Security Aware User : Healthcare
Healthcare cybersecurity is a growing concern as connected care becomes more ubiquitous. Patient safety, data integrity and overall cybersecurity are now top challenges for the healthcare industry. Medical information has been given particular attention by these cyber-criminals as the lifespan of such data is more compared to other information, such as credit card details.
A health care data breach not only affects the organization through reputational as well as financial effects but also poses a dramatic threat to the patients whose data were disclosed (primarily because of the nature of the information).
Healthcare providers now have to secure more connected medical devices than ever before and there has been a proliferation of IoT devices in the healthcare industry. The attack surface is growing and cybercriminals are developing more sophisticated tools and techniques to attack healthcare organizations, gain access to data and hold data and networks to ransom.
In 2018, breaches in data security through healthcare plans skyrocketed by 1,000%. If that number does not make you sit upright and rethink your program for healthcare cyber security training, consider these stats:
- The 1,000% increase in compromised security affected 884,360 individuals in 24 separate breaches in health plans alone
- Healthcare providers make up 75% of the companies with hacked data
- Overall, before the first half of 2018 was completed, nearly three million people were affected by a security breach.
And, even healthcare leaders admit there is room for improvement. In a survey by KPGM, over half of the 154 healthcare leaders surveyed said that their organizations either did not have written operating procedures for security breaches, or, if they did, the leaders did not know what those procedures were. Most of these leaders pointed out that most changes in healthcare cyber security training occurred after a breach, with changes in leadership (17%), upgraded technology (15%), and improved training (14%) being the most common responses.
A primary responsibility of any protection system is to educate, stimulate, and motivate the first line of security resource: employees, physicians and volunteers. The security level of a medical care facility is directly related to the extent to which employees participate in the security effort.
The entire staff of an organization must understand their roles as a part of providing a safe and secure environment. They must actively practice good security awareness and appropriate security actions every day. This requires that the staff be given clear direction and sufficient training and education. Security training should begin the first day on the job and continue throughout the individual’s employment at regular intervals.
Cybersecurity awareness should become an integral part of the overall security strategy of the healthcare industry to prevent possible cyber-attacks.
Healthcare organizations have countless things to look after, such as providing patient care of the highest possible quality, retaining financial viability as well as leveraging information technology to improve the operational standard. Still, health care organizations have to give equal priority towards maintaining high-quality security settings to prevent any possible data breach. Raising cyber security awareness among health care professionals also involves making them aware of the consequences of errors in individual actions (such as clicking malicious links that can compromise the whole network and lead to data breach).
Creating and operating a cyber security awareness program does not mean transforming staff into cyber engineers able to reverse engineer malware samples. Instead, the intent, is to have individuals realize that they play key roles in protecting the digital health of patients—just as they play direct roles in protecting the physical health of patients.
- Understand the Basics of Security and Attack Lifecycle;
- Understand the Latest Attacks in the wild;
- Understand how hackers fish your data from you and use it against you;
- Understand the importance of Strong and Unique passwords; and
- Understand Wireless Attacks and Dangers of Free Wifi spots.
- Attendees will learn on basics of Security, hacking attacks and understand about Vulnerabilities and Exploits and how defence technologies like Anti-Virus, Firewall, IPS & IDS work. An understanding on what are the risks and attacks particularly faced by the healthcare industry;
- Attendees will learn on all the Latest Attacks and how these attacks are carried out with DEMOS. This will help the attendees to be more aware on how the current attacks are carried out in stages and finally compromise the hospital network or patient database;
- Attendees will learn on how hackers manipulate and turn their mind and data against them for a successful attack. Attendees will also learn on different social engineering attacks including Facebook based attacks with DEMOS and Best practices on how to be aware and secure from these attacks;
- Understand the importance of Strong and Unique passwords Outcome : Attendees will learn on importance of Strong Passwords and how wrong password usage opens up for data theft resulting in Identity theft and compromise with DEMOS. Attendees will also learn the best practices for Password and how to create and remember strong passwords without sticking the passwords on the monitor or keyboard; and
- Attendees will learn the different Wireless encryption methods and their weaknesses. Attendees learn on how Hackers compromise your devices thru WiFi with DEMOS and how to secure office and personal devices from Hackers.
