The most proactive first step is for healthcare organizations' security leaders to seek out responsive, custom-tailored, and comprehensive cybersecurity measures – both modern technologies and the related expertise needed for effective implementation. This must include regulatory compliance, plus practical consideration of measures that will be effective not only under attack, but also despite burned-out employees. By updating their digital infrastructures with technologies capable of withstanding today's and tomorrow's cyberthreats, leaders will ensure that their workers won’t have to work overtime defending their threat landscape – or suffer doubly if the defenses fall short despite their best efforts.
As healthcare systems invest in newer and better security technologies, they must also invest in new people – including people to constantly monitor the security software for red flags, perform regular updates, and provide the essential training needed to understand what the security software is telling them. At a time when many cybersecurity teams are buried under mountains of unpatched and under addressed issues, actively tracking and managing results enables organizations to stay up to date with the latest security measures. This proactive approach will save hospitals from last-minute IT scrambles when cyber threats are imminent.
Last but not least, healthcare systems must conduct risk assessments more often than occasionally or annually. The cybersecurity landscape is moving far too fast for once-a-year check-ups, as today's threat actors are continuously strategizing new ways of causing harm. Quarterly or even monthly targeted assessments and tests will give security leaders a more informed idea of where things stand, and allow for easier backtracking should an attack occur. By doing these types of targeted assessments, burned out cybersecurity teams will not feel as overwhelmed as going through full organizational risk assessments.
There's little question that relieving healthcare workers from the burnout they are experiencing will result in better performance in the workplace, including superior care for patients, stronger cohesion with the organization's overall goals, and ensuring the availability of patient care resources. Given the critical importance of cybersecurity, and the extent to which hackers rely upon both technological and human weaknesses to exploit systems, strengthening the human line of defense is a critical step in protecting healthcare infrastructures against the next wave of attacks.
About the author: Dr. Thomas Graham is the chief information security officer for CynergisTek.Back to HCB News
