According to a recent 1Password report (via HealthITSecurity), burned-out employees were three times as likely to say security rules “aren’t worth the hassle,” compared with respondents who weren't burned out. Exhausted employees were also much more likely to either pick an easy password or stick with the same password for everything – 59% of burned-out employees, 16% higher than workers who weren't experiencing burnout. The evidence is clear: Employee burnout is a "severe, pervasive and multifaceted security risk."
It would be easy to dismissively write off burnout as a common, unavoidable problem, but the reality is that the cybersecurity of healthcare infrastructures is becoming weaker because of it. After two years of constant crisis, healthcare workers are so worn out from triaging patients and witnessing deaths that remaining vigilant regarding cyberthreats feels comparatively abstract. Couple this with the vastly changed threat landscape due to new protocols, telehealth initiatives, and mHealth, burnout and ambivalence has become more commonplace. When security isn't a priority, threat actors can capitalize on a perfect storm of vulnerability and inattentiveness to swoop in and take advantage, ironically making it harder for weary healthcare workers to do their jobs.
Burnout obviously isn't the only issue. When leaders inside and outside the healthcare industry felt compelled to rapidly pivot their organizations to these remote and hybrid work models, cybersecurity structures lagged – and threat actors got ahead. While most organizations had a strategy in place for the pre-COVID paradigm, the new operational landscape often neglected these additional cybersecurity loopholes. Even for hospitals that retained most of their employees as essential front-line workers, remote work shifts and BYOD by non-essential workers and supply chain providers created gaps for malware and other threats to enter organizations unknowingly.
The right time to rethink cybersecurity Now, as we're finally experiencing a respite from the viral surges that continued in 2020 and 2021, healthcare leaders must take action to fortify their organizations against digital threats – not just through updating their hardware and software, but also by supporting their people. Throughout the pandemic, limited resources were rightly prioritized towards caring for critically ill patients, pushing their caretakers' well-being into the backseat; there's no longer any excuse to maintain that status quo.
