HealthCare Breaches Map
e-mail • 2 factor authentication is the best defense • Alert on auto forward rules • Beware urgent email asking for your credentials – don’t give them! • Be wary of unusual email from people you know – their account could have been compromised
Passwords • Length is the single most important factor • Take the Test: https://www.my1login.com/resources/pass word-strength-test/ • No frequent expiration • Use of a Password Manager like LastPass or 1Password • Never reuse work passwords for any other sites https://pages.nist.gov/800-63-FAQ/#q-b5
3rd Parties • • • • •
EMR provider support/host Line of Business application providers Managed IT Service providers Printer/Copier support vendor Cleaning company
• What is in your contract about data security? • What is in your contract about downtime? • How are your vendors training their staff on HIPPA Security?
• Pre-employment screening • Separation of duties • Minimum access to data to perform the job • Cybersecurity training for staff on hire and annually thereafter
Managed Security Services • Daily log review • Threat Hunting • Breach detection • Insider threat mitigation • Incident Response by trained team • Alerting 24/7/365
Managed Security Services • Manage O365 security • Web based cybersecurity training portal • Annual HIPAA Security Risk Assessment • Phish testing • Quarterly Vulnerability scanning
Resources • Global Cyber Alliance Toolkit • Center for Internet Security • HHS Cyber Security Guidance • Integrity IT