Health sector: protect yourself from cyber threats

Cyber threat Cyber threatA threat actor, using the internet, who takes advantage of a known vulnerability in a product for the purposes of exploiting a network and the information the network carries. actors are targeting businesses and institutions involved in research and development, and they may even pose as a legitimate business to try to spread misinformation, obtain sensitive information, or gain funding. If you conduct research and development for COVID-19, you are at risk.

The Canadian Centre for Cyber Security Cyber securityThe protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. can help protect you. We work with organizations and Canadians to better protect them from cyber adversaries. Visit our website for a list of alerts and advisories, including those regarding critical vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. patches.

Email us at contact@cyber.gc.ca or call, toll-free 1-833-CYBER-88 (1-833-292-3788)

The Cyber Centre recommends that health organizations working on the pandemic remain vigilant and ensure that they are engaged in cyber defence best practices, including increased monitoring of network logs, reminding employees to practice phishing PhishingAn attempt by a third party to solicit confidential information from an individual, group, or organization by mimicking or spoofing a specific, usually well-known brand, usually for financial gain. Phishers attempt to trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other sensitive information, which they may then use to commit fraudulent acts. awareness and ensuring that servers and critical systems are patched for all known security vulnerabilities.

Keep in mind that working from home presents more risk than working on an organization’s network, especially when employees are using their own laptops, tablets and phones. Help your workers be aware of malicious messages and give them tips on how to protect themselves at home. One way to do that – and to take advantage of one of our services – is to use CIRA’s Canadian Shield for your DNS provider. Following a few simple steps will ensure you aren’t inadvertently sent to a website the Cyber Centre knows to be malicious.

 

3 simple steps

There are three simple steps you and your employees can take to ward off the majority of cyber threats:

  1. Install software updates and patches regularly and as soon as they are made available.
  2. Use a strong password or passphrase and use different ones for every account you have. Consider a password manager if it’s too hard to remember each password.
  3. Be on guard against phishing: messages that seem legit but that seek to have you click on a link that puts your information at risk.

Help protect yourself

More broadly, you can take the following steps to help protect yourself:

  • Know the value of your information.
    Consider the risk of not protecting the confidentiality, integrity, and access to information, particularly business-critical information, sensitive information, and records and evidence.
  • Identify threats and vulnerabilities.
    Think about the types of threats that could affect your organization based on your activities and the type of information you have, and where there are gaps in your security. Don’t forget that human error is a major vulnerability.
  • Protect your information.
    Limit access to sensitive systems and information, use encryption and email filters, and always install software updates and patches. Use anti-virus or malware software to detect threats.
  • Respond and recover.
    Plan for the worst-case scenario: develop a response plan, and train your employees. Back up your information.
Date modified: