Phishing and security awareness best practices for healthcare [Updated 2019]

As healthcare organizations continue their push to modernization of their record keeping, more and more patient data is able to be used in a variety of important ways. However, this rich trove of information is being targeted by hackers and thieves as never before. Therefore, it’s important to train all staff about security and the very real dangers of phishing, malware, and ransomware attacks. Here is a guide to some steps every facility should take as soon as possible.

Education and Awareness

All employees must constantly be reminded of the importance of staying vigilant. This can and should be in the form of signage, memos, emails, videos, and staff meetings. A good resource for signage is from the STOP.THINK.CONNECT. Campaign created by the National Cyber Security Alliance (NCSA) and the Anti-Phishing Workgroup (APWG). Especially important for healthcare facilities is the very real threat of ransomware – computers being held hostage for money. One of the offerings is a Ransomware Tipsheet that can be printed and given to all staff.

It’s also an excellent idea to have all personnel be professionally trained as to what these threats are and how to spot them. InfoSec Institute has an educational program called AwareED, which is a series of modules that include videos and tests about phishing, malware, and other essential security topics. They can be configured in any manner and delivered to learners automatically. Administrators can see who has enrolled, passed, or failed on the dashboard.

Delete Data

The more information you hold, the more vulnerable your organization. Regularly audit what is being kept and why. Delete any data that is unnecessary, redundant, or expired.

Written Protocols

Security methods and practices that are implemented should be written out and understood by everyone. Employees should be required to read and sign off (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Stephen Moramarco. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/j2MalzOIJd4/