Cyber Smart Week 2020
CERT NZ’s annual Cyber Smart Week for 2020 starts on Monday 19 October and is aimed at helping New Zealanders protect themselves online. Patients First will be participating in this initiative to help raise cybersecurity awareness across New Zealand while also making it relevant to the health sector.
New Zealand Health Information Security Requirements
The New Zealand Health Information Security Framework (HISF) standard – HISO 10029:2015 is designed to support health and disability sector organisations and practitioners holding personally identifiable health information to improve and manage the security of that information. It provides advice about procedures, minimum requirements and technical standards. Compliance with the framework’s risk management section has been required since 1stJuly 2016 for any organisations managing health information.
HISF compliance requires time, skills and resources that many small and medium health organisations do not have, leading to a challenging, risky situation for their healthcare services. Here are a few resources provided by Medical IT Advisors to simplify the HISF compliance journey:
- Initial online quick HISF self-check – estimate your “gross” risk and compare against the community baseline
- Internal and External Assessment – Download the template
Cyber Smart Week
Steps to building your cyber defence
Step 1. Use a password manager
It’s really important that each of your online accounts has a unique password, but remembering them all challenges the best of us.
The easiest way to keep track of them is to use a password manager. It’s like an online safe that only you have the key to. It stores and manages your passwords for you and keeps them safe using strong encryption. You only need to remember one strong password for your password manager, and it’ll do the rest!
Read related guide: 6 reasons to use a password manager
Step 2. Turn on two-factor authentication
Adding two-factor authentication (2FA) to your login is a simple way to add an extra layer of security to your accounts.
It’s an easy extra step after you log in, like entering a code from an app on your phone.
Take some time to enable 2FA on your apps and accounts. You’ll usually find the option to turn it on in the privacy settings of the app or account.
Read related guide: Protect patient privacy with two-factor authentication
Step 3. Update your devices
When you’re alerted to an update for your device, don’t ignore it — install it as soon as possible. As well as adding new features, updates fix any security issues or weaknesses that have been found. Updating software prevents attackers from using these vulnerabilities to gain access to your information.
If you can, set the updates to take place automatically whenever a new version is available. That way, you don’t have to think about it!
Read related guide: The importance of software updates in healthcare
Step 4. Check your privacy
It’s important to know what information you’re sharing, and who you’re sharing it with. We’re so used to sharing things online that we don’t always think about how it affects our privacy. But, the information you share can enable attackers to access your data or steal your identity.
Check that any requests for personal information are legitimate before you share your details. If a company or business asks you for information, think about why they might need it. If you’re not sure, don’t provide the information.
Read related guide: What you need to know about the new Privacy Act 2020
If you, your friend, or your business experiences an online incident, report it to CERT NZ.
CERT NZ is a government agency that helps New Zealanders identify cyber security issues and guides them in resolving them.
Still having questions on health information security? Just contact us and we’d be happy to steer you in the right direction.