As a CTO at a healthcare company I spend a great deal of time worrying about security.

A recent survey performed by HIMMS showed that 87% of health information security officers and other health IT professionals felt that cyber security had taken on a higher business priority over the last year. I must admit to being somewhat surprised the other 13% said otherwise, given the recent media attention around healthcare data breaches.

When I attended the HITRUST Security conference earlier in the year it became abundantly clear that most of the participants were deeply concerned about how their organization would perform if there was a security incident. I’d wager that a good facial recognition algorithm could pick a CIO out of the crowd by the worry lines on their face.

What may suprise you is that their concerns did not stem from a lack of technology. In most cases they were worried about their people and processes.

The best way to get past the people problem is to practice, practice, practice until you can exercise your cybersecurity plan without a second thought.

So, what might such a scenario look like? Well, I’m glad you asked! I just happen to have a sample at hand that you could use!

7:50PM, Tuesday

A hacker group targets your company networks by calling the help desk posing as a senior executive’s assistant. They’re claiming that the executive is out of town and needs a password reset. He’s at a major business meeting with the parent corporation and has to get to his data now!

The help desk operative is new and worried about his job if he doesn’t help out. He resets the password and spells it out over the phone to the “assistant”. His shift ends so he packs up and heads home.

7:00AM​, Wednesday

The hacker logs into your external email portal as the executive and downloads his email and calendar. He then sends an email to a group of the executive contacts puporting to contain a spreadsheet marked urgent. They download the spreadsheet and enable macros (it’s from their higher up after all!) thus infecting their computers with malware.

9:00AM​, Wednesday

Your company’s firewall admin notices a lot of traffic going from inside the network to a server in China using a https feed. He raises the alarm and contacts the cyber response team.

10:00AM​, Wednesday

You are notified. What do you do now?

In my next post we’ll discuss how to respond!  Stay tuned!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s