Written by: Guest Writer

Posted on: February 11, 2019

With 91% of all cyberattacks coming from phishing emails, providers’ vulnerability to email-borne malware is still high. Employee negligence is the main cause of data breaches, according to a state of the industry report by Shred-it, an information security company. The report found that 47 percent of business leaders said human error such as accidental loss of a device or document by an employee had caused a data breach.

In light of the threat data breaches impose, it’s imperative that organizations re-prioritize their strategy to make employee cybersecurity awareness critical. Cybersecurity attacks are at an all-time high and hackers are focusing on gaining access through the utilization of people, so it is crucial to emphasize creating a strong cybersecurity culture based on awareness and understanding of what cybersecurity is and how it can affect an organization.

Securing information and systems that support the health care organization involves much more than technology, and it is often mistakenly viewed as only the information security organization’s responsibility.

Education is the strongest defense

Our attention and area of focus continues to be executed as technology, process and people, verses the people, process, then technology. We need to remember that professional cyber criminals do not attack machines, they attack people.

Therefore, ensuring employees are educated about cybersecurity awareness and know what to do if such an attempt is made is a vital part of any organizational security strategy. It is essential to have a cybersecurity framework in place that addresses both the technical and non-technical aspects of cybersecurity.

This means taking into account not only the technologies involved, but also the governing aspects and processes to be followed, and the training around security awareness and security incident response management.

Creating a human firewall…it takes everyone, not just IT 

Establishing a cybersecurity culture advocates the need that everyone, including executive leadership and management, has an equal part in cybersecurity. Because it is not only an IT responsibility to prevent data breaches, but an overall organizational responsibility.

Securing information and systems that support the health care organization involves much more than technology, and it is often mistakenly viewed as only the information security organization’s responsibility.

Technology is just one part of security, and although Information Technology Services plays a critical role, the reality is that the entire organization needs to be engaged to help reduce cybersecurity risks. When employees are properly prepared to participate in their organization’s cybersecurity awareness training program and compliance awareness campaigns, they will be strongly motivated to safeguard the organization systems and information while recognizing that they play an important role in keeping data and systems safe and secure. When fully engaged, this creates a formidable human firewall which is a key element in building a strong cybersecurity culture.

We need to remember that cybersecurity isn’t just about data security — it’s also a matter of life and death. Change the culture, focus on your people, improve patient care, and build your human firewall because the best technology in the world will still fail if your people fail.


Michael Archuleta
CIO, HIPAA & Information Security Officer
Mt. San Rafael Hospital

Recognized as a Top Hospital and Health System CIO to know & named a Rising Star in Healthcare, Michael is a cutting edge, innovative, visionary leader who possesses strong leadership skills with extensive experience & a proven track record of driving increased levels of productivity, profits, high integrity customer relationship skills & expert problem-solving approaches.

Michael currently serves on the board of directors for The Neural Network, a CXO advisory board facilitated by NetApp, and a Healthcare Ambassador for Fujitsu of America. He is also an active member of CHIME, a strategic advisor to healthcare startups and an active Speaker within the field of HIT.

Post a Comment

Your email address will not be published. Required fields are marked *