Cyber Security at UNM HSC

The UNM HSC IT team takes information security seriously. We follow strict safeguards to protect you and your loved one's information.

HSC Information Security Office

The UNM Health Sciences Center works to continuously improve IT security safeguards. IT Security assessments are conducted to confirm the effectiveness of (IT) security controls. Improvements are planned and implemented to enhance the effectiveness of most critical controls. Adjustments are made as new IT threats are identified.

IT staff and Security Analysts work with HSC workforce members when new threats are reported. Security awareness and secure computing practices are communicated and updated through annual training.

What is Information Security?

Information Security is about the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. The CIA triad (confidentiality, integrity and availability) encompasses the core principles of information security. The goals are the same for IT Security, Information Security or CyberSecurity: protect confidential information and systems and ensure the integrity and availability of business information assets.

IT Security Analysts are information technology specialists who are accountable for designing and maintaining safeguards that secure electronic data as it is stored, processed, transmitted and/or shared. IT Security Analysts at the HSC provide the following IT security services and support:

Administrative safeguards—Management of the selection and execution of security measures
Technical safeguards—Automated processes to provide data protection and access control
Physical safeguards—Protection of electronic systems, related buildings and equipment from environmental hazards and unauthorized intrusion

Information Security and IT

The Information Security Office develops and supports the HSC IT through IT security policies, analysis of business proposals, and incident response. By adhering to HSC IT standards and baseline security safeguards risks are reduced, compliance is maintained and privacy is protected.

IT security works to maintain privacy by safeguarding Protected Health Information (PHI), sensitive business data and critical systems, while enabling the use of innovative technologies to achieve HSC business goals. By building partnerships with business leaders, HSC departments and user communities, the HSC Information Security Office helps improve awareness of how IT security supports and enables business functions that are critical to the HSC mission.

HSC IT and HIPAA

Compliance with the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) is one outcome of an effective HSC information security program. The HSC Information Security Officer (ISO) is available to help workforce members understand information security policies, standards and regulatory requirements applicable to HSC systems and users. Security awareness updates, notices and alerts are issued on a periodic basis to inform HSC workforce members about threats to HSC information assets.