September 27, 2021
TO:All Medical Center Faculty, Staff and Students
FROM: Steven R. Waite, Executive Director, Office of Information Security
SUBJECT: Mandatory Information Security Awareness Training
October is Cybersecurity Awareness Month, which is a good time to bring to your attention the importance of cybersecurity and make certain that you have the information, tools and resources needed to keep our digital information secure. Keeping with this year’s theme, “Do your part. #BeCyberSmart”, all UMMC personnel should own their role in organizational security by stressing proactivity and personal accountability.
Since the pandemic began, phishing attacks have become more prevalent and now account for more than 80% of reported information security incidents, according to the Verizon Data Breach Investigations Report. It is important that you scrutinize all digital communications, especially through emails that were not expected or were from a non-UMMC source. Phishing prevention and other security awareness tips are outlined in our mandatory annual Information Security Education module, which will be available on October 1, 2021 in HealthStream for employees and Canvas for students.
The course consists of two modules that can be completed in less than 25 minutes total. The first module is policy-based and provides summaries and links to each of our Information Security policies, which can also be found in the Document Center. Links to these policies are included in this year's security awareness education module to increase the familiarity and compliance of them by all UMMC users as required by the Office for Civil Rights. The second module contains a brief video, less than eight minutes, that covers the annual security requirements based on HIPAA Security Rule regulations. Upon completing the course, each user will be required to attest to having read, understood, and complying with all policies.
All Medical Center faculty, staff and students are required to complete the training by the deadline of December 31, 2021. Failure to complete this mandatory training could result in corrective action.
These modules serve as reminders of institutional policies and guidelines to improve our overall security. UMMC implements various security systems and controls to protect the organization as a whole but the ultimate responsibility rest with each of us. We can all do our part by following basic cybersecurity best practices such as creating strong passwords, backing up data regularly, keeping systems and software up-to-date, protecting UMMC devices and reporting security incidents in a timely manner.
Your security – our security – is a collective effort. We’re in this together, committed to one another and those that we serve.