Hospitals are overdue. Their affirming HIPAA compliance is one thing — a very good thing — but it’s not enough to protect them from the dangerous cyber attacks the healthcare industry experiences every day. A giant leap from basic regulatory compliance to the challenging achievement of a genuine cybersecurity culture is needed. Healthcare workers must become highly sensitized to identifying the risks of criminal or inadvertent compromise to valuable personal, patient and organizational data, and then understand how to overcome potential threats effectively. Even with institutional policies, security officers, training programs, and technology-based security protections in place, many individuals continue to make poor decisions that expose important data to extreme risk of compromise and theft.
Your staff, executives and vendor partners must arrive at the point when they’re no longer learning about dangers and protections but have actually incorporated this knowledge into their mindsets and daily practice. Most security professionals know this is easier said than done. Twenty years from now, perhaps consistent security awareness will be second nature for healthcare workers, as it already is for most bank employees — without learning hard lessons from painful breaches first. Let’s talk about how a transformative cybersecurity culture can be built proactively, starting today, instead of waiting until the worst happens to your hospital.