October cybersecurity awareness – Securing internet connected devices in healthcare

As I reflected on this weeks’ focus on cybersecurity and healthcare, I began to think of all the examples of internet connected devices that fall into this category. How many of you have a Fitbit or an Apple Watch that are Bluetooth enabled and send health information to an app on your phone? I know I do. And I don’t think twice about using these devices to improve my health. What about other apps like WW (formerly known as Weight Watchers) or apps that track your blood pressure and send those results automatically to your health care provider.

Another example is in telehealth. With COVD-19 has come the skyrocketed use of telehealth to address easily diagnosed symptoms through virtual meetings. The doctor’s offices do not want patients coming into the office right now anymore than patients want to come in. And with the wide acceptance of telehealth during this pandemic, the word on the street is that when life gets back to a new normal, that telehealth is here to stay.

Learn More

Additional information on protecting yourself and your medical information can be found in this tip sheet from the cybersecurity & infrastructure security agency (CISA). Other relevant resources are available through the National Cyber Security Awareness Month and CISA.

In case you missed the NACo Virtual Fall CIO Forum Series for October, which was on Cybersecurity, you can watch the recording on YouTube.

More recently we are now looking at contact tracing apps that provide assurances to users that health information (related to a COVID diagnosis) is secure and anonymous. I don’t know about you, but I still want to make sure that I put in place security safeguards on my mobile devices, even when using apps such as this.

What does all this mean? It means that your (and your employees) medical information is more easily accessible than ever before. With great benefit comes increased risk.

Here are ways for protecting your medical information that you can share with employees:

• Make sure your mobile device that you use for collecting and sharing health information is password protected. And not just a four-digit pin, but also implementing at least an eight-digit pin. Yes, that is doable on most mobile devices.
• When you are out and about, think about turning off your wi-fi setting on your mobile device. This will prevent your phone from being accessed by “bad actors”.
• Further, your mobile device could have apps running in the background or using default permissions you never realized you approved. These apps could be gathering personal information without your knowledge while also putting your identity and privacy at risk. Be sure to check your app permissions and don’t hesitate to just say “no” to privilege requests that seem unfamiliar to you.
• And I would be remiss to practice caution with COVID-19 related emails that encourage you to visit websites containing valuable and up to date COVID-19 news. Ignore those emails and go directly to the reliable site for your COVID-19 related information.