Name
Lessons Learned: Reviewing Incident Response to the WannaCry and Petya Global Outbreaks
Date & Time
Friday, October 20, 2017, 8:45 AM - 9:35 AM
Speakers
Johannes (John) Boehme , Chief Information Security Officer, Wake Forest Baptist Health
Jessica Nye , Supervisory Special Agent, FBI
Colleen Ebel , Chief Information Security Officer, UNC Healthcare
Pamela Banchy RN, Chief Information Officer, Western Reserve Hospital
Gerard Nussbaum , Principal, Zarach Associates
Jessica Nye , Supervisory Special Agent, FBI
Colleen Ebel , Chief Information Security Officer, UNC Healthcare
Pamela Banchy RN, Chief Information Officer, Western Reserve Hospital
Gerard Nussbaum , Principal, Zarach Associates
Description
The May 2017 cybersecurity attack dubbed “WannaCry” grabbed storylines internationally and across the healthcare landscape as tens of thousands of hospitals, organizations, and agencies across 153 countries had their data held hostage.
The enhanced crypto-locking worm spread quickly, with a headliner target of the National Health Service (NHS) in Britain, which resulted in extended downtime, rescheduling of procedures, and in numerous cases preventing access to care for patients. The worm propagated and spread using a Microsoft platform vulnerability related to the Server Message Block protocol, which revealed many healthcare organizations’ weak points in the areas of security standards compliance, network structures, and disaster recovery protocols.
Whatsmore, an even more dangerous crypto-locking variant, Petya, spawned soon thereafter, devestating providers and vendors alike.
In this special panel discussion, Healthcare Informatics welcomes a panel of top security experts, as they recall and summarize the top lessons learned in security compliance and organizational frameworks behind the WannaCry and Petya attacks. Listen in as our panelists provide their perspectives, and delve into the nature of the attack—diagramming how this threat was uniquely dangerous for healthcare organizations, and why security compliance and protocols for disaster recovery allowed his organization and others to manage the situation quickly and effectively.
Panelists: