Follow and join the conversation all year round with #CyberAware.
National Cyber Security Awareness Month (@staysafeonline) – observed every October – was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. Each week focused on a different theme addressing specific challenges and identifying opportunities for behavioral change.
To conclude the month’s awareness we reached out to our friends and industry leaders for their thoughts and advice about cybersecurity. Remember that was awareness month but it should always be a priority in your health IT strategies and environments.
Anthony Murray, CISSP, VP of IT, MRO
[icon name=”icon-quote-left” size=”medium” color=”” float=”left” link=”” new_tab=”no”]Although passwords may not be the most exciting aspect of healthcare cybersecurity, they are by far one of the most important. Passwords are the keys to patients’ sensitive information before, during and after healthcare encounters. Password management is serious business.
Healthcare providers should continually remind staff not to share passwords with others or post in public areas such as under keyboards or taped to monitors. Here are five guidelines to encourage more secure passwords in healthcare.
- Make sure staff is not using one of the top 25 most commonly stolen passwords of 2017, as determined by IT security firm SplashData.
- Don’t rely only on numbers or simple keyboard patterns.
- Avoid easy-to-find information such as birthdays, favorite sports teams, and addresses.
- Choose a personal interest (e.g. types of plants, horses, cars, etc.) and routinely select a new one within the group for your password.
- Consider passphrases vs passwords. The popular web comic XKCD compared the strength of a complex password—”Tr0ub4dor&3”—and a long passphrase—“correct horse battery staple”. They found that it took only 3 days to guess the password created in with special character substitutions, while the passphrase would take 550 years to crack.
Lee Barrett, Executive Director, Electronic Healthcare Network Accreditation Commission (EHNAC)
[icon name=”icon-quote-left” size=”medium” color=”” float=”left” link=”” new_tab=”no”] It’s critical for organizations to keep cybersecurity top of mind all year long, which means continuously maintaining a solid inventory of everything that’s connected to their network including hardware and OS systems as well as applications and all versioning. Additionally, organizations should be aware today that they need to be proactive when it comes to their preparedness planning including having their processes and all roles/responsibilities clearly defined and tested and re-tested to remediate any gaps. The benefits to an organization mean that when a cyberattack occurs that they can immediately execute their plan and react quickly and effectively, reduce loss of revenue, reduce negative PR, communicate appropriately and timely to effected parties and manage internal fallout an senior level politics.
David Finn, EVP of Strategic Innovation from CynergisTek
[icon name=”icon-quote-left” size=”medium” color=”” float=”left” link=”” new_tab=”no”]This is the 15th year of National Cyber Security Awareness month. There is no better reminder that each of us, personally and professionally, needs to be ever cyber aware. Increased awareness, at work and at home, enhances protection of both our patient’s information and our family’s.”
David Harlow, JD MPH, Principal, The Harlow Group LLC
[icon name=”icon-quote-left” size=”medium” color=”” float=”left” link=”” new_tab=”no”]You shouldn’t wait until you experience a breach to start thinking about cybersecurity. If or when you do, however, I recommend that you take the opportunity to do a serious root cause analysis and to communicate with everyone in your organization – from the c-suite to front-line staff – openly and productively about the results of that analysis and plans for implementing administrative, physical and technical fixes to the layers of security protection in your data infrastructure and operations. We often hear about organizations that try to sweep security incidents under the rug (the most recent example that comes to mind rhymes with Google), and the reputational costs are often greater than those that might be associated with “coming clean” in the first place. Remember: cybersecurity is a process, not a one-time deliverable, and unless and until this is accepted at all levels of every affected organization, and is funded and otherwise supported appropriately, preventable breaches will continue to occur.”
Art Gross, President and CEO, HIPAA Secure Now!
[icon name=”icon-quote-left” size=”medium” color=”” float=”left” link=”” new_tab=”no”]I love all the messaging around October National Cyber Security Awareness month. The reality is that hackers and cybercriminals truly have the upper hand and are spending a lot of money to stay ahead of the game. Make no mistake, this is organized crime at its best. The more awareness that we can bring to healthcare organizations and SMBs the better. We need to fundamentally change the mindset: this won’t happen to my organization.”
Robert Lord, Co-founder and President of Protenus
[icon name=”icon-quote-left” size=”medium” color=”” float=”left” link=”” new_tab=”no”]For National Cybersecurity Awareness month, it’s always important to remember that the damage inflicted by health data breaches remains catastrophic, and patients, health systems, and regulatory bodies all have a role to play in ensuring healthcare cybersecurity threats don’t impact patient safety and privacy. With 477 breaches in 2017, and already 369 breaches in 2018, we need to ensure that every health system has ways to ensure that 100% of accesses to patient data are monitored, and that threats to patient privacy and security are accurately and proactively detected.”
For more from Robert Lord listen in on this episode of Healthcare de Jure where host Matt Fisher chats with Lord and Nick Culbertson, Co-Founders of Protenus. Tune in to hear them discuss the current state of security in healthcare and how emerging technology will evolve security standards.