Issue link: https://beckershealthcare.uberflip.com/i/1393415
70 CIO / HEALTH IT 3 CISOs share their best tips to avoid employee cybersecurity mishaps By Hannah Mitchell T here has been an increase in data breaches caused by employee-related mishaps, both with malicious intent and without. ree chief information security officers shared with Becker's their best tip for avoiding cybersecurity mishaps by employees: Kate Pierce. CIO and CISO of North Country Hospital (Newport, Vt.). Cybersecurity is a growing concern for nearly every healthcare organization. Insider threats make up between 60 and 85 percent of all cyber threats, depend- ing on which report you reference. However, only roughly 20 percent to 25 percent of those are actually intentional crim- inal activity. My recommendations on how to address this growing issue are: 1. Implement a robust end-user cyber-education program to help minimize unintentional cyberthreat opportunities from entering your organization. 2. Diligently implement least privilege access for all users to help prevent accidental access to highly sensitive areas. 3. If the first two options are not effective, implement a user behavioral analytics application to identify highly risky per- sonnel actions. ese three things can help to contain insider threats in your organization, although there is no assurance that an insider with malicious intent can be stopped. Kathy Hughes. CISO andVice President of Northwell Health (New Hyde Park, N.Y.). e best way to avoid in- tentional or accidental employee mishaps is through a com- bination of employee education, awareness training, activity monitoring and behavior analysis. Ongoing communica- tion, including references to current events, help reinforce how to recognize and report suspicious activity. Equally im- portant is establishing progressive disciplinary actions for those who demonstrate risky behavior or violate policies, and setting behavioral expectations within the performance evaluation process which reflect employee requirements to practice safe computing. Christopher Kuhl. CISO and Chief Technology Officer of Dayton (Ohio) Children's Hospital. Changing your orga- nization's culture to be more cyber-aware can be one of the most difficult yet most beneficial initiatives you can ever do. On average, to change a corporate culture, it can take any- where from seven to 10 years. It's a long journey, but you, your security team and your organization will immediately see a return on investment from using a quality cybersecuri- ty awareness program. n Phishing attack on Ohio medical center exposes 155,000+ patients' PHI By Jackie Drees F ive Rivers Health Centers in Dayton, Ohio, notified 155,748 patients that their protected health information had been exposed for two months due to an email phishing attack. Five Rivers Health Centers reported the breach to HHS on May 28 as affecting 155,748 individuals. In a security incident notice, the health center said it discovered that employee email ac- counts were accessed between April 1, 2020 and June 2, 2020 by an unauthorized user. The accounts contained patients' personal and protected health information including names, birth dates, addresses, medical record numbers, lab results, prescription details and health in- surance details. A limited number of individuals' Social Security numbers, financial account numbers, payment card numbers and driver's license numbers were also exposed. Five Rivers is giving free credit monitoring services to patients whose Social Security numbers were exposed, and the health center said it is improving internal procedures to identify and reduce future cyber threats, including implementing two-factor authentication and revising employee cybersecurity training. n Amazon Care signs on more clients, eyes rural expansion By Jackie Drees A mazon has secured multiple companies as clients for its telehealth service, Amazon Care, CNBC reported June 9. Amazon launched Amazon Care, which offers telemedicine and in-person primary care services, as a pilot program in 2019. The program initially was only available to Amazon's Seattle em- ployees and their dependents, but Amazon later expanded it to all employees in Washington state. In March, the e-commerce giant said it plans to expand Amazon Care nationwide and to other employers. "We've had quite a bit of interest from other companies in using this service," Amazon Care executive Babak Parviz said June 9 at The Wall Street Journal's Tech Health virtual event, according to CNBC. He said Amazon plans to disclose which companies have signed on to use Amazon Care this summer. Amazon is working to make the full Amazon Care service avail- able to other geographies "as fast as we can," Mr. Parviz said. The company also is considering bringing the program to rural areas in the future, an effort that would require Amazon to hire thousands of employees, he said. In May, Amazon Care signed its first enterprise client, Precor, a fitness company owned by Peloton. n