Cyber Best Practices for Healthcare Organisations

Healthcare organisations are often seen as a high value target for cyber criminals as they work with highly confidential information. This might seem frightening, but by following cyber security best practices, you can protect your employer.

Why is cyber security so important for healthcare businesses?

As an employee at a healthcare organisation, you likely have numerous duties related to maintaining the confidentiality of sensitive data. This includes handling medical history, personally identifiable information and financial information. This highly confidential data is valuable to cyber criminals.

View Options Again

Healthcare organisations do not need to have good cyber security, they only require excellent physical security on site. Healthcare organisations store highly confidential customer data. A breach could have widespread impacts on patient confidentiality. It's not important. Laws protect healthcare organisations from hackers and strict penalties apply if a hacker is caught. This reduces the importance of cyber security.

The importance of data security

Data security is the practice of protecting information from unauthorised access, corruption, or theft throughout its entire lifecycle. When handling sensitive information, data security is of particular importance.

To understand the importance of data, we first need to classify it. This process involves tagging data according to its type, sensitivity, and impact to the organisation if altered, stolen, or destroyed. It helps an organisation understand the value of its data, determine whether the data is at risk, and implement controls to mitigate risks.

Controls dictating how to handle data are essential to ensuring its security. For example, confidential information should have strong controls in place, that could include multi-factor authentication to access the data, restricting view permissions based on a need-to-know basis and only allowing access if certain devices are in-use.

When data is no longer needed, its important to destroy it in a secure manner to prevent it from falling into the wrong hands. Depending on the data sensitivity this may include shredding paper documents, wiping electronic media, or using other secure destruction methods.

What is NOT a way to secure a healthcare institution against cyber attacks?

A unique password is essential for all your accounts. Whilst password sharing may be appealing because it's quick and easy, this greatly increases the likelihood that the account is accessed by an unauthorised user. All other listed options are valid ways to secure healthcare institutions against cyber attacks.

View Options Again

Use password sharing with your colleagues especially if you share a device to speed up day-to-day activities Ensure all your devices are up-to-date and have the latest security patches applied Implement data security protocols to ensure your digital information is protected throughout its lifecycle When viewing your emails or browsing the internet you should always use caution

Staying cyber safe

Staying safe on the internet requires us to maintain good cyber hygiene practices

Ensure you use strong and unique passwords for all your applications. In the event one application is compromised, all your other accounts on will remain secure. A practical method of implementing this is to use a password manager or a single-sign-on solution. Strong passwords should contain a mixture of numbers, letters and special characters.

When you're online, be aware of your digital surroundings. If a website seems suspicious or if something feels wrong, trust your gut and leave the site. When using email, always be on the lookout for phishing attempts and never click on links in unsolicited emails.

You should always ensure your devices are up-to-date and have the latest security patches applied. Cyber criminals are constantly finding new vulnerabilities in software and keeping your software up-to-date helps to prevent abuse of these vulnerabilities. This will help ensure your devices are safe and protected from new threats.

What is an example of a strong password?

Strong passwords are long passwords and ones that a human or computer would not easily guess. It is best to use special characters, upper and lower case plus numbers and letters. Avoid using obvious passwords like sequential numbers or lazy passwords such as "password" or "qwerty". These are common passwords which are easily cracked or guessed.

View Options Again

qwerty password123 TheFr0gJump3dHigh)1 1234567890

What is an example of using caution online?

The correct asnwer is to be wary of suspicious emails, this is a text-book example of using caution online. You should always be on the lookout for potential phishing scams designed to masquerade as a company or someone you know. They could have the intent to steal your personal information or infect your device with malware.

View Options Again

Only opening emails if they claim to come from known companies Only browsing websites you haven't been to before Sharing your credit card information via email Being wary of suspicious emails, especially those that contain links or attachments

From a security standpoint, why should you always keep your devices up to date?

Whilst keeping your devices and software up-to-date will give you the added bonus of new features, from a security standpoint, the key reason to update is to ensure you have the latest security patches applied. By staying up-to-date, known vulnerabilities will be fixed and your devices will be safer to use.

View Options Again

New features could be useful for your organisation and improve productivity It will help to ensure your devices don't have known vulnerabilities an attacker can exploit To avoid compatibility issues with my colleagues Keeping your devices up to date is only for those people who like to keep up-to-date with the latest tech trends

Learn how to spot the phish

Begin the Guided Tour Look out for urgency in email subjects, fraudulent sender addresses or requests to perform an action.

Compose

Folders

[URGENT] Claim Your Work From Home Set-Up Payment

Human Resources ( human-resources@webnotifications.net )

to john.doe@mybusiness.com

Dear John,

Claim Your Work From Home Set-Up Payment

Our company acknowledges that we are all working from home for a longer period and is offering a one-time payment to all employees of $1500.00 USD to ensure that you have a suitable home working set-up.

To receive the payment via payroll, you will need to complete this acknowledgement form .

For more information on how to set up your home office space safely, please look at the:
https://www.workingfromhome.hr/arragements/concur/apps/track

Thank you,
The Human Resources Team

***This is an automatically generated email, please do not reply***

What are some indicators that an email is malicious?

Cyber criminals will often use spoofed sender addresses and urgency to try and bypass critical thinking and make an email seem trustworthy. They will then also commonly request personal information or request you to perform an adverse action.

View Options Again

Requesting personal information. Urgency in email subject. All options are correct. Fraudulent or spoofed sender address.

Goals of cyber security

The goal of cyber security is all about enabling businesses to adopt digital technologies in a safe and secure way. Depending on your priorities, the following principles may apply.

Confidentiality refers to protecting the secrecy of information and systems. It is common for data to be categorised according to the amount and type of damage that could be done if it fell into the wrong hands. More or less stringent measures can then be implemented according to those categories.

Integrity refers to the measures taken to protect information from unauthorised alteration. These measures provide assurance in the accuracy and completeness of data. The need to protect information includes both data that is stored on systems and data that is transmitted between systems such as email.

Availability refers to ensuring that authorised users have access to information and systems when they need them. This means protecting against attacks that can disrupt access or cause them to become unavailable. This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information.

Why is Multi-Factor Authentication important?

MFA is an authentication method that requires more than one verification factor to validate a users identity by using something they have, know or are.

This type of authentication factor requires the user to provide something that only they know, such as a password or a PIN. This is the most common type of authentication factor and is often used as the first layer of protection.

This type of authentication factor requires the user to have possession of something, such as a security token or a smartphone. This type of authentication factor can be used to provide an additional layer of security and can be especially useful for protecting against unauthorised access when the user is not physically present.

This type of authentication factor is based on the user's physical characteristics, such as their fingerprint, face, or voice. This type of authentication factor can be used to provide an additional layer of security and can be especially useful for protecting against unauthorised access when the user is not physically present.

What is an example of Multi-Factor Authentication?

One-time passwords can be generated and sent to the user's cellular device via SMS. The correct user must be in possession of the device that receives/ generates the one-time password to access the system.

View Options Again

Changing your passwords on a regular basis Letting only one other person know your password Using multiple virus detection methods Entering a password and receiving an SMS to verify your identity