Select Page

CIO QUARTERLY REPORT — September 2022

  1. Archives
  2. September 2022

CIO Corner.

IT security is everyone’s business. It takes all of us working together, and it can mean the difference between caring for our patients and cybercriminals disrupting our ability to do so.

Dr. Boom has often said that Houston Methodist has 28,000 housekeepers because we’re all accountable for providing our patients with a clean environment. In the same way, we’re all members of the IT security team. Everyone at HM plays a role in keeping our patient and organizational data safe. As we approach Cybersecurity Awareness Month in October, it’s a good time to remember to always practice cybersafe protocols.

Data breaches.

You may recall the 2021 Colonial Pipeline ransomware attack that caused gas shortages throughout the East Coast. JBS Foods, a major U.S. meat processing company, also fell victim to a ransomware attack.

Closer to home, the Houston Rockets were targeted when hackers tried to install ransomware. Fortunately, our NBA home team’s cybersecurity defenses blocked most of the hack. In May, the Texas Department of Insurance discovered a breach that began in March 2019, leaving social security numbers and other sensitive information vulnerable for 1.8 million Texans.

Threats to health care.

During 2021, 578 health care organizations reported data breaches impacting more than 41 million people, according to the U.S. Department of Health and Human Services. The federal government has continued issuing warnings about cyberattacks, listing health care as the most vulnerable.

Health care generates vast volumes of data, and it is critical because patient lives depend on it. To get a sense of the level of cyber warfare, this global cyberthreat map shows what’s happening in real time — every minute of every day.

If we experience a data breach, it could be catastrophic. This is because all health care aspects are now digital, from scheduling clinic appointments to surgery to long-term care.”  ─ Michael Garcia, HMH senior vice president for operations

How you can help. Pick strong passwords. Catch a phish. 

You can help to protect our patient and company data by selecting your HM password carefully. If you’re using passwords that hackers can easily guess, or if you’re using the same passwords for multiple apps, you’re opening the door for these attackers. If someone hacks your LinkedIn password, and you use the same one for banking and other online accounts, cybercriminals can access those accounts as well.

Just as you wouldn’t use your car key to also lock your house, I’m asking you to make sure you’re not using your HM password anywhere else. If you are, please change your HM password. It’s important to avoid frequently used passwords. These include sports, sports teams, car brands and common sayings, as well as a list of sequential numbers or letters on the keyboard.

Keeping track of multiple passwords is actually easier than it sounds. A simple way to keep track of multiple passwords is by using a password manager, a program that creates randomly generated passwords for all your accounts. You then access the password manager with a strong master password. A number of programs are available, such as Keeper, LastPass and 1Password.

In addition to using strong passwords, another way you help protect us is by staying alert for phish, fake emails that get you to share sensitive information. About 78% of cyberattacks begin with phishing, which also accounts for 32% of data breaches, according to the Cybersecurity and Infrastructure Security Agency, a section of the U.S. Department of Homeland Security.

This is why we’re continuing the phishing drills we began two years ago – to help us all learn to spot a phish. We’re improving as an organization, based on results of the most recent drill. Remember to stay alert for suspicious emails, and report any that look even a little bit off.

Defending Houston Methodist.

In addition to your efforts, IT has developed strong defenses, including managing about 60 cybersecurity systems to protect our technology. We also hire cybersecurity companies to try and hack us. We want them to do their best to break through our defenses, and if they’re able to penetrate our barriers, we immediately strengthen our security. Here’s a snapshot of cybersecurity work we do in IT:

  • Daily: Block 1 million suspicious emails and 3 million perimeter attacks.
  • Monthly: Patch 35,000 workstations and servers, including over 23,000 desktops, 7,000 laptops and 5,200 servers. Patching is the hand hygiene of cybersecurity, and we take it very seriously.
  • Continually: Encrypt computers, USBs, mobile phones and tablets.

Protecting our patient data.

As a health care organization, we’ve developed a rigorous cybersecurity program to protect our patient data and systems and our administrative technologies. We continually work to make it as difficult as possible for hackers to breach our defenses.

But we can’t do it alone.

We need your help to keep our patients and their information secure. Just as Dr. Boom picks up any trash he sees and says we’re all HM housekeepers, we’re all also members of the IT Security team, playing a key role in our cybersecurity defense.