CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with...
-
Upload
health-it-conference-iht2 -
Category
Education
-
view
231 -
download
2
description
Transcript of CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with...
![Page 1: CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital](https://reader033.fdocuments.in/reader033/viewer/2022060118/558a0b46d8b42a50438b45ea/html5/thumbnails/1.jpg)
A CHIME Leadership Education and Development Forum in collaboration with iHT2
Creating an Effective Cyber Security Strategy
________ Key Attributes for Success, Challenges and
Critical Success Factors
Paul Scheib
Senior Director Information Services & CISO
Boston Children’s Hospital
#LEAD14
![Page 2: CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital](https://reader033.fdocuments.in/reader033/viewer/2022060118/558a0b46d8b42a50438b45ea/html5/thumbnails/2.jpg)
Case Study: When Hacktivists
Attack Your Hospital
A CHIME Leadership Education and Development Forum in collaboration with iHT2
The Cyber Threat
Under attack
Our response
Lessons Learned
![Page 3: CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital](https://reader033.fdocuments.in/reader033/viewer/2022060118/558a0b46d8b42a50438b45ea/html5/thumbnails/3.jpg)
Who is Boston Children’s Hospital
A CHIME Leadership Education and Development Forum in collaboration with iHT2
• Regional medical center in Eastern Massachusetts with 13 satellite locations - 395 bed pediatric teaching hospital, affiliate of Harvard Medical School
• Approximately 25,000 inpatient admissions each year and 200+ specialized clinical programs schedule 557,000 visits annually
• One of the top rated pediatric institutions in the world (US News & World Report), World's largest research enterprise based at a pediatric hospital
• Over 8000 staff and ~14,000 users • Diverse user community
• Full-time employees and Foundation physicians • Residents, fellows, researchers and rotational staff
![Page 4: CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital](https://reader033.fdocuments.in/reader033/viewer/2022060118/558a0b46d8b42a50438b45ea/html5/thumbnails/4.jpg)
A Real Threat
A CHIME Leadership Education and Development Forum in collaboration with iHT2
• March 20, 2014 – notified by external cyber intelligence group about Twitter/ Pastebin posting by Anonymous, threatening attack - result of highly publicized child custody case
• “d0x” of staff and presiding judge posted • “Details” of BCH external web site posted
![Page 5: CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital](https://reader033.fdocuments.in/reader033/viewer/2022060118/558a0b46d8b42a50438b45ea/html5/thumbnails/5.jpg)
Who is Anonymous?
A CHIME Leadership Education and Development Forum in collaboration with iHT2
• Anonymous is a loosely associated international network of activist and hacktivists
• Resume includes attacks on Bank of America, Sony, Boston Police, CIA and Sarah Palin.
• Weapons of choice are Distributed Denial of Service, web site defacing, & exposing confidential information.
• Seeks publicity to rally their followers • Posted YouTube videos threatening
Boston Children’s Hospital
![Page 6: CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital](https://reader033.fdocuments.in/reader033/viewer/2022060118/558a0b46d8b42a50438b45ea/html5/thumbnails/6.jpg)
Was This the Real “Anonymous”?
A CHIME Leadership Education and Development Forum in collaboration with iHT2
• Convened Hospital’s general Incident Response Team • Inventoried potentially impacted applications • Began forming contingency plans - focused on potential
of loosing or cutting ourselves off from Internet • Message to entire organization emphasizing vigilance,
email security best practices • Contacted law enforcement • Redoubled our security efforts and prepared for possible
hacking attempts
Not hard to get details they posted Not hard to post a video on YouTube
Should we take this seriously or is it a hoax?