Session 1 : Introduction : Anatomy of an Attack
- What is Security
- Threats Vs. Risks
- Cyber Security risks in Healthcare & How they affect your Hospital
- Why IoT Security is Critical?
- Attack life cycle & Different Attack Vectors
- Hack Value : how much hacker makes by selling your data?
- Why Perimeter defences are failing?
- Why Anti-Virus is not enough?
- Business Email Compromise (BEC)
- Advanced Persistent Threat
- Mobile Malwares
- Web Attacks
- IP Theft
- Insecure Connected Devices : Mirai
- Physical Damage & Operation Downtime
- Medical Equipment / Product Manipulation
- Phishing Attack
- Java Applet Attack Vectors
- Infectious Media Generator
- Phone Call & Sweet Talking
- Facebook and social media based attacks
- Disposable Emails
- WhatsApp, Telegram and similar Messaging Systems security
- Best Practices for Email Security
- Best Practices for Messaging Software
- Best Practices for Safer Social Media Usage
- What is strong Password?
- Why password must be changed at least once in 90 days?
- Privacy = Extinct
- PII : Personally Identifiable Information
- Personal Data Protection Act
- Best Practices for Password Management & Privacy
- Understanding WEP, WPA, WPA2
- Why Public Wifi and Free hotspots are dangerous?
- How to secure office and plant WiFi
- Bring Your Own Device (BYOD) best practices
- Mr. Clement Arul is a two-time recipient of Cyber Security Professional of the Year in 2017 and 2014 as well as a three-time Regional Award winner of Cyber Security Professional of the Year Asia and APAC in 2020, 2019 and 2017.
- A Principal Technology Architect, Security Professional and an Evangelist with Twenty Two (22) years of IT experience in Cyber Security, Ethical Hacking, Cyber Security Framework, Security Risk & Governance, Big Data, IoT, Systems Analysis, Design, Development, Secure Coding, Implementation, Digital Forensics and Project Management.
- Founder and CEO of Kaapagam Technologies Sdn. Bhd. and Kaapagam Education Services Sdn. Bhd. Also, Founder and Chief Technology Officer of Vigilant Asia (M) Sdn. Bhd.
- He has contributed to National Cyber Security Framework and many more national initiatives and now working with few ASEAN governments in developing and implementing National Cyber Security Frameworks. He was also part of the Secure Implementation of Nigerian ID system Project in 2019 as the prime security expert consultant.
- Presented in more than 120 public conferences and Talks in last Year and more than 600+ in last 5 Years across ASEAN
- Chief Architect for KALAM – IT Security Collaboration Platform : An MOHE Award Winning Platform
- Chief Architect for VALARI : Common Criteria Certified (the only) Malaysian Web Application Firewall
- Chief Architect for SOC 2.0 – A Regional Managed Detection and Response Platform for SME
- Security Consultant for many Multi-National and Leading IT Companies and Agencies in ASEAN Region
- Specializes in Payment Gateway Hacking, Application Security & Penetration Testing, Big Data & IoT Security.
- Issued 100+ Web Vulnerability Disclosure Documents in last 4 years on Vulnerabilities discovered in Government, Corporate, Banks, Online Payment Gateways and e-Shopping websites in ASEAN.
- Provide Penetration Testing, Vulnerability Assessments, Security Consultations, Security Frameworks, Disaster Recovery & Business Continuity, and Security Audit Services for Customers in APAC Region.
- Conduct Workshops across ASEAN region on Penetration Test, Mobile Security, IoT Security, Forensics Investigations, Secure Programming, Disaster Recovery, Incident Handling, Business Data Analytics, and many more.
- Created a Security Awareness Certification under KALAM and have trained and certified 5300 people across ASEAN including Singapore, Malaysia, Laos, Cambodia, Indonesia in the last year.
- Delivered Security Awareness Talk on Social Media & Cyber Attacks & Defences for public in THR Raaga Malaysia FM Radio: For the entire Nation
- Delivered 13 capsules (days) on various cyber security awareness topics and DO's and Dont's for general public : Nationwide Indian Audience on ASTRO Malaysia Vanavil TV.
4 CPD Point
Please submit the Certificate of Completion to Global ACE Certification at www.cybereducationscheme.org
Brought to you by: