UTMB patients, employees, students and stakeholders expect that all protected health, personally-identifiable and other types of sensitive information are held in strict confidence and protected from unauthorized disclosure and data theft. With nearly 11,000 employees, 3,000 students and more than 20,000 connected devices, supported by a network that spans several hundred miles, keeping information secure at UTMB is no easy task.
During the course of a regular 24-hour day, UTMB network security systems will block close to 200,000 suspicious events from all over the world. Some of this errant activity comes from two main sources: search engines such as Yahoo and Google that scan the network for publicly available information; and computers and network devices that are not properly configured. However, many of these events are very real threats –cybercriminal events—to steal information or disrupt services at UTMB.
Cybercriminals, research shows, are motivated by six distinct opportunities: (1) greed in that they can steal and quickly sell information for a profit; (2) revenge because of dissatisfaction or disgruntled feelings; (3) activism aimed at exposing or embarrassing an institution; (4) corporate espionage to steal trade secrets; (5) notoriety or celebrity for their crime; and (6) to support a political position.
UTMB, like all large organizations, can be an easy target. According to the 2012 data breach investigation report, conducted by the Verizon RISK team in cooperation with U.S. Secret Service and other law enforcement agencies, the vast majority of cyber attacks (96%) are not difficult, allowing systems to be breached within minutes.
While data breaches cannot be totally eliminated, they can be significantly reduced by employing basic security principles, including:
Do not respond to email asking for personal information, such as your Social Security number, bank/credit card account information, password or PIN. No reputable organization will ever ask you for personally-identifiable information by email.
- Do not share your computer accounts or password with anyone.
- Confidential information should be stored only on institutional servers, not on portable devices or removable media such as USB drives, SMART phones, laptops or DVDs.
- Keep your personal and UTMB-assigned computers up-to-date with the latest anti-virus software and security patches.
- Delete suspicious looking email; open email attachments only when they are received from a trusted source.
- When using a portable device to store or process UTMB information, ensure that it is fully encrypted and password protected.
Please report potential or perceived security weaknesses and violations to the Office of Information Security
or to the UTMB fraud and abuse hotline at 800-898-7679.
By educating yourself and your employees, understanding potential threats and minimizing risks, you will guard against malicious activity, enhance the security posture of UTMB and significantly reduce your chances of falling victim to identity theft and fraud.
For more information on data protection, please contact the Office of Information Security at firstname.lastname@example.org.