Cyber Healthcare Track

CYBER HEALTHCARE TRACK 2023

TOP HEALTHCARE DATA BREACH STATISTICS

The healthcare sector is one of the most targeted industries by cybercrime.

HEALTHCARE FIRMS REPORTED 145 DATA BREACHES IN THE FIRST THREE MONTHS OF 2023

51.9 MILLION RECORDS STOLEN IN 2022

There was a 15.2% fall in reported data breaches in July with 56 breaches of 500 or more records reported to the HHS’ Office for Civil Rights (OCR), which makes July an average month for data breaches.

Over the past 12 months, 57 breaches have been reported each month on average; however, July was not an average month in terms of the number of compromised records.

HEALTHCARE DATA BREACHES HAVE DOUBLED IN 3 YEARS

QBot: 30 Minutes to Compromise Data

DFIR released an analysis noting that Qbot can compromise data within 30 minutes of initial infection. Qbot has been used aggressively to target the U.S. health sector. Qbot is often used in multi-stage attacks, and to drop ransomware.

95% OF ALL IDENTITY THEFT INCIDENTS REPORTEDLY COME FROM COMPROMISED HEALTHCARE RECORDS

Sources: withpersona.com | thedfirreport.com | hhs.gov

CYBER RESILIENCY TRACK

We are thrilled to present a unique and vital opportunity for healthcare facilities across our surrounding regions and statewide. Our groundbreaking cyber training program is thoughtfully tailored for healthcare staff, positioning them as the first line of defense against the evolving landscape of cybersecurity threats.

In an era where the healthcare sector is increasingly digital and interconnected, safeguarding sensitive patient data and critical systems is of paramount importance. Our comprehensive training curriculum empowers your staff with the skills and knowledge necessary to proactively identify vulnerabilities, implement robust preventive measures, and respond effectively to potential security incidents.

1. Intro to IT Jargon what are you talking about?

2. Introduction to Cybersecurity for Healthcare:

o Understanding the importance of cybersecurity in healthcare settings.

o The potential risks and consequences of cyberattacks on patient data and medical devices.

o Identifying common cyber threats specific to the healthcare industry.

3. Phishing Awareness and Prevention:

o Recognizing phishing emails, messages, and social engineering tactics.

o Teaching staff how to verify the authenticity of sender information.

o Training on not clicking on suspicious links or downloading attachments from unknown sources.

4. Password and Authentication Best Practices:

o Creating strong, unique passwords and avoiding common password mistakes.

o Two-factor authentication (2FA) and its significance in enhancing security.

o Educating about the risks of password sharing and the importance of keeping credentials confidential.

5. Data Privacy and Protection: (Barbara Beatty)

o Explaining the principles of data privacy, including the Health Insurance Portability and Accountability Act (HIPAA) regulations.

o Training on proper handling and storage of patient information to prevent data breaches.

o Discussing the importance of encryption and secure data transmission.

6. Securing Medical Devices:

o Understanding the vulnerabilities of medical devices to cyberattacks.

o Teaching staff how to recognize and report any unusual activity on medical devices.

7. Safe Internet and Network Usage:

o Guiding staff on using secure networks and avoiding public Wi-Fi for sensitive tasks.

o Discussing the risks of using personal devices for work-related tasks without proper security measures.

8. Social Media and Online Presence:

o Educating on the potential risks of sharing sensitive information on social media.

o Discussing the importance of maintaining professional boundaries online.

9. Incident Response and Reporting:

o Training staff on how to identify and report cybersecurity incidents promptly.

o Creating a clear incident response plan and detailing the steps to take in case of a breach.

10. Regular Software Updates and Patch Management:

o Explaining the importance of keeping operating systems and software up to date.

o Providing guidance on how to enable automatic updates and conduct regular patch management.

11. Employee Training and Awareness:

o Highlighting the role of all staff members in maintaining a strong cybersecurity posture.

o Promoting a culture of cybersecurity awareness and continuous learning.

Final Exam: Live fire Identification of threats and use of proper procedures and escalation

Certification: Cyber Resilient Front-Line Defender or CRFD

CYBER HEALTHCARE DEFENDER TRACK

We are excited to introduce an exclusive opportunity for healthcare facilities across the surrounding areas and statewide. Our cutting-edge cyber training program is specifically designed for IT security personnel within the healthcare sector. This strategic initiative is tailored to empower your staff with the skills and knowledge necessary to effectively manage and mitigate cyber incidents, ensuring the utmost protection of sensitive patient data and critical healthcare systems.

In an era where the healthcare industry is increasingly reliant on digital infrastructure, safeguarding against cyber threats is paramount. Our comprehensive training curriculum equips your team with the expertise to proactively identify vulnerabilities, implement robust preventive measures, and respond adeptly to potential security breaches. By fostering a culture of cybersecurity excellence, your facility can stay ahead of evolving threats and maintain uninterrupted, high-quality patient care.

CHD- CYBER HEALTHCARE DEFENDER

1. Soft Skills and Awareness

° Soft skills: Communication, Teamwork, Problem-Solving, Time Management, Motivation, Awareness of Burnout, Imposter Syndrome and Alert Fatigue in cybersecurity context

2. Legal and Compliance

° HIPAA compliance and the DHHS regulations HITECH

3. Framework and Risk Management

° Overview of HITRUST domains and Implementation

° Root Cause Analysis (RCA), After Action Review (AAR), and Lessons Learned Reporting

4. Fundamentals of Cybersecurity and Networking

° Introduction to Linux

° Networking 101 - Fundamentals, network devices, ports and services, and port scanning with Nmap Wireless security controls and Bring Your Own Device (BYOD)

5. Intermediate Networking and Security

° Networking 102- Advanced port scanning, SDWAN, Network Segmentation, Firewall administration (Palo Alto), Utilizing VLANS to secure devices. Wireless security controls and BYOD

6. Healthcare IT Security

° EHR/EMR security and implementing ID management, Privileged Identity Management (PIM), Role-Based Access Control (RBAC)

° Securing Medical Devices

° Securing external devices

7. Cyber Threat Landscape

° Brief introduction to cybercrime and health records on the black market

° Insider Threat Awareness

8. Cybersecurity Response and Analysis

° Phishing Analysis and response using tools like IronScales or Microsoft 365

° Threat Intelligence: Gathering and utilizing threat intelligence

° Digital Forensics: Basics of investigating cyber incidents

° SIEM (Security Information and Event Management): Using SIEM tools for monitoring and analysis

° Incident Response: Developing and implementing incident response plans

9. Final exam and Practical Application

° Final exam (Live Fire): Hands-on application of knowledge gained throughout the program

Certification: CHD Cyber HealthCare Defender