Emergency Preparedness

Appendix H.4 – CYBER ATTACK

Kern Medical Emergency Preparedness CYBERATTACK Connected Devices  Personal computers (PC’s) •

Change passwords every 90days • Must login to user account each person was assigned • Removal of Group Accounts IE: KMCNurse, OR ,ER etc. • At least 12 Characters with combination of Upper and lower letters/symbols/numbers are used at least 3 out of 4. • Require all staff to lock computers when not in use (Win+L= windows button plus L for locking) • Passwords required for unlocking access computer, email, and remote access . • Do NOT share your password • Do NOT write passwords down where they are easily accessible • Do Not plug USB devices, Phones into PC’s that were NOT issued by Kern Medical  Email • Forward any suspicious emails as an attachment to IT that may be a possible virus or request for information (W-2, salaries, etc.) infosec@kernmedical.com • Use up to date version of the attachments, be mindful of sensitive data types:  MRN, DEA, SSN and Credit Card Information is prohibited by email policy.  Servers • File Servers is attached per profile; please make sure that files are being saved. As well as archived. DO not share files or store personal data in the File Servers.  Tablets/Laptops • Require all staff to lock when not in use • Hospital Owned devices will need to be encrypted via HDD • BYOD, devices will need the above as well as passwords for each device and biometric | facial • Passwords required for unlocking access.  Smart Phones • Personal Devices must conform to MDM, usage: Download and use of Outlook app are approved. • Password for the devices, 4 or more and touched can be used. • Screen Capture will be disabled in the Outlook Application • iOS device will install Native MDM profile to devices • Android does not apply

Page 221