Data security @ home and work.
Houston Rockets’ data breached. JPMorgan Chase’s bank data compromised. Target’s credit card information stolen. Meat manufacturer, JBS, halts production for two days. Colonial Pipeline shuts off gas supply. Major insurance company CNA Financial’s, network locked for two weeks.
The culprit of each of these top newsmakers — cyberattacks. And health care is not immune to this — last year 34% of health care organizations worldwide were hit by ransomware. This is when cybercriminals hold data or access until a ransom is paid. Cyberattacks result in billions in revenue lost each year.
At Houston Methodist, keeping our patient data safe is a top priority. We all work hard to keep our patient and employee data safe, but how are you keeping your personal data safe at home? What would a cyberattack cost you and your family? You can implement some of the same safety measures we take at work, in your home too.
Keeping your personal data safe at home is easy.
There are many things you can do to keep your personal data safe at home. Here, we’ve highlighted some suggestions that are easy to do and don’t require a ton of tech savviness.
Many of the hacks that you hear about in the news are due to websites not having two-factor authentication. This is a very important step and a good place to start when looking at your home security plan. Set this up on all your personal accounts like Gmail or Hotmail, bank accounts, Amazon, Facebook, etc. For good step-by-step instructions on how to set this up, read this article from theverge.com.
Turn your Wi-Fi off when you’re not home.
Did you know that millions of personal records are exposed worldwide every year? This means credit card numbers, birthdates, Social Security numbers, emails and more. But the good news is your Wi-Fi can’t get hacked if it’s off. In fact, some people are opting to turn off their Wi-Fi at night too.
One way to do this is to simply unplug your Wi-Fi modem. Another option is to buy a timer that plugs into your router and you can set it to turn your Wi-Fi on and off at specific times. The timers are inexpensive and simple to use. You can find these for sale on websites, like Amazon.
Use strong passwords.
Verizon’s recent Data Breach Report showed that 81% of hacking-related breaches used stolen and/or weak passwords. This is probably the easiest fix and so critical to keeping your data safe.
Have trouble remembering complex passwords? Use Google Password Manager where they’re securely stored in your Google account. Pro tip: Set up your Google account with two-factor authentication.
Here some tips for creating a strong password:
- Never use personal information such as your name, birthday or email address. This type of information is often publicly available, which makes it easier for someone to guess your password.
- Use a long password. At HM, your password must be at least ten characters in length.
- Don’t use the same password for each account. If someone discovers your password for one account, all your other accounts are now accessible.
- Include a combination of numbers, symbols and both uppercase and lowercase letters.
Change default passwords on Wi-Fi routers.
Did you change your password on that router you bought? A quick online search can reveal the default password for nearly any brand of routers. The information that came with your router is meant to be temporary, so be sure to update it with a strong password.
Keep devices up to date.
In March 2021, Microsoft sent out a warning that a group of hackers targeting sensitive and confidential information had gained access to emails through a Microsoft system flaw.
Devices usually tell you when it’s time to update them, but it’s very important to keep a close eye on when your personal devices are ready for an update. Start with your computers and mobile devices. For step-by-step instructions, visit these sites:
A firewall is essentially a security device that monitors your online activity. It decides whether to allow or block certain websites based on a set of security rules. Firewalls aren’t new. They’ve been used for over 25 years, and Microsoft even has a free one you can install to protect your personal home computer.
For Microsoft users, turn on Microsoft Defender Firewall. Do this even if you already have another firewall on, because it helps protect you from unauthorized access. To turn on Microsoft Defender Firewall:
- Open Windows security settings by selecting the Start button > Settings > Update & Security > Windows Security and then Firewall & network protection.
- Select a network profile.
- Under Microsoft Defender Firewall, switch the setting to On.
- For more details, click here.
For Mac users, a firewall can protect your computer when you’re connected to the internet or a network. For steps to turn on firewall protection, click here.
Limit social media activity.
Unfortunately, there is a downside to sharing too much information on social media. In just 30 minutes, cybercriminals can review your social media accounts and piece together a fake profile of you to use to their advantage.
For example, they may craft an email tailored to your interests to get you to click on a link. Or send your friend an email asking them to click on something that pertains to your upcoming birthday celebration.
This tip requires zero tech savviness. Simply don’t post personal or work email addresses on any public forum or social media. Use different profile pictures on different platforms to make it more difficult for artificial intelligence to run a profile-picture match. This is done by cybercriminals to find other social media accounts and gain access to even more information on you.
We’re all keeping patient and employee data safe.
At HM, we reinforce IT security protocols through ongoing employee communications and phishing drills. We’re implementing some of the same preventive measures that you can do at home, and many more.
It takes all of us to keep patient and employee data safe, and you’re part of IT security’s line of defense. Thank you for staying vigilant and continuing to report suspicious emails. Deleting these emails doesn’t alert IT of suspicious activity that may be lurking behind-the-scenes. Reporting these emails is a critical step to keeping our data safe.
HM has made our electronic health record more secure, too. We’ve enabled 100% of Epic’s security features — a goal only achieved by HM and one other hospital system. We also have an ongoing, wide-scale adoption of two-factor authentication that is now part of MyChart. This added layer of security requires a verification code, sent via text, before you can login.
Other steps we’re taking to help prevent cybercriminals from attacking our network include:
- Two-factor authentication for all remote access, including VPN.
- VPN access only works on HM laptops.
- Remote and system access are removed for terminated employees and contractors.
- Vendor accounts automatically terminate after six months of inactivity.
The amount of cyberattacks in recent years or even in the last few months is shocking, but they’re often due to preventable mistakes. These tips should help avoid some of the typical pitfalls that result in cybercriminals finding their way in.
Applying these to our work and at your home can make a huge difference. Thank you for remaining vigilant and reporting suspicious emails. Let’s continue to keep our patient, employee and personal data safe.