Back to Top Skip to main content

Cyber fitness is everyone's responsibility today

Servio Medina from the Cyber Policy Branch of the Defense Health Agency speaks at DHITS 2018 on the need for exercising cyber fitness practices in today's technology driven life. Servio Medina from the Cyber Policy Branch of the Defense Health Agency speaks at DHITS 2018 on the need for exercising cyber fitness practices in today's technology driven life.

Recommended Content:

Defense Health Agency | Technology | DHITS 2019

Taking care of our physical self and personal hygiene – working out, eating well, and washing up – is a normal part of our daily lives. If we put the same effort into making sure we’re ‘in shape’ in the cyber world, we could make a big difference in protecting our personal information. 

Not too long ago, cybersecurity was considered someone else’s problem. But it’s not a technological problem, it’s a human knowledge problem and a personal responsibility, Servio Medina, acting chief of Cyber Security Division Policy Branch at Defense Health Agency, said.

“[That notion] reflected a time that is behind us [and] needs to be behind us,” Medina said, speaking at the Defense Health IT Symposium in Orlando, Florida, on July 25. “We have to acknowledge that a change in one context can impact another context.”

While some people receive cyber awareness training as part of their job, not all 9.4 million beneficiaries in the Military Health System do. Cybersecurity goes beyond the workplace and into homes, impacting everything from toys to video game chat rooms to email, and it’s important for people of all ages to be ‘cyberfit,’ as Medina says. The Health and Human Services department refers to this concept as cyber hygiene, and defines it as an individual’s health, or security, when conducting all activities online.

Without the right training or knowledge, anyone can accidentally fall victim to cybersecurity problems, or make personal information vulnerable. 

“We do want to empower [people] to not unwittingly compromise their own information and their own wellbeing,” said Medina. Part of the Military Health System’s role in taking care of families is helping them understand how to protect their online presence, he said. 

Being cyberfit includes recognizing risky behavior, such as clicking a link in a suspicious email. Simple acts, like walking away from an unlocked computer or not having a passcode on a phone, accounts for more than half of all data breaches according to the Society of Human Resource Professionals.  Additional cyberfit tips include:

  • Avoid phishing. Don’t open e-mails or links from an unknown source, and don’t reply to requests for personal or medical information.
  • Being social online also means you’re global. Think carefully before posting anything on the internet, and remember social media and websites can be tracked and hacked.
  • Use caution when using public Wi-Fi. While it’s convenient, it’s usually unsecure.

Password protecting devices and applications, using reliable malware software, avoiding unsecure networks to share personal information, and avoiding public Wi-Fi networks can help protect personal information. In addition, beneficiaries can protect their health information by using a secure messaging portal through a provider to share health information and carefully checking health care statements to avoid fraud or scams.

Medina said people sometimes need nudges, such as pop-up notifications indicating the security certificate of a website and caution to proceed at risk.

“It takes repeated training, it takes nudges, it takes effective training, but it takes more than that, too,” said Medina, believing it takes three months to change a habit, six months to change a behavior, and a year to change a lifestyle. 

“It takes us to recognize that most incidents trace back to some sort of behavior,” said Medina, referring to a 2015 Department of Defense memo stated roughly 80 percent of cybersecurity breakdowns can be traced back to humans – even after training, said Medina. Most of these cases come down to ignorance, willful neglect, poor judgement, ineffective policy, or criminal intent, he said.

Cybersecurity can dramatically impact the family wellbeing, and when the wellbeing of the family is affected, the readiness of service members and their ability to complete their mission can also be impacted, Medina said.

“[I]t wasn’t too long ago that cybersecurity was someone else’s problem,” said Medina. “We can’t have that mindset anymore. Cybersecurity is really, in a way, everybody’s responsibility today.” 

You also may be interested in...

