National Cybersecurity Awareness Month (NCSAM), held every October, is a collaborative effort between government and private industries to raise awareness about the importance of cybersecurity. This year’s theme is Own IT. Secure IT. Protect IT. It emphasizes personal accountability and the importance of taking proactive steps to improve cybersecurity.
Below are a few key things to keep in mind when it comes to protecting Providence St. Joseph Health (PSJH) systems, networks and data.
Own IT. PSJH workforce members are accountable and responsible for the security of the data and systems they use. Understand how internal policies and regulatory requirements apply to these systems.
- All applications including freeware / shareware must be approved by Information Security Governance, Risk and Compliance (ISGRC) prior to use.
- Know the 18 Identifiers as defined by HIPAA.
- Apply the HIPAA minimum necessary rule – only share protected health information (PHI) when absolutely necessary, with only those who need to know and only for as long as the information is needed.
- When working with payment cards never write down account numbers and routinely check point of sale devices for tampering.
Secure IT. Do your part in controlling who has access to PSJH systems and data.
Think before you invite others to collaborate. Never invite others to view PSJH data or conduct PSJH business via personal online accounts. It is against PSJH policy to use personal accounts when accessing PSJH systems and data, and for conducting company business
- Understand sharing settings in approved online applications like SharePoint Online, OneDrive, Yammer, and MS Teams.
- Use only approved devices to access PSJH systems or data. PSJH policy requires all personal devices to meet the same security controls as PSJH owned devices.
Protect IT. Keep PSJH systems and data secure from unauthorized access.
- Keep operating systems up to date with the latest releases and patches.
- Do not respond to, click or download content in suspicious emails.
- Do not use the same password for PSJH accounts to access non-PSJH accounts (e.g. personal email account, website accounts, etc.).
- Only use your own PSJH-assigned user accounts – NEVER share them with anyone!
Have more questions on information security?
- Visit our Enterprise Information Security team page.
- Join in the discussion on our ISGRC Yammer group.
- Contact Information Security Governance, Risk and Compliance at informationsecurity@providence.org.