8 Ways to Create a Strong Security Culture and Strengthen Incident Response in Healthcare

Basic cyber hygiene is just as important for healthcare professionals as personal hygiene, according to John Riggi, senior adviser for cybersecurity and risk with the American Hospital Association and a 28-year veteran of the FBI.

“It should be second nature to lock the computer when you walk away and not to share passwords,” Riggi says. “We need to make that as routine as washing your hands before you see a patient and after you leave a patient’s room. For that routine to become muscle memory, that’s the state we’d like to achieve.”

With clinical staff often focusing their attention on making critical care decisions and juggling the needs of many patients at once, hospitals and health systems are especially vulnerable to phishing and ransomware attacks that take advantage of distracted workers. To mitigate this risk, technology and information security leaders are stepping up their efforts to create a culture of security — one in which managers can effectively communicate about the latest major threats and employees can take the right steps to address a threat.