Make cybersecurity a priority at work and at home

In the last 5 years, the healthcare industry has seen a staggering 256% increase in cybersecurity breaches. In 2023, large breaches were reported to affect over 134 million individuals, which was a shocking 141% increase from the year before. Many of these breaches occurred because important security steps were overlooked or not given enough attention.

Change Healthcare was a recent example of this. Their data was leaked in a damaging breach in February 2024. Hackers infiltrated and gained access to their systems through a portal not protected by multi-factor authentication (MFA). Due to the ransomware deployed, their system was shut down, causing major disruptions in patient care services across the country.

In an interview with CEO Andrew Witty of UnitedHealth Group, who owns Change Healthcare, Witty had told lawmakers that his company didn’t know why those security protections weren’t in place. Unfortunately, situations such as these occur more commonly than we think, and these case studies highlight the importance of strong cybersecurity measures and protocols for not just large companies, but for the people who work for them or are served by them.

Throughout October, the Digital Medicine Society (DiMe) partnered with the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) to promote Cybersecurity Awareness Month. This year’s theme – Secure Our World – encourages everyone to find simple ways to protect themselves, their family, and their businesses from online threats. Over the past few weeks, DiMe explored ways with the team to strengthen cybersecurity posture online, at work, and at home. Here are four main takeaways the team learned that you can implement to increase security around your data:

1. Creating strong passwords and using password managers

Creating strong passwords is very important, especially when you create strong, complex, and unique passwords for all your accounts. We often see that users want to save themselves the headache of remembering many different passwords, so they default to using the same password across multiple sites. As a result, 62% of people always or mostly use the same password for their accounts. These weak and duplicate passwords increase the likelihood of bad actors infiltrating not just one – but multiple accounts. The rule of thumb is to create passwords:

• longer than 12 characters,
• unique from other passwords, and
• involve upper, lower, and special characters to make it complex.

To avoid the headache that comes with needing to remember all your passwords, this is where password managers come into play. You can securely store all your credentials for easy access, and all you have to remember is one password – the one to access your password manager. At DiMe, we use LastPass every day to securely store and access our credentials, and it has become an important tool that we cannot go without.

2. Using multi-factor authentication (MFA) for your accounts

When you’re logging into an account, you want to be able to log in as quickly as possible. That’s often why users don’t turn on MFA, because it can be annoying to add another step to the login process, especially since it involves multiple devices. However, MFAs are a crucial component to protect your account. More than 99.9% of compromised accounts don’t have MFA, which leaves them vulnerable to password spray, phishing, and password reuse. MFA uses:

• something you are,
• something you know, and
• something you have to verify your identity.

MFA makes it more difficult for hackers to gain access to accounts, even if they know the password because of this additional requirement.

3. Identifying and reporting phishing attempts

Phishing can take on various forms, from hackers using emails, social media posts, or direct messages with the goal of luring a user to click on a bad link or download malicious attachments. At DiMe, we have seen countless emails and texts trying to impersonate our CEO. These messages often have requests for contact that are urgent, out of character, or unexpected. It can be easy to overlook the signs of a phishing attempt when you are moving quickly. That’s why we remind our teams to take a “quality time out” whenever receiving an email like this. By taking a few extra seconds to review the sender’s email address, the nature of the request, and the content of the email, we can better pinpoint phishing attempts and escalate them accordingly.

4. Turning on automatic software updates and patches

We all know the dread of having to close all of our tabs, windows, and apps to install an update. While this might seem like a drag in the moment, it will only benefit you in the long run. Old software can contain security flaws, and over time, hackers find ways to utilize these flaws to infiltrate the software. Technology providers stay on top of these weak points and issue software updates to patch them as quickly as they can. The Ponemon Institute found that nearly 60% of data breaches could have been prevented by staying on top of installing these updates and patches. Software updates can also fix bugs, improve performance, and add features that can enhance the user experience. Three quick tips when it comes to updates are:

• watch for update notifications,
• install updates as soon as possible, and
• turn on automatic updates.

Although October is nationally recognized as a month dedicated to cybersecurity awareness, cybersecurity should be taught and prioritized all year round, in both your personal and professional lives. If we can take these small steps together to secure our data, we can empower each other to hold a high standard of security to prevent bad actors from gaining access to our data.