Skip to main content

Doing Your Part – Protecting Health Care Data

Back to the news

  • Published on: April 29, 2022

Ensuring the security, privacy, and protection of patients' health care data is critical for all health care personnel. Good medical records are essential for the continuity of care for patients. But with this type of data retention comes risk. The health care industry continues to see a steady increase in breaches. In 2020, 79 percent of all reported data breaches were in the health care sector. Here are some cybersecurity and privacy tips from the United States Department of Health and Human Services:

Establish a Security Culture

95 percent of security breaches occur due to human error. It is imperative that education and training are frequent and ongoing. VA requires all personnel complete applicable VA and VHA-required privacy training at the time of employment, annually and when updated training is required.

Beware of Phishing

Phishing is the fraudulent practice of contacting people via email, text, or phone to obtain personal information such as passwords, Protected Health Information (PHI), Personally Identifiable Information (PII) and financial information. Immediately report any Phishing attempts to the Cybersecurity and Infrastructure Security Agency.

Use Strong Passwords and Change Them Regularly

Strong passwords will offer the greatest protection. You should use at least eight characters (the longer, the better), a combination of upper and lowercase letters with a number and at least one special character. This will help prevent hackers from manually guessing or using applications to hack your passwords.  Use multi-factor authentication whenever possible.

Plan for the Unexpected

Create backups and store them in a secure location. Having backups will give you the upper hand in a ransomware situation, as you’ll be able to recover your data and restore your system quickly in the event of an intrusion.

Control Access to PHI

Not everyone needs access to private information. There are key pieces of information that immediately allow bad actors to target an individual. Still, cybercriminals can piece together less significant information to achieve the same goal. Use access control lists to allow access to those who need it and be aware of your user permissions.

Our commitment to digital and IT transformation is shaped by daily dedication to customer service and the close collaboration of our workforce, managers, and leaders. Ready to join us in improving Veterans’ care? Check out all current information and technology career opportunities on DigitalVA. You can also contact VA’s Office of the Chief Human Capital Officer at 512-326-6600, Monday thru Friday, 7 a.m. to 5 p.m. CST or by submitting a resume to

Share This Story

Page last updated on April 22, 2022


An official website of the U.S. Department of Veterans Affairs

Looking for U.S. government information and services?

We’re here anytime, day or night - 24/7