Information Security Incident Response

1
Information Security Incident Response
Reportingat the UF Health Science CenterAvi
Baumsteinavi_at_ufl.edu
2
UF and UFHSC IR

• Requirements are not materially different
• Both are needed
• HSC is a HIPAA Covered Entity
• Incidents span Shands and HSC
• Too big for one size meets all

3
Compelling Reasons

• Federal Regulations (HIPAA Privacy and Security)
• Necessity to protect our academic research,
  patient care environment
• Change enabler

4
Information Classification
UF Information Classification
HSC Information Classification

• Restricted
• Critical
• Operational
• Unrestricted

• Critical
• Sensitive
• Unrestricted

5
Incident Severity
UF Incident Severity
HSC Incident Severity

• Level 3 Severe
• Level 2 - Elevated
• Level 1 - Guarded

• Class 3 Highest Severity
• Class 2 Medium Severity
• Class 1 Lowest Severity

6
Role Alignment
HSC Information Security Organization
UF View of HSC Information Security Organization

• CIO
• CIS (info security office)
• Unit ISA
• Unit ISM

• Level 2 ISA
• Level 2 ISM
• Level 3 ISA
• Level 3 ISM

7
Point of Contact

• All incident reports, questions
• 273-SIRT (273-7478)
• hscirt_at_health.ufl.edu

8
Relevant Policy and Procedures

• UF IT Security Standards on Incident Response
• UF Incident Reporting Operational Guidelines for
  Privacy of Health Information
• UF HSC Policy Standard IR0001 Incident Response
• HSCIRT Handbook

9
HSC Incident Response Team

• Dynamic, may vary by incident
• Members by role
• HSC Chief, Information Security (Colleen Ebel)
• HSC Security Analysts
• Avi Baumstein
• Al Tuting
• HSC Asst. VPHA for Information Systems, CIO (Jan
  van der Aa)
• ISAs and ISMs of impacted units
• Any HSC workforce member with relevant experience

10
Point of Contact

• 273-SIRT (273-7478)
• hscirt_at_health.ufl.edu

HSC IR Resources

• http//security.health.ufl.edu/
• HSCIRT Handbook (TBD)
• UFHSC IR Workshop (see slides on website)