The American Optometric Association is offering tips for dealing with cyberthreats as a result of the Russia-Ukraine war.
AOA wrote on its website:
On April 13, a Cybersecurity Advisory released jointly by the Department of Energy, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency and the FBI warned of evidence that “advanced persistent threat actors” have new malicious cyber tools that could gain full system access to industrial controls and data acquisition devices inside the U.S. While the agencies declined naming the source of the threat, private sector partners said the “exceptionally rare and dangerous” tools appear consistent with Russian actors.
AOA also noted: “Days after the Russian invasion, the Department of Health and Human Services (HHS) cybersecurity division, known as HC3, issued its own albeit nonspecific alert to health care organizations.”
And the Biden administration has issued warnings that Russian actors may try cyberattacks in the U.S. in retaliation for sanctions.
AOA offered these suggestions from Lockton Affinity, an AOAExcel endorsed business partner providing cyber liability insurance options:
Advertisement
- MFA (multifactor authentication) process. Two-factor authentication or MFA requires users to acknowledge their login credentials via a phone call, text message or app notification after correctly entering their password.
- Password protocols. Consider applying stronger password protocols that include 12 or more characters and a combination of letters, capitalization, numbers and symbols. Require different passwords for each account or service. Incorporate rolling updates to prompt users to change passwords either monthly or quarterly. Update passwords as personnel changes take place.
- Regular software patches and updates. Be sure not to put off regular software maintenance updates and patching, as these processes help to fix bugs and other vulnerabilities. Conduct an inventory of devices, operating system versions and applications. Monitor and audit patches. Check with your IT company to make sure updates will not affect your systems.
- Employee training. Periodically remind employees that they are also responsible for the practice’s cybersecurity, and to be mindful of email phishing attempts, suspicious links, password sharing or other malicious schemes.
- Cybersecurity professionals. In addition to working with a cybersecurity firm to conduct a comprehensive risk assessment of your practice’s network or systems, doctors may find peace of mind through cyber liability insurance. Through AOA membership, doctors have access to cyber liability insurance administered by Lockton Affinity. This policy helps cover the costs associated with notifying all affected parties, ongoing credit monitoring, outside investigations and more.
