Joint Commission Tip of the Week: Cyber Emergencies

The Joint Commission has added the topic of “Cyber Emergencies” as a focus this year. Below is a refresher of some key points from yearly training about how we protect our IT Resources:

Prevention – We start by securing our computer systems, making sure they are used properly, and teaching employees how to tell if something is wrong.

Access Management – Review the UMMS Access Control Policy and UMMS Password Policy

  • The Helpdesk verifies that individuals can use only the resources they need for their job.
  • Everyone gets a unique username and password so we can account for all the activity on
    our systems and address problems efficiently.
  • We prohibit sharing accounts and passwords to make sure everyone using our systems
    are authorized to do so.
  • We require strong, hard-to-guess passwords and never share them or write them down.

Encryption – We use two types of encryption at UMMS:

Device encryption –We encode the information stored on our laptops and mobile
devices to make them unusable if they are stolen

 Email encryption – We encode information we send in email, so it can’t be intercepted and read by hackers.

*Remember whenever we send PHI outside the organization, we put #secure# at the
beginning of the subject line to encrypt it.

Device/Physical Security – We avoid tailgating and shoulder surfing, and keep devices locked and secure when we are not using them.

Detection – We detect threats to our IT Systems by educating our users on how to recognize and report them, as well as through technology solutions.

Awareness – Everyone is trained to recognize and report cybersecurity threats.
Phishing – This is when scammers use fake emails to try and trick someone into downloading malware or giving up confidential information. We provide education on how to recognize phishing emails and periodically test everyone’s ability to do so.