beneficiaries, customers at our food and beverage outlets, as well as our providers,” said Peter S. Fine, president and CEO of Banner Health.

Affected members have been mailed; but if an individual believes he or she may have been affected and does not receive a letter before September 9, 2016, they can call (855) 223-4412.


Bluehost.com Web Hosting $3.95

The attack looks very similar to the infamous breach of Target Corp., said Adrian Sanabria, senior analyst, information security, at 451 Research LLC.

“Attackers allegedly were able to access hospital networks through successful attacks against food services systems,” Sanabria said. “I don’t know if Banner Health used a third-party to run its in-hospital cafes and cafeterias, but like Target’s breach, which began with a third-party HVAC vendor, there should have been no way to access payment data from food services systems. These should have been entirely segregated from one another – I can’t imagine any reason why a cafeteria point-of-sale system would need access to systems storing medical records.”

Another issue that mirrors the Target breach is a lack of visibility into what’s happening to systems and data,” Sanabria added. “One of the new technologies I’m very excited about that can help with this issue is the emergence of inexpensive attack simulation products,” he said. “By safely simulating the events of a breach, companies can more easily determine how they would fare in an actual attack and adjust as necessary.”

 

Closing Your IT Fire Station

How to shift your team of overloaded fire fighters to relevant business contributors

We’ve already discussed the reasons that most IT teams are overworked. But there has to be a solution, right? Not just
Fire_Businessa solution that is case-by-case, but a way to create an overall strategy to get your team out of break-fix mode and into a position as a relevant department that contributes to your organization’s business objectives.  And it’s not just about landing a bigger budget.  If you don’t know how to effectively use the money you get (however much it may be), then your organization will continue to see you as a black-hole cost center, and you’re only adding fuel to the fire. What you need is a plan – a comprehensive strategy built for making the shift from tactical to relevant.


Bluehost.com Web Hosting $3.95

So here are four steps to getting out of the IT fire business:

1. Objectively Analyze Your Internal Team
Before you decide what changes to make or what additional resources to bring in, you need to honestly determine if your team is efficient as it is.  There is likely a work overload, but in addition to that you may be exacerbating the issue with unnecessary redundancies and gaps in your internal structure.  Starting from the inside will help you with a couple of things—it might help you to get more out of the resources you currently have, and it will definitely help you discover where you actually do need more resources, which is the next step in the process.
2. Evaluate Your Needs
Once you’ve tightened the ship, so to speak, you can determine what adjustments you can make in order to help your team be more strategic in their operations.  Do you need more manpower?  Should you outsource and move to the cloud?  Is there a tool you’re missing that would automate tasks or make your processes faster?  Make a prioritized list of resources that would help you achieve departmental goals more quickly and effectively.  Put those goals into a report that you can discuss with decision makers and (this is key): tie them all back to business objectives.  Make sure that everything you’re asking for will enable your team to contribute to the overarching strategic goals of the organization.
3. Present Your Report to Decision Makers
Start by reminding them of how many tasks, projects, and activities your team actually has a hand in.  Then share the steps you’ve taken and your analysis of opportunities you would have to contribute to the organization if granted the additional resources you’re requesting.  And don’t use terms like Gig, POE, or 802.11 to explain what you need.  This is proving to your organization that you only think in a technical, tactical way.  In order to be seen as a relevant member of the overall business, you will need to speak in terms of strategy and business goals.

4. Start with One Project at a Time
Start with the next initiative your organization establishes/requests.  Instead of talking about the tactical aspects like equipment and labor, talk about why they’re making that request and how it will contribute to the objectives they’re trying to achieve.  Keep those objectives and projected outcomes handy and review them during every single solitary step of the process.  By achieving those objectives and continually discussing them (instead of just the inner workings of the technology), you are proving to the rest of the organization that you have the ability to contribute to objectives that matter to the business.

Good luck and remember be pro-active not re-active “stay out of the fire fighting business”.

White House Releases Color-Coded Scale for Cybersecurity Threats

cyber-threat-scale2On Tuesday (July 26, 2016) the Obama administration released a framework for handling cyberattacks. The Presidential Policy Directive (PPD) on United States Cyber Incident Coordination is a new plan anticipated to create a precise standard of when and how government agencies handle incidents. At the start of his administration, President Obama made it clear that cyberattacks pose a grave threat to the economic and national security of the United States. Previous to the PPD, the Cybersecurity National Action plan was a policy based on three strategic pillars:

  • Raising the level of cybersecurity in both the short and long-term in our public, private and consumer sectors
  • Taking steps to prevent, disrupt and interfere with cyberattacks aimed at the United States
  • Responding effectively to and recovering from cyberattacks

Presidential Policy Directive on US Cyber Incident Coordination

While the Obama Administration has made progress on the three pillars, the country has been faced with managing increasingly significant cyber incidents. Since 2006, cyberattacks against the US Government are up 1,300 percent. Breaches such as the attack by Russian hackers on the Office of Personnel Management where a reported 5.6 million Americans’ personally identifiable information were stolen. In late June, the Democratic National Convention (DNC) was hacked and included files from the 2012 Benghazi attack, the U.S. military intervention in Libya, and the Clinton email server controversy. Most recently, the Federal Department Insurance Corporation (FDIC) cover-up of their data breaches in 2010, 2011, and 2013 was exposed.

