Cyber Threats
A type of social engineering attack where an attacker sends fraudulent messages designed to trick a person into revealing sensitive information.
What is phishing
A key requirement of the HIPAA Security Rule, ensuring the confidentiality, integrity, and availability of electronic protected health information (ePHI).
What is the HIPAA Security Rule?
Limiting access rights for users to the bare minimum permissions they need to perform their work.
What is the principle of least privilege?
This document outlines the steps to be taken during and after a security incident to manage and mitigate damage.
What is an Incident Response Plan (IRP)?
I am arguably the most important concept in the field of Cybersecurity.
What is CIA Triad?
Malware that encrypts data and demands a ransom for decryption, disrupting critical patient care operations.
What is ransomware?
Health Information Technology for Economic and Clinical Health Act; it expands HIPAA requirements and increases penalties for non-compliance.
What is HITECH?
A security method where users provide two different authentication factors to verify their identity.
What is two-factor authentication (2FA)?
This type of detection system alerts security teams to potential threats based on predefined rules or patterns.
What is a Signature-Based Detection System?
Obscuring specific data within a database to protect it from unauthorized access while maintaining its usability.
What is data masking?
A technique or cyber-attack a malicious actor deploys to leverage an unknown vulnerability to gain access into a system.
What is Zero-Day Exploit?
Publicly traded healthcare companies may be required to file this form with the SEC within four business days of a significant breach.
What is SEC Form 8-K?
This best practice involves applying patches and updates to prevent the recurrence of a similar incident.
What is patch management?
After a healthcare breach, organizations must submit a report to the U.S Department of Health and Human Services (HHS) within how many days?
What is 60 days?
This knowledge base is used as a foundation for the development of specific threat models and methodologies.
What is the Adversarial Tactics, Techniques, and Common Knowledge or MITRE ATT&CK?
A threat originating from within the organization, such as an employee intentionally or unintentionally compromising sensitive data.
What is an insider threat?
A set of standards governing the use of electronic health records (EHR) to improve patient care.
What is Meaningful Use?
A device or software application that monitors a network or systems for malicious activity or policy violations.
What is Intrusion Detection System (IDS)?
This type of containment involves creating a _____ environment where malicious software can be safely analyzed?
What is sandboxing?
A software testing technique that uses automated tools to inject invalid or unexpected inputs into a system to find vulnerabilities and bugs.
What is Fuzzing?
A prolonged and targeted cyber-attack in which an intruder gains access to a network and remains undetected for an extended period.
What is Advanced Persistent Threat (APT)?
Healthcare providers, health plans, and healthcare clearinghouses that transmit health information electronically.
What is a covered entity?
A subnetwork or perimeter network that adds an extra layer of security to an organization's internal local area network (LAN) from untrsted traffic.
What is a DMZ?
This type of detection involves examining the changes made to files, often used to detect unauthorized modifications.
What is File Integrity Monitoring (FIM)?
Please Do Not Throw Sausage Pizza Away
What is the OSI Model?