Do your job responsibilities include overseeing or maintaining an environment that provides a secure platform for patient data and business resources? If so, you’re probably alarmed by the daily headlines outlining phishing attacks that target healthcare industry employees. Pause to consider:
Are your workforce members aware of current phishing trends and their responsibility to remain vigilant about keeping accessed data secure?
There have been several data breaches in the weeks preceding this post alone. In Indiana, potentially 3200 patient records were exposed due to email credentials being disclosed. In New Mexico, 13,905 patient records were compromised due to unauthorized access to an employee’s email. In Florida, 73 email accounts were compromised when the employees disclosed their credentials to attackers aiming to redirect payroll payments. Workforce members need to be aware of the persistence of attackers and that they can play a large part in identifying and blocking actual threats.
Does your organization monitor and share information on current trends, threats, and protective measures that impact cybersecurity in the healthcare industry?
Information-sharing organizations, online industry journals, and MSS providers, such as Fortified, frequently monitor and publish for security events that are actually occurring. Monitoring frequently updated social media sources and interacting on information sharing sites can help gain the most value from near real-time updates.
How strong is your Security Awareness and Training program?
Security programs should include both awareness and training activities. NIST SP 800-50 notes that training seeks to teach skills and to perform specific functions, while awareness seeks to focus an individual’s attention on an issue or set of issues. Training and awareness needs should be defined and implemented. Once training and awareness are launched, the following processes will help ensure that your program remains current, relevant, and successful: monitoring for compliance, performing evaluations and seeking feedback, conducting ongoing improvements and updates, and monitoring program success indicators.
Fortified Health Security is committed to strengthening the security posture of healthcare organizations. In the spirit of Cybersecurity Awareness month, we will be posting daily information for you to consider when maintaining your organization’s cybersecurity program.