If you saw the movie Catch Me If You Can then you know some of Frank Abagnale’s story. Maybe you even read his book Catch Me If You Can: The True Story of a Real Fake.
Tom Hanks said “Abagnale’s lecture may be the best one-man show you will ever see.” HANKS WAS NOT KIDDING!
The famous con man in his youth eventually became a white hat working for the FBI and others to combat fraud and ID theft for over 40 years. Now, he works as a consultant, writer, and speaker on the subject as he continues working with the United States Government.
The information he shared with us during his #HIMSS17 session blew us away. That means we really have to tell all of you guys about it!
In this episode:
- HMWH Compliance Officer’s Boot Camp
- First Amazon Broke the Internet
- What we learned about the healthcare cybersecurity task force
- What we learned from the CIO of HHS
- Frank Abagnale blew us away!
First Amazon Broke the Internet
- Amazon S3 East Coast shut down breaks the internet for all kinds of services.
- Turns out an engineer had a really bad day and shared it with all of us.
Cybersecurity task force
- 20 days until report comes out
cybersecurity isn’t just an IT concern
securing everything not just desktops - legacy systems
- information sharing while securing it and including only what is important
- this report should have a BUNCH of stuff we can use to communicate Cybersecurity concerns to doctors
HHS CIO
- astounding what congress doesn’t know about what is going on in the sectors
- threat gathering is a major project
- threat sharing is next
- public private partnership is only way to keep up
- defining information to share like small attack info signatures done automatically by machines
- threat sharing centers developing within HHS to build data collection of threats
- social engineering and phishing is the biggest problem to fix.
- threat modeling
- chest X-rays being stolen because you need a clean chest X-ray to get a visa to leave China
Frank Abagnale Stealing Your Life
- 994 billion vs 720 billion for entire DOD
- 100 billion Medicare fraud
- govt easiest to steal from
- most leaves our country and comes in with criminals
- 1988 his book predicted 2000 and beyond I’d theft is coming
- ID thefts every 2 seconds
- every breach because of people doing or not doing something
- laptop taken home by tax employee let hacker in who stole all tax returns for South Carolina
- take initial number always times 10
- breached not fixed and breached again you are letting them in
- we let them in
- USB sticks with confidential on it. 5 yrs never had a case where it wasn’t opened
- the ONLY defense for social engineering is education
- if I can become you what I can do is only limited by my imagination
- best ID to steal is a kid
- choose kid over a millionaire’s
- child ID is more valuable the younger they are
- not on social media at all but taught his family how to use it properly
- creeper phone app I can track everything
- pitt patt app is facial recognition tool to find you
- 98% I need is straight on pic. DOB and place of birth and I can be you
- give all our information out every day
- knowledge based Authentication becoming useless
- copier hard drive most valuable resources
- CBS News story on copiers
- shredders 50 minutes to put straight cut. App can do diamond cut. Need micro cut type to be securely
- credit monitoring that he can watch himself
- Lifelock will do kids social now
- checks are just too much info to share and too easy to use to steal my money. Only write checks to pay major bills never at retail
- safest way to pay is credit card because you don’t have liability and you get a good score
- Never ever use a debit card ever
- teach kids to use credit card properly at 18 put card in their name but you pay bill to build credit in college
- debit cards fraud at bank 174% and non-bank machines up 317% in 2015
- worst thing to use anywhere period
- don’t give out kids social unless absolutely positively required
- medical ID fraud tough issue because you can’t just refuse care
- ins companies must start providing specific rules in order to get cyber coverage