Share this story

Appears In

General

Always On Guard -Information Security and Privacy Awareness Week

Ensuring the security, privacy, and protection of patients’ health care data is critical for all health care personnel. Good medical records are essential for the continuity of care for patients. But with this type of data retention comes risk. The health care industry continues to see a steady increase in breaches. In 2020, 79 percent of all reported data breaches were in the health care sector. Here are some cybersecurity and privacy tips from the United States Department of Health and Human Services:

Establish a Security Culture

95 percent of security breaches occur due to human error. It is imperative that education and training are frequent and ongoing. VA requires all personnel complete applicable VA and VHA-required privacy training at the time of employment, annually and when updated training is required.

Beware of Phishing

Phishing is the fraudulent practice of contacting people via email, text, or phone to obtain personal information such as passwords, Protected Health Information (PHI), Personally Identifiable Information (PII) and financial information. Immediately report any Phishing attempts to the Cybersecurity and Infrastructure Security Agency.

Use Strong Passwords and Change Them Regularly

Strong passwords will offer the greatest protection. You should use at least eight characters (the longer, the better), a combination of upper and lowercase letters with a number and at least one special character. This will help prevent hackers from manually guessing or using applications to hack your passwords.  Use multi-factor authentication whenever possible.

Plan for the Unexpected

Create backups and store them in a secure location. Having backups will give you the upper hand in a ransomware situation, as you’ll be able to recover your data and restore your system quickly in the event of an intrusion.

Control Access to PHI

Not everyone needs access to private information. There are key pieces of information that immediately allow bad actors to target an individual. Still, cybercriminals can piece together less significant information to achieve the same goal. Use access control lists to allow access to those who need it and be aware of your user permissions.

Topics in this story

cybersecurityinformation security and privacy awareness weekphishing

More stories

  • VA Employees Sound Off on IT Customer Service

     1 month ago

    VA Employees Sound Off on IT Customer Service

    You were asked what you thought about VA’s IT services. Here’s what you said.

  • FCW 100 Award Honors VA Program Manager for Outstanding Public Service

     June 29, 2022

    FCW 100 Award Honors VA Program Manager for Outstanding Public Service

    IT Program Manager Angela Gant-Curtis was named on the FCW 100 list for her distinguished work in Federal IT and unparalleled dedication to the Department of Veterans Affairs.

  • Before You Hit ‘Send’, Consider these Email Accessibility Tips  

     May 24, 2022

    Before You Hit ‘Send’, Consider these Email Accessibility Tips  

    We can’t avoid sending and receiving emails, but we can avoid making those emails inaccessible for those with visual or auditory impairments. Learn about how you can compose emails that ensure equal access for everyone, by incorporating accessible design features into your emails.