Safeguarding Healthcare: Implementing Key Cybersecurity Practices from CISA’s Cybersecurity Awareness Month
October is Cybersecurity Awareness Month. Celebrating its 20th year, Cybersecurity Awareness Month is co-managed by the Cybersecurity and Infrastructure Security Agency (CISA) and NCA (National Cybersecurity Alliance). CloudWave is proud to partner with CISA and NCA to bring cybersecurity awareness to healthcare organizations.
This month’s goal is to bring awareness to individuals and share ways they can become safer online. Because cybersecurity impacts everyone, each employee’s action to become safer will equate to a safer cyber environment for hospitals.
The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted four critical themes during Cybersecurity Awareness Month that can significantly bolster the security posture of healthcare institutions. This blog post will share the themes outlined by CISA and explore how hospital employees can apply these principles to ensure they contribute to the hospital’s security. Every action will lessen the likelihood of falling victim to a cyber threat.
Additionally, throughout the month, CloudWave will share actions healthcare organizations can take to safeguard their patients and data from cyber threats against hospitals.
- Use Strong Passwords and a Password Manager
In the healthcare sector, where sensitive patient information is a prime target for cybercriminals, the importance of robust password practices cannot be overstated. Hospital staff, from administrators to healthcare practitioners, should be educated on the significance of using strong, unique passwords.
Implementation in Healthcare:
-
- Training Programs: Develop training sessions that guide staff on creating strong passwords or using password managers and educate them on the risks associated with weak passwords. Here’s some guidance:
1. Long: At least 16 characters
2. Unique: NEVER reuse passwords
3. Complex:
- Training Programs: Develop training sessions that guide staff on creating strong passwords or using password managers and educate them on the risks associated with weak passwords. Here’s some guidance:
-
-
- Upper- and lower-case letters
- Numbers
- Special Characters
- Spaces
-
-
- Password Managers: Encourage using password managers to facilitate the generation and secure storage of complex passwords, minimizing the risk of unauthorized access to critical systems.
1. Stores your passwords
2. Alerts you of duplicate passwords
3. Generates strong new passwords
4. Some automatically fill your login credentials into website to make sign-in easy
- Password Managers: Encourage using password managers to facilitate the generation and secure storage of complex passwords, minimizing the risk of unauthorized access to critical systems.
2. Enable Multifactor Authentication
Multifactor authentication (MFA) adds an extra layer of security by requiring users to verify their identity through multiple means. This is especially crucial in healthcare, where unauthorized access to patient records can have severe consequences.
Implementation in Healthcare:
-
- MFA Adoption: Make MFA mandatory for accessing electronic health records and other sensitive systems and consider it for any systems where a cybercriminal might target.
- Training and Awareness: Conduct workshops to ensure that all staff members understand the importance of MFA and know how to enable and use it effectively.
3. Recognize and Report Phishing
Phishing attacks are one of the top ways cyber criminals access your network. Recognizing and reporting phishing attempts promptly is essential to thwart these attacks.
Implementation in Healthcare:
-
- Training: Conduct ongoing training and reminders of what phishing looks like:
-
-
- A tone that’s urgent or makes you scared
- Bad spelling, bad grammar (although recently this is less common)
- Sender email address doesn’t match company it’s coming from
-
-
- Phishing Simulations: Conduct regular phishing simulations to train employees to recognize phishing attempts.
- Clear Reporting Channels: Establish clear reporting channels and encourage a culture where employees feel comfortable promptly reporting suspicious emails or activities.
4. Update Your Software
Keeping software up to date is a fundamental aspect of cybersecurity. In the healthcare industry, where many software applications are used, maintaining the latest versions is critical for patching vulnerabilities and ensuring the security of patient data.
Implementation in Healthcare:
-
- Patch Management Policies: Develop and enforce policies that mandate the timely updating of all software across your healthcare organization, regardless of role.
- Regular Audits: Conduct regular audits to ensure compliance with software update policies and promptly address potential vulnerabilities.
By focusing on these key areas of Cybersecurity Awareness Month, healthcare organizations can significantly enhance their cybersecurity defenses. Implementing strong password practices, adopting multifactor authentication, training staff to recognize and report phishing attempts, and maintaining up-to-date software are foundational steps in safeguarding patient data.
As healthcare continues to evolve in a digitally connected landscape, these proactive measures are crucial for maintaining patients’ trust and well-being while fortifying healthcare systems’ resilience against cyber threats.
To get more healthcare-specific ongoing cybersecurity education, join CloudWave’s Cybersecurity Insider Program. You’ll get access to live monthly education webinars, on-demand training, threat intelligence alerts, and more. Register here.
Stay tuned throughout the month for more resources and information to share with your teams to help you stay safe online.
Laura Pursley, marketing director, CloudWave