As Christiana Care’s Chief Information Security Officer, you might expect my job is intensely focused on the wide array of technology that’s used throughout the health care system. MRIs, CT scanners, electronic health records and the complex systems that store and analyze data—these are all real and critically important systems that my team works to protect around the clock.
But it might surprise you to learn that one of our primary areas of focus isn’t technology-related at all. Hackers aren’t just going after systems—they’re going after people.
In the health care industry—and in every other industry--phishing scams and social engineering attacks, in which criminals try to trick you to divulge sensitive information, are among the most significant cybersecurity threats today. It’s critical to ensure that employees understand information security risks and be aware that they themselves are a target.
At work and at home, it’s important that everyone understands how to detect a phishing attack and what to do if you suspect one.
Recently at Christiana Care, we held a seminar series on child online security. While the content may not seem directly relevant to health system cybersecurity, the intent of our education was to boost our employees’ overall cybersecurity savviness. We know that our employees will take that knowledge and implement better information security in their own homes, and that in turn will help them to be more aware of security best practices at work. The principles are the same, and they work best when they’re part of your lifestyle.
To that end, here are a few simple steps that you and your employees can take to help protect against cybersecurity attacks:
- Be wary of phishing emails. These fraudulent emails purport to be from reputable companies or sources and ask you to reveal personal information, such as passwords and credit card numbers. If you have concerns about an email you receive, go directly to the website of the organization that appears to have sent the email, rather than clicking on the website embedded within the email.
- Be cautious of phone scams and unknown callers. For example, a Microsoft technician would not call you to tell you that your computer is infected. Neither will an auditor with the U.S. Internal Revenue Service call you to collect money. Instead, they would send you a formal letter.
- Use two-factor authentication when logging into Internet-connected devices.
- Here are some additional helpful resources:
- For information about identity theft, visit www.privacyrights.org.
- For more information on good password hygiene, visit www.passwordmeter.com.
- For more information on your employees’ identity risk, visit https://staysafeonline.org/ncsam/resources/online-identity-risk-calculator.