Medical tools, supplies 3D printed in desert deployment

Article
11/1/2019
Army Lt. Col. Jason Barnhill, a faculty member of West Point and the Uniformed Services University’s Department of Radiology, poses for a photo with a 3D printer capable of biofabrication that could expedite repair or perhaps replace damaged tissues for troops injured on the battlefield. (Courtesy photo)

3D printing provides the ability to produce tailored health care solutions

Recommended Content:

Technology

State of the art procedure is the first within DoD

Article
10/28/2019
Retired Capt. Eugene Chalaire was the first to undergo an intricate cancer-preventive procedure performed at Womack Army Medical Center this summer. Womack is the first within the DoD to offer this service. (U.S. Army photo)

Only a handful of medical centers in the United States perform this surgery

Recommended Content:

Technology | Military Hospitals and Clinics

Third Quarter Report Army Corps of Engineers Projects within the Defense Health Agency

Congressional Testimony
10/4/2019

H.R. 1625 DoD Approps Act FY 2018 Joint Explanatory Statement, Pg. 998

Recommended Content:

Defense Health Agency

DHA IPM 18-015: Cybersecurity Program Management

Policy

This Defense Health Agency-Interim Procedures Memorandum (DHA-IPM), based on the authority of References (a) through (c), and in accordance with the requirements of References (d) through (y): • Establishes the Defense Health Agency’s (DHA) procedures to implement and maintain a DHA Cybersecurity Program for the Military Health System (MHS) to protect and defend DHA information and Information Technology (IT). • Is effective immediately; it will be converted into DHA-Procedural Instruction (DHA-PI), “Cybersecurity Program Management.” This DHA-IPM will expire effective 12 months from the date of issue.

  • Identification #: 18-015
  • Date: 9/23/2019
  • Type: DHA Interim Procedures Memorandum
  • Topics: Technology

DHA IPM 18-013: Risk Management Framework (RMF)

Policy

This Defense Health Agency-Interim Procedures Memorandum (DHA-IPM), based on the authority of References (a) through (c), and in accordance with the guidance of References (d) through (ac): • Incorporates cybersecurity strategy, policy, awareness/training, assessment, continuous monitoring, authorization, implementation, and remediation. • Aligns with the Deputy Assistant Director, Information Operations (DAD IO) J-6/Chief Information Officer’s (CIO) key concept of increasing cybersecurity of Defense Health Agency’s (DHA) Information Technology (IT); therefore, robust risk assessment and management is required. • Encompasses lifecycle risk management to determine and manage the residual cybersecurity risk. • This DHA-IPM is effective immediately; it will be converted into a DHA-Procedural Instruction. This DHA-IPM will expire effective 12 months from the date of issue.

  • Identification #: 18-013
  • Date: 9/20/2019
  • Type: DHA Interim Procedures Memorandum
  • Topics: Technology

DHA IPM 18-011: Video Network Center (VNC) Endpoint Standards

Policy

This Defense Health Agency-Interim Procedures Memorandum (DHA-IPM), based on the authority of References (a) through (c), and in accordance with the guidance of References (d) through (g): - Provides guidance for video network endpoint standards required for sites to connect to the Defense Health Agency (DHA) VNC network. These standards will help ensure security compliance, efficiency, and best practices are maintained across the DHA network. Meeting certification requirements brings many benefits, including: increased assurances of a successful video teleconference (VTC) experience, full access to bridge and point-to-point calls, and access to peer video networks, including the Department of Veterans Affairs, academia, and industry partners. Compliance with stated standards does not preclude users connecting to other DoD approved networks. - This DHA-IPM is effective immediately; it will be converted into a DHA-Procedural Instruction. This DHA-IPM will expire effective 12 months from the date of issue.

