We just wrapped up the month of October supporting National Cybersecurity Awareness Month and the emphasis focused on the mantras of Own IT, Secure IT, Protect IT as it relates to your personal and patient data. As a leader in Patient Privacy, we were proud to participate in National Cybersecurity Awareness month, and share many educational resources throughout the month. Each week during the month we focused on a different topic to give you tips for what hospital leaders (and in some cases, you personally) can do to improve cybersecurity protection.
I am going to recap the activities from Cybersecurity Awareness Month here. Each "Week" heading below will link to the original blog post, and under each topic will be a link to the 10-minute informative webinar recording that we presented for each topic.
Week 1: Remote Access Security
We kicked off the week talking about what can be done to protect the data you own while maintaining the remote access for you, your vendors and your employees.
Some key takeaways to protect remote access to your hospital network include:
- Make sure the devices accessing your network are strong and healthy with an encrypted hard drive; automatic OS updates enabled, and those updates applied; virus/malware protection software installed; and enable the device firewall.
- Provide a single VPN entry point for remote access
- Use two-factor authentication - above all, this is a must!
- Make sure the remote device maintains scheduled backups
- Use a MDM (mobile device management) tool that allows you to wipe clean the remote device if ever lost or stolen
- Enforce policies for brief inactivity periods on laptops that lock the device
- Finally, enforce the use of strong passwords with your employees
Watch the Remote Access Security recording below. The webinar talks a little more in depth about steps that you can take to secure remote access to your network.
One way to help stop third-party breaches is with multi-factor authentication (MFA). A hacker may be able to capture a user name or password for a third-party system, but they will not be able to complete the final step of authentication provided through MFA.
Watch "The Importance of Multi-Factor Authentication" below to learn how having MFA can be helpful in meeting your cybersecurity goals.
Week 3: The Cost of a HIPAA Violation
We went into detail about what constitutes a breach and what you can do to make sure that you are complying with the HIPAA requirements.
The blog post covered that failure to comply with HIPAA requirements can not only result in disciplinary action for the offending individual, but also civil and criminal penalties. These penalties can apply to both individuals and to the covered entities with which they are associated.
Watch the "Cost of Violating HIPAA" webinar recording below see how prepared you are in meeting HIPAA requirements.
Phishing attacks are one of the most common ways that hackers get access to your network. There are three types of Phishing:
- Identity theft - your personal identity is stolen and misused for fraudulent purposes
- Imposter scams - this can involve email phishing and spear phishing (a more targeted attack using specific personal information about you)
- Impersonation - someone claiming to be someone else to get private information
Watch "What You Need to Know about Phishing Attacks" below and learn how to protect your organization from scammers!
Week 5: The Layers of Patient Privacy
We go into detail about the layered model of patient privacy that is outlined in HIPAA. This includes the following layers:
Layer 1: Privacy Rule - by defining what information must be protected, and ways that it can be protected, it serves to give us focus for subsequent layers
Layer 2: Security Rule - focuses on how we can keep patient information safe
Layer 3: Breach Notification Requirements - establishes the rules for identifying breaches, evaluating breaches for exceptions, and reporting breaches to the appropriate entities when they occur
Watch "The Layers of Patient Privacy" recording below to understand and implement these layers of defense in your organization so your patients will be better protected.
We hope that you found the information from our Cybersecurity Awareness month informative and helpful in your cybersecurity journey. Click here to access all of the on-demand cybersecurity 10-minute webinars in one place.