Select Page

CIO QUARTERLY REPORT — December 2022

  1. Archives
  2. December 2022

CIO Corner.

Health care organizations are a prime target for cybercriminals. Recently, a local hospital was targeted and had to shut down their operations for days. As complex as our systems and processes are, hackers are keeping pace by attempting to attack our infrastructure daily, searching for any entry point that would allow them to exploit patient data.

While we successfully block over one million cyberattacks every day — yes, you read that correctly, over one million — it only takes one breach for intruders to seize patient data and potentially paralyze operations. While our IT team has a huge responsibility to keep Houston Methodist safe, and we have many measures in place to protect us, you play a key role in keeping our data safe. By proactively taking a few simple measures, we can all better protect ourselves from a cyberattack.

If a password has only eight characters, hackers can guess your password in just 39 minutes. However, a password made up of 15 uppercase and lowercase letters, along with a number and a special character could take a hacker a billion years to crack, according to Hive Systems. This is why we implemented a change last month and any new HM passwords must contain a minimum of 15 characters and three of the following:

  • Uppercase letter (A through Z).
  • Lowercase letter (a through z).
  • Number (0 through 9).
  • Special character: (~!#$%^&*_-+=`|\(){}[]:;”‘<>,?/).

Try a passphrase.

A passphrase is a series of random words and is more difficult for hackers to crack and easier for you to remember. For example, a passphrase, like 1CatDayJarBook! is easier to remember and stronger than a password like 22&j2G15jaH5i*1. Remember, don’t use frequently-used words like Astros, Houston Methodist or any part of your name, or your new password will be rejected.

Don’t use the same password at work that you do at home.

It may seem obvious, but if you use the same password at work that you do at home, you could be giving cyberthieves license to our patient and corporate data. If your personal credentials are stolen, you don’t want to give attackers free reign over HM accounts as well. Using unique and different passphrases for each account helps to mitigate further damage.

Our work is never done. Report suspicious emails.

Through our continued phishing drills, we’ve made some progress, but our training is never complete. Read how we did during our Cybersecurity Awareness month campaign this past October.

Be on high alert from external senders.

Remember, if you don’t know the sender and the email is suspicious, do your part in keeping HM safe and alert IT security. All emails from external senders can be easily reported by clicking the Report Suspicious button in the header or clicking the Report Phish button on the Outlook toolbar. If you’re ever unsure, play it safe and report it. All it takes is one person to report it and if our internal systems confirm that it’s an attack, the email will automatically delete from everyone’s inbox. Your quick action could help all of HM.

Be wary of imposters.

If Dr. Boom or other executives suddenly start sending you attachments or links by text message, think twice. Cybercriminals are impersonating executives to get to data.

Thank you for your vigilance.

Protecting our precious data remains top priority for HM. You play a critical role in maintaining the safety of our patient and employee information, and it’s essential for you to continue to stay alert and vigilant. Always report suspicious emails or texts, follow good cybersecurity practices and do your part to help keep us all safe. Keep in mind, cybercriminals are still hard at work — even more so as the holidays are approaching. Thank you for all you do to help keep HM safe.