![Page 7: CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital](https://reader033.fdocuments.in/reader033/viewer/2022060118/558a0b46d8b42a50438b45ea/html5/thumbnails/7.jpg)
The Cyber Attack
A CHIME Leadership Education and Development Forum in collaboration with iHT2
• About 3 weeks later... low volume DDoS attack starts • Mitigated by network changes • Cat and mouse – we address attack, they change
tactic/increase volume • 1 week later, Easter/Patriot’ Day weekend (Boston
Marathon bombing 1 year anniversary) • Massive uptick in DDoS volume • Engaged 3rd party vendor’s Emergency Services and
within 8 hours began blocking DDOS attack
![Page 8: CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital](https://reader033.fdocuments.in/reader033/viewer/2022060118/558a0b46d8b42a50438b45ea/html5/thumbnails/8.jpg)
Internet Traffic During DDoS Attack
A CHIME Leadership Education and Development Forum in collaboration with iHT2
![Page 9: CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital](https://reader033.fdocuments.in/reader033/viewer/2022060118/558a0b46d8b42a50438b45ea/html5/thumbnails/9.jpg)
The Cyber Attack Evolves
A CHIME Leadership Education and Development Forum in collaboration with iHT2
• Direct attacks on exposed ports, web sites • Proactively took down virtually all externally facing
sites: research, philanthropy, patient and provider portals, etc…
• Massive influx of malware laden emails • Proactively shut down entire email system for ~24 hrs • Re-emphasized to staff to not open suspicious
mails/attachments • Ensured no malware made it through filters
![Page 10: CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital](https://reader033.fdocuments.in/reader033/viewer/2022060118/558a0b46d8b42a50438b45ea/html5/thumbnails/10.jpg)
What did we experience?
A CHIME Leadership Education and Development Forum in collaboration with iHT2
• DDOS attack created short periods of web site outage. • Attack reached 27 Gbps aimed at a 10Gbps connection. Congestion
affected Harvard’s ISP. • Additional attacks took down web sites of NStar, Wayside Youth, the
Mass. Medical Society, and the Town of Framingham. • Several attempts to deface BCH website. • Massive influx of malware laden emails
• Proactively shut down entire email system for ~24 hrs. to ensure no malware made it through filters
• Re-emphasized to staff to not open suspicious mails/attachments
• Attempts to compromise systems to potentially expose patient and confidential data, through brute-force attacks, SQL injections, buffer overflows, and the recent HeartBleed vulnerability.
![Page 11: CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital](https://reader033.fdocuments.in/reader033/viewer/2022060118/558a0b46d8b42a50438b45ea/html5/thumbnails/11.jpg)
Cyber Attack Response
A CHIME Leadership Education and Development Forum in collaboration with iHT2
• Initial attack mitigated by network architecture and changes
• Proactively shut down critical systems to reduce attack surface
• Projected likely attack escalations and formulated real time response plan
• Engaged outside security experts and law enforcement
• DDOS attack flitering
• Breach investigation services and penetration testing of our DMZ systems
• Web application firewall protection of DMZ ePHI systems
• Contingency plans developed to respond to extended Internet outage • Internal systems (EMR, ERP, etc) remain available while external services (ePrescribe, some
Pharmacy apps, etc) not available. • External communication disruption – email, payers, portals, supply orders, … • Impact across most functions – Finance, Supply Chain, HR, Clinical, Research.
• Staffed, and continue to staff, Intrusion Detection tools 24 by 7 to identify and block attacks
![Page 12: CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital](https://reader033.fdocuments.in/reader033/viewer/2022060118/558a0b46d8b42a50438b45ea/html5/thumbnails/12.jpg)
A CHIME Leadership Education and Development Forum in collaboration with iHT2
Cease Fire
• About 1 week after high volume DDoS started, it abruptly declined, to a low trickle
• Only gradually brought externally facing sites back online, after extensive 3rd party scanning and (re)penetration testing
![Page 13: CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital](https://reader033.fdocuments.in/reader033/viewer/2022060118/558a0b46d8b42a50438b45ea/html5/thumbnails/13.jpg)
What Did We Learn
A CHIME Leadership Education and Development Forum in collaboration with iHT2
• DDoS is a real threat and countermeasures are critical! • Know what systems (or features within systems) depend on Internet
access, and have contingency plans for those • Recognize importance of email, and need for alternate forms of
communication • Challenging to defend an extended cyber attack with “peace time”
staffing levels • Difficult to separating signal from noise - need a baseline to help
detect escalation of cyber activities
![Page 14: CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Paul Scheib, CISO and Senior Director IS Operations, Boston Children’s Hospital](https://reader033.fdocuments.in/reader033/viewer/2022060118/558a0b46d8b42a50438b45ea/html5/thumbnails/14.jpg)
Q & A
Paul Scheib [email protected]
A CHIME Leadership Education and Development Forum in collaboration with iHT2
Insert Twitter handle(s) here