October is Cybersecurity Awareness Month, and HASC is excited to join this international initiative to keep people, data and systems safer online at our hospitals.
“The campaign reminds us that simple actions can make a big difference,” said Tom Soto, CISSP, chief information officer at HASC. “Together, we can help fight online threats and protect the systems all of us rely on every day, including critical health care infrastructure.”
HASC invites our hospital members, associates and partners to join us in observing Cybersecurity Awareness Month 2025: Building a Cyber Strong America. For the association and our hospitals, this theme focuses on shoring up our health care systems against cyber threats to ensure resilient, high-quality care for all with minimal disruption.
Soto recommends four essential steps each of us can take:
- Keep software updated: Hospital information technology (IT) systems and departments should automatically deploy software updates to all company-issued devices. On personal devices, turn on automatic updates whenever possible and install updates promptly — don’t click “Remind me later.” These patches fix weaknesses that cyber attackers can exploit.
- Use strong passwords: Create passwords that are at least 12 characters, random (mixed case letters, numbers and symbols) and unique for every account. Use a password manager to generate, fill and remember passwords for you.
- Turn on multi-factor authentication (MFA) wherever possible: MFA adds an extra layer of security to your accounts. Use it in every account where it’s offered, and choose the most secure method available, such as a passkey or authenticator app.
- Recognize and report phishing: Stay alert for suspicious messages. If something seems off, be sure to verify the sender before clicking links or opening attachments. If you spot a scam, use a “Report Phishing” tool if available or let your IT department know right away.
Soto will also moderate Health Care Emergency Management and Cybersecurity, a free webinar for HASC members on Tuesday, Nov. 18. Cybersecurity expert Gerry Blass, ComplyAssistant, will share strategies and best practices in planning for and reducing risk from cyberattacks. A HASC Endorsed Business Partner, ComplyAssistant provides governance software and cybersecurity solutions for over 100 health care organizations. Learn more and register for the webinar here.
More information about staying secure online can be found in these resources:
- Cybersecurity Awareness Month | CISA
- Healthcare and Public Health Cybersecurity | CISA
- Cybersecurity Awareness Month | Health-ISAC (Health Information Sharing and Analysis Center)
- State of Healthcare Cybersecurity | HIPAA Journal
- 207 Cybersecurity Stats and Facts for 2025 | VikingCloud
- Surviving a System Outage: 4 Insights on Preparing for a Month Without Technology | Becker’s Health IT