Build the CyberSecurity Culture Your Hospital Needs, Part 2: Necessary Disruption

This year we have already witnessed twice as many breached patient records as 2018’s total of 15 million, with 285 incidents reported through June. In just the first week of September, five providers reported patient data breaches caused by successful phishing exploits that affected at least 20,000 patients, according to industry watchdog HealthITSecurity. Though many hospitals have improved  IT-based security protections and provided training to workers, dangerous data breaches are increasing rapidly across most organizations, often due to employee negligence. It is apparent that hospitals must do much more to inspire a strong top-to-bottom cybersecurity culture that will deflect or neutralize criminal attacks.

In Part 1 of this series, we examined and outlined overall conceptual strategies for designing an efficient enterprise-wide cybersecurity program that will multi-task: protect patients from data compromise, empower employees, comply with HIPAA and other regulations, and help the executive leadership team sleep better at night. We considered essential criteria such as sustainability, scalability, and aligning cybersecurity awareness with the bigger vision: your organization’s strategic goals, employees’ self-interest, and patients’ privacy.

Here in Part 2,  we’ll take a deeper tactical dive into practical solutions for achieving a sustainable security culture. Part 3, coming soon, will offer a panoply of culture-change action items gathered from across the industry