  • Identification #: 18-011
  • Date: 9/20/2019
  • Type: DHA Interim Procedures Memorandum
  • Topics: Technology

A change in leadership for the Defense Health Agency

Article
9/3/2019
Army Lt. Gen. Ronald Place, the incoming director of the Defense Health Agency, previously served in DHA as director of the National Capital Region Medical Directorate, the transitional Intermediate Management Organization, and the interim assistant director for health care administration. (MHS photo)

Army Lt. Gen. Place installed as third director

Recommended Content:

Defense Health Agency | MHS GENESIS | MHS Transformation

VADM Bono: Why Our Mission Matters

Video
8/30/2019
VADM Bono: Why Our Mission Matters

Recommended Content:

Defense Health Agency

VADM Bono:Notable Changes to TRICARE Health Plan

Video
8/30/2019
VADM Bono:Notable Changes to TRICARE Health Plan

Recommended Content:

Defense Health Agency

VADM Bono:Medical Career Development

Video
8/30/2019
VADM Bono:Medical Career Development

Recommended Content:

Defense Health Agency

VADM Raquel Bono: The end of a brilliant tenure, the beginning of a new chapter

Article
8/30/2019
Vice Admiral Raquel C. Bono

As she completes a 36-year career, Bono looks ahead to “disrupt” health care

Recommended Content:

Defense Health Agency

McCaffery sworn in as new ASDHA

Article
8/29/2019
Assistant Secretary of Defense for Health Affairs Thomas McCaffery was formally sworn into office on August 28, 2019

He will oversee the transfer of management of hundreds of military hospitals and clinics from the Army, Navy and Air Force to the Defense Health Agency

Recommended Content:

Office of the Assistant Secretary of Defense for Health Affairs | Assistant Secretary of Defense for Health Affairs | Defense Health Agency | MHS Transformation

DoD to begin next major phase of military hospital consolidation

Article
8/26/2019
Lt. Col. Juli Fung-Hayes (center), a U.S. Army Reserve emergency medicine physician with the 2nd Medical Brigade, leads a medic team from the 396th Combat Support Hospital, headquartered at Fairchild Air Force Base, Washington, through a trauma and critical care scenario in a field hospital during a promotional photo shoot for Army Reserve marketing and recruiting at Fort Hunter Liggett, California, July 18, 2018. (U.S. Army Reserve photo by Master Sgt. Michel Sauret)

Congress mandated that a single agency will be responsible for the administration and management of all military hospitals and clinics

Recommended Content:

MHS Transformation | Defense Health Agency

Special Needs Program Management Information System (SNPMIS)

Fact Sheet
8/15/2019

SNPMIS documents and reports on services provided to TRICARE patients with special needs.

Recommended Content:

Technology | Solution Delivery Division

DHA IPM 18-007: Service Delivery Management Program

Policy

This Defense Health Agency-Interim Procedures Memorandum (DHA-IPM), based on the authority of References (a) and (b), and in accordance with the guidance of References (c) through (e): - Establishes the Defense Health Agency’s (DHA) procedures for implementing and managing high quality information technology (IT) services by the Chief Information Officer (CIO), Deputy Assistant Director Information Operations (DAD IO/J-6), Military Health System (MHS). The DHA Service Delivery Management program provides customers requesting IT services from the DAD IO/J-6 or Defense Information Systems Agency service catalogs with an on-demand, automated system that provides a single-entry point to submit service requests. The automated system enables DAD IO/J-6 to align business needs and use repeatable and scalable processes to holistically track, manage, and report on customer submitted requests for IT services from submission to fulfillment. - Is binding on DoD Components and supports the Director’s, DHA, responsibility to develop appropriate management models to maximize efficiencies in the activities carried out by the DHA. - This DHA-IPM is effective immediately; it will be converted into a DHA-Procedural Instruction (DHA-PI). This DHA-IPM will expire effective 12 months from the date of issue.

  • Identification #: 18-007
  • Date: 8/7/2019
  • Type: DHA Interim Procedures Memorandum
  • Topics: Technology
<< < 1 2 3 4 5  ... > >> 
Showing results 1 - 15 Page 1 of 9

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing. Download a PDF Reader or learn more about PDFs.