2006-2016_Government_Cyberattacks

According to their website, the PPD is intended to build on the lessons learned from these hacks and institutionalize our cyber incident coordination efforts in numerous aspects, including:

  • Establishing clear principles that will govern the Federal government’s activities on cyber incident response
  • Differentiating between significant cyber incidents and steady-state incidents and applying the PPD’s guidance primarily to significant incidents
  • Categorizing the government’s activities into specific lines of effort and designating a lead agency for each line of effort in the event of a significant cyber incident
  • Creating mechanisms to coordinate the Federal government’s response to significant cyber incidents, including a Cyber Unified Coordination Group similar in concept to what is used for incidents with physical effects, and enhanced coordination procedures within individual agencies
  • Applying these policies and procedures to incidents where a Federal department or agency is the victim
  • Ensuring that our cyber response activities are consistent and integrated with broader national preparedness and incident response policies so that our response to a cyber incident can seamlessly integrate with actions taken to address physical consequences caused by malicious cyber activity.

Included in the PPD, is the “Cyber Incident Severity Schema” which will unify how the federal government will respond to cyberattacks against both the government and private American companies.

cyber-threat-scale

The schema, shown above, ranges from white to black, with green, yellow, orange, and red falling in between. While the scale is somewhat vague and has a lot of unanswered questions, it’s intended to ensure that the agencies involved in cybersecurity respond to threats with the same level of urgency and investment. Anything above the dotted line, separating orange and yellow, indicates a significant cyber incident that will trigger a coordinated response from government agencies.

Cybersecurity continues to be a growing concern for the US Government, and high-profile hacks have led to serious consequences for the parties involved. While it’s too early to gauge the success of the PPD, we have to hope that it will be a huge step in securing the personally identifiable information of our citizens and our most valuable data from the persistent threat of data breaches.


Bluehost.com Web Hosting $3.95

 

 

3 Challenges Overworked IT Teams Face Every Day

Over_WorkedIT teams have a lot of responsibility today— especially considering that every modern organization is so dependent on technology. For example, Gartner recommends a ratio of 250 devices to every one IT staffer, but most IT teams are working with a ratio of 2,700 to one. And that doesn’t begin to include responsibilities such as network hardware, storage, applications, or information databases. There is a way to offer relief to overworked IT teams, though. First we identify, then eradicate the issues that keep your IT team too busy to contribute to your overall strategy.

Here are 3 challenges that contribute to the overload most IT teams face and how you can prevent them:

1: The Problem: Inadequate Systems

Break-fix IT departments will never have the time they need to strategize or contribute to organizational goals. This model is really draining on IT staff. It’s impossible to create and implement a working IT strategy when your team is constantly walking in the door to broken equipment. Fixing hardware will always be the priority; but, as long as it keeps breaking, your team will never have the time it takes to become a strategic contributor to your organization.

The Fix: It’s Time to Invest in Equipment That Works

Hardware and IT equipment are real investments. A trusted technology advisor can help you build a solution based on the actual business outcomes you are trying to achieve while complementing the equipment you already have in place. While it may seem like a good idea to cut costs on the solution and equipment, it’s really not (trust us on this one). With the right hardware and properly functioning solution, your team will have the time they need to contribute to the needs of your organization.

2: The Problem: Service Escalations

An overworked and understaffed IT support center often means a lot of escalations. The constant state of feeling overwhelmed means they’re much more likely to escalate an issue at the slightest hint that it will take more than a Band-Aid. And escalations that don’t have an efficiency plan to back them up just compound the IT team’s workload. In short, they occur because of the problem and worsen the problem, making them a painful catch-22 for your team.

The Fix: Have an Escalation Plan

You have to start with a very clear definition of a trouble ticket that requires an escalation. In addition, it’s really important to have a clear escalation plan that correlates to a customer service model and is governed by your organization’s business objectives. Less experienced staff and techs should strive to handle as many tickets as possible without involving the more experienced team members. This will free them up to contribute to strategy and business decisions.


Bluehost.com Web Hosting $3.95

3: The Problem: Lack of Business Principals

Technology teams (even those in the K-12 space) are contributing to huge businesses that spend millions of dollars each year. No other faction of that “business” would run without a plan. No other department would be satisfied with employees who show up to work every day prepared to wait around for things to break. Those departments have strategies in place that align with the business outcomes the organization is looking to achieve. Why should IT be any different?
The Fix: Start Contributing to Strategy

It’s time to get out of the basement and into the boardroom. If you have key players get in on the ground floor and align all projects with the objectives of the organization, you will eliminate a lot of the work mentioned above. Your equipment and services will not only align with the overall business objectives of your organization, but you’ll have a holistic solution and quality hardware, which means it won’t break all of the time. That means fewer trouble tickets leading to fewer escalations. The best news is that you just have to start with one project. Get in on the strategy once and see how it makes your life (and the lives of your IT team) so much easier.