Rob Suárez, HCISPP, Chief Information Security Officer for BD
At BD, our commitment to cybersecurity is far reaching, protecting BD products, manufacturing and enterprise IT. Protecting BD data and systems also helps to protect our customers and patients. That is why we recognize Cybersecurity Awareness Month and encourage our 70,000 associates to apply cyber-smart strategies throughout the year. Here’s an inside look at three impactful components of our ongoing cybersecurity awareness program:
Opportunities to hear from BD customers and partners
There’s no better way to convey why cybersecurity matters than to share insights and experiences from healthcare providers. That’s why we offer BD associates multiple opportunities to hear directly from BD customers and partners during Cybersecurity Awareness Month and throughout the year. This puts medical device cybersecurity in context, driving home the message that there’s a patient at the end of everything we do.
Earlier this month, Matthew Webb, Chief Product Security Officer for HealthTrust, a Group Purchasing Organization based in the United States, spoke with BD associates during a virtual Cybersecurity Awareness Month event.
“At HealthTrust, I’m responsible for developing a supplier security program to support our members, including more than 1,600 hospitals and health systems and 55,000 other locations, including surgery centers and long-term care sites,” said Webb. “Having a platform to speak with BD associates around the world and share our customers’ most pressing cybersecurity concerns with them directly builds trust and reinforces our shared commitment to cybersecurity.”
Ransomware attacks are often cited as healthcare’s biggest cybersecurity threat.1 However, ransomware can begin with a single victim clicking on a malicious link or attachment in an email. In fact, according to a recent survey conducted by the Healthcare Information and Management Systems Society (HIMSS), email is the initial point of compromise 89% of the time when there’s a significant security event.2
Across the healthcare industry, from medical device manufacturers to healthcare providers, we can all help to prevent cyberattacks by educating employees about phishing attacks. These types of attacks happen when cybercriminals use email to try and gain illegal access to a computer or network by phishing for sensitive information. Often, their intent is to get users to reveal system credentials or other sensitive data, so they can use that information to assume the person’s identity to access password-protected systems or open new accounts.
At BD, we maintain a phishing simulation program to help our associates practice recognizing and reporting suspicious emails. Earlier this year, we engaged with the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) to perform an evaluation of our phishing simulation program to help us assess the efficacy of our cybersecurity awareness training and ensure that we properly equip our associates to identify phishing attempts.
Ongoing, tailored cybersecurity training
All BD associates receive cybersecurity awareness training. From required courses to optional upskilling resources like articles and podcasts, ongoing training helps our associates make good cyber hygiene a habit. In addition, we provide tailored training opportunities, including cybersecurity boot camps where associates across the organization can learn more about core principles of cybersecurity and how they are applied at BD.
We also participate in national cyber storm exercises led by CISA. Designed to imitate real-life events, these biannual cybersecurity exercises bring public- and private-sector entities together to simulate how they would respond to incidents impacting the nation’s critical infrastructure. Cyber Storm 2020 involved more than 1,000 players nationwide, including a dozen BD associates.
On a smaller scale, we conduct cyber scenario exercises annually with BD leadership to practice responding to cybersecurity threats. These immersive exercises allow in-depth cross-functional collaboration and crisis orchestration, which are essential to any company’s response and recovery following cybersecurity attacks.
All of these initiatives have helped us foster a strong cybersecurity culture at BD. From opportunities to hear directly from BD customers and partners, to phishing simulations and ongoing, tailored cybersecurity training, encouraging cybersecurity awareness and good cyber hygiene does more than protect BD – it also helps to protect our customers and patients.
1 Davis J. Biggest Healthcare Security Threats, Ransomware Trends into 2021. HIMSS. Health IT Security. https://healthitsecurity.com/features/biggest-healthcare-security-threats-ransomware-trends-into-2021. Published December 18, 2020. Accessed July 26, 2021.
2 Cybersecurity and Security Incidents in Healthcare Infographic. https://www.himss.org/resources/cybersecurity-and-security-incidents-healthcare-infographic. Published July 6, 2021. Accessed July 26, 2021.