Select Page

Cybersecurity Awareness Month: Help Secure Our World

The personal, sensitive nature of patient health records and other hospital data makes it highly lucrative for cybercriminals. That’s why the health care industry has the highest average cost per data breach at $10.93 million. Recent cyberattacks on Ascension, a major U.S. healthcare system, and Change Healthcare, a claims clearinghouse, underscore the real threat and potential impact of cyber terrorism.

October is Cybersecurity Awareness Month. At Houston Methodist, our IT systems block over 1.1 million suspicious emails a day, with approximately 700,000 of those containing malicious content. While these measures are in place, you also play a critical role in our cybersecurity strategy. Each month we test you with phishing drills to make sure you’re prepared. It also serves as a reminder that the actions you take each day can help protect us from a costly, catastrophic cyberattack.

“You’re our primary defense to keeping our patient and business data secure, so stay vigilant,” said John Mowery, vice president and chief information security officer. “The more you report suspicious cyber activity, the better prepared we are to identify and mitigate real threats and prevent a widespread impact to our organization.”

Catch a Phish Tournament

This year’s Cybersecurity Awareness Month theme is Secure Our World. To recognize this, throughout the month of October, we’ll host a Catch of the Week phishing tournament. Every employee who catches/reports the simulated phishing attempt will be placed into a weekly drawing to win an HM-branded backpack and will be recognized in the IT Matters newsletter.

Let’s take a look at the results of our August phishing drill. This was aimed at getting you to enter your credentials into a fake login page.

The Results:

  • 2% of employees clicked the button in the email, taking them to this login page.
  • 1% of employees attempted to input their credentials into the fake login page, which would have compromised our HM data.
  • 10% of employees reported the phish correctly.

Your Role in Defending Against Cybercriminals

Most cybersecurity experts say it’s not a matter of if, but when, we’ll be attacked. So, the question is, what are you doing to keep our data safe?

“It’s paramount that each of us accepts personal responsibility for being aware and staying vigilant despite how busy we get in our day-to-day lives,” said Ken Letkeman, chief information officer. “We’re committed to enhancing cybersecurity awareness, so employees can protect themselves at work and home.”

Tips to Keep HM and You Safe

  • Never click on a text, email or search result link from someone you don’t know or can’t confirm.
  • Save and use favorites and bookmarks to valid sites, instead of following provided links.
  • Call customer service and service desk representatives back, using verified phone numbers to ensure you’re speaking with legitimate representatives. Note: HM IT representatives will never contact you for your password or ask you to visit any websites to click on links or download information. If someone calls you requesting personal information, send an email to it-securityservicesteam@houstonmethodist.org.
  • Stop ignoring and start reporting. If you receive a suspicious email or text, don’t ignore or delete it. Report it! When you report phishing it signals our system to remove the phish from the mailboxes of other HM team members. This is just one example of how HM actively assesses, analyzes, and quickly respond to cyber threats.
  • Click the PhishAlarm button located in the Outlook toolbar (on smaller screens, select the set of three dots in the upper-right corner to view the option). Or click the Report Suspicious button located in the External Sender header (automatically visible in any email coming from outside HM).

Cybersecurity is Everyone’s Responsibility

Remember, protecting our data starts with each of us. By staying vigilant, reporting suspicious activity, and practicing safe online habits, we can defend against cyber threats and safeguard both our organization and personal information. Plus, when you report a phish in October, you may even win a backpack! Together, let’s continue to “Secure Our World” and make cybersecurity a priority every day.