While technology plays an important role in protecting the Brigham’s network and devices from malware, phishing and viruses, BWH staff are an equally vital line of defense. Christina Mazzone, CISSP, information security officer for Brigham Health, spoke with BWH Bulletin about how BWHers can play an active role in these efforts.
How does the Brigham protect its data, devices and network?
CM: As a first line of defense, we regularly conduct information security assessments to understand what’s on our network, with the goal of understanding how secure our devices, tools and vendors are. In turn, that helps us better understand where the potential vulnerabilities could be in our environment. Then, through technology or new best practices, we work to make sure those systems are secure.
Why is it important for all BWH staff to remain vigilant about malware, phishing and viruses?
CM: If BWH staff are aware of how to protect data, both in their personal life and at work, then they can be good stewards in helping protect patient information in our environment.
It only takes one person opening an infected email or website to put others at risk. One click could lead to a virus or malware attacking a whole network of machines. I think of it like human viruses: It’s all about preventative care. If employees are diligent about looking out for malicious emails and making sure their devices are protected – like many of us do with immunizations for our bodies – then we can protect our network from becoming infected.
Click here to learn more about how to protect yourself from viruses, malware and phishing.
Are there issues that affect health care institutions in particular?
CM: Health care has a unique set of challenges because, at the end of the day, patient care and patient safety are the priority. Whereas other industries can often make automated, system-wide updates to their network without potentially affecting anyone’s safety, we are always mindful that any update we push out has the potential to disrupt patient care. We do a lot of our updates and fixes manually and incrementally so that we have more control. Additionally, some medical devices are incapable of running something like antivirus software, so we implement other controls to compensate and prevent hackers from taking advantage of that.
What is the most prevalent misconception about the role of information security?
CM: It is often seen as a barrier to getting things done, but that isn’t the case at all. We want to continue to enable our staff to move forward while also making positive steps around security. We’re not here to say no. We’re here to support you with creative solutions and help you do your job in the most secure manner.
Phishing 101: 5 Tips for Protecting Your Email
Phishing is the fraudulent practice of sending emails that are crafted to trick you into giving up sensitive information or performing an action, such as clicking a link or opening an attachment. It may even look like it comes from a trusted, familiar source like Partners HealthCare, Human Resources or a bank.
Here are five things you can do identify and fight phishing:
- Be skeptical of emails from suspicious senders that are labeled “urgent” or rush you to take action.
- If you receive a message that says you have a package being delivered when you aren’t expecting anything, it may be a phishing attempt.
- Look out for spelling errors, odd formatting or being addressed as “dear sir or madam” in emails.
- In the preview pane of Outlook, hover your mouse over the sender’s name to view their email address. Take note of whether it looks incorrect or unusual. For example, if the sender’s address comes from partners.com instead of partners.org or contains long strings of numbers and letters, then it is most likely a phishing attempt.
- If you believe you’ve received a phishing email, highlight the message and click the “Report Phishing” button in the Outlook toolbar. You can also forward the message as an attachment to firstname.lastname@example.org.