This three-part series of blog posts was motivated by the healthcare industry’s continuing vulnerability to cyberattacks, as demonstrated by the hundreds of security breaches reported over the last year. We have already seen over twice as many breached patient records as 2018’s total of 15 million, with 332 incidents affecting almost 36 million records. The HIPAAjournal notes that 42 of August’s reported 49 breaches occurred in provider organizations. Some, maybe most providers have upgraded IT-based security protections and provided training to workers but whatever the strategies, they haven’t been adequate. Without a doubt, hospitals and other providers must do more.
Hopefully, the series will inspire providers to engage in an enduring effort to achieve a top-to-bottom cybersecurity culture that will effectively prevent or neutralize criminal attacks. In Part 1 we outlined overall conceptual strategies for designing an enterprise-wide cybersecurity culture-building program that will protect patients from data compromise, empower employees, comply with HIPAA, and reinforce the viability of our healthcare organizations. In Part 2, we took a deeper dive into current-state assessment and planning activities, with a strong focus on the need for a deliberately disruptive plan of integrated actions to foster long-term culture change.
Here in Part 3, we offer recommendations for incorporating specific approaches in your hospital’s culture change plan, with the intention of charging up your workforce, keeping them engaged, and helping them integrate best cybersecurity practices into their everyday lives.