You Are Our Best Defense! Review These 5 Safety Reminders During Cybersecurity Awareness Month

October is Cybersecurity Awareness Month – a great time to brush up on ways to keep yourself and Methodist Health System safe and secure in this ever changing digital world.

Here are five key things the IT Security team wants you to keep in mind.

Security Incidents Impact Patient Care

Fact: The most common consequences of cyberattacks are:

• Delayed procedures and tests, resulting in poor patient outcomes for 57% of respondent health care providers
• Increased complications from medical procedures for nearly half of respondent health care providers

Sounds scary right?  But does that really happen?

A recent study by the Ponemon Institute investigated cyber security incidents and their impact on health care organizations. Eighty-nine percent of health care organizations surveyed have experienced an average of 43 attacks in the past 12 months — almost one attack per week.  All it takes is one person to let the attacker in.

You Are Our Best Defense. Don’t Fall for Cons

The most popular and damaging hacking attacks for any organization start by compromising user accounts through social engineering and phishing. You are our best defense!  Remember:

• Never provide your NMHS user name and password to anyone or any website that contacts you by email or text.
• Never give away your MFA one-time pass code.
• Report ANY suspicious emails using the “Report Phish” button in Outlook. It will protect you, your coworkers, the health system and your patients.
• It’s not just email attacks. Watch out for text messages, too. Attackers target as many phone numbers and email addresses as they can. All they need is one person to respond.

Pay Attention to Multifactor Authentication and Two-Factor Authentication Alerts

Multifactor authentication (MFA) is critical to protecting you and our systems from compromise. You and MFA are our last line of defense to keep the attackers out. Attackers try to flood Methodist users with MFA requests, hoping to confuse or scare you to approve them and stop the noise of the alerts. Yes, these attacks do happen. Many Methodist users are seeing them, and some attacks have been successful. Remember:

• Never approve an MFA request if you aren’t actively trying to make a connection.
• Never give your MFA number or one-time pass code to someone by phone, text or email.
• Don’t be curious. If you aren’t certain why or where the request or message is coming from, don’t approve it.
• Report any issues to the IT Operations Center so we can review the activity.

Keep the Doors Locked With Strong Passwords and Pass Phrases

If hackers can’t get you to give them your password, they may use sophisticated tools that can guess passwords based on dictionary words and common patterns. Strong passwords are critical to protecting our network and users from compromise.  Remember:

• Never write down passwords.
• Never share your password with anyone.
• Use complex passwords with at least three of these four characteristics: capitalized letters, lowercase letters, numbers and symbols.
• Try using a pass phrase instead to make it easier to remember. For example, “L0vewalk$ontheBeach!”

Stop the Attack From Ever Getting to You

Business email is for work. Personal email is for your personal affairs. Let’s keep it that way. 

Many people know that using a personal email account for business correspondence is a bad idea. That being said, users often register for social media accounts with a corporate email address or use their Methodist email for nonbusiness matters. This is a bad idea and only helps attackers. How?

It makes profiling easier. Linking those accounts and activities provides attackers with valuable information. For example, they can and will use your recent vacation photos and other information to increase the likelihood that you will trust or respond to the attack message. 

It sends more junk into your inbox. Many online services have been hacked, and the stolen information is used for spam and phishing campaigns. And more emails in your inbox adds to the noise, making it harder to spot the potentially dangerous ones!

We're in This Together

While cybersecurity risks are seemingly everywhere, following these commonsense guidelines can keep the health system and our patients safe.

If you have questions/concerns, please reach out to the Information Security Department at RESDLI.T.Security@nmhs.org.