On their private servers and hard drives, shared across an internal network of computers, tablets, and smart devices, hospitals depend on patient data to help inform treatment, coordinate care, bill insurance, and prevent emergencies. For all the efficiency and improvements this data provides, it also carries risks, such as making hospitals a rich target for cyber attacks.
Most recently, hackers and cyber criminals have been utilizing a particularly powerful and effective weapon called ransomware. More than 88 percent of today’s ransomware attacks specifically target hospitals. Rather than stealing files or someone’s identity, ransomware quietly infiltrates all the files and applications of a computer network, causing all connected devices to shut down. The first sign that something is wrong is often the ransom note, giving users instructions on how to electronically pay off their hackers to have their computers restored to normal, or else risk all data being erased.
Ransomware is just the latest form of cyber attacks threatening clinical organizations, embodying the ways in which technology is changing the roles and responsibilities of caregivers and their leadership. Ransomware, and cyber-attacks in general, can impact every aspect of a clinic and all its operations. Because of the networked nature of modern hospital computer systems, every user has a role to play in keeping the system secure, including nurse leaders and administrators for whom cyber security has become a core part of their responsibility.
Leading Preventative Strategies and Integrating Security with Clinical Workflows
Raising awareness of cyber security and the risks of ransomware attacks is part human resource challenge, part business management challenge. Nurse administrators play an important role in influencing the day-to-day behavior and habits of clinical staff through regular communication and leveraging the relationships they build with their subordinates and peers. This means encouraging all staff to take ownership of their network security and leading by example. At the same time, updating operational standards to address cyber security can help create uniformity. When it comes to security, having everyone throughout a hospital on the same page in terms of norms and expectations is crucial. Nurse administrators act as both advocates for and representatives of their staff, influencing how protocols are developed and explained. They can adjust operational standards and support strategic planning across their organizations to make cyber security a key element of routine tasks.
Examples of resilient cyber security policies can entail routine password changes, updating guidelines on how, when, and where staff may access the internet, and frequent briefs on red flags to look for in emails or on websites. In putting these strategies into practice, the important thing is for leadership to set clear expectations and take steps to measure and maintain compliance.
The clinical backgrounds of nurse administrators also aid greatly in setting and enforcing standards for the safe use of information technology. Their perspective into the realities of bedside caregiving can help ensure policies fit into the workflow of all hospital staff. Nurse leaders will need to be sensitive to the operational challenges of clinical staff in order to help them make security standards fit organically into their daily behavior.
Nurse administrators who combine their frontline experiences with advanced leadership training have the opportunity to guide their teams in the fight against ransomware. When it comes to putting these strategies into practice, their combination of experience in medicine and leadership training can equip them to make cyber security best practices accessible to nursing staff.
Teaching Staff to Talk to Patients about Security
As ransomware attacks have demonstrated, cyber security is as much about protecting patient safety as it is protecting the hospital, financially and logistically. A ransomware attack may only disrupt a hospital’s operations temporarily, but the impact on an individual patient can be long-lasting and severe. Identity thefts, insurance fraud, loss of personal privacy are all possibilities when health data is compromised.
Given this context, patients have good reason to be concerned about the security of their health and personal data at the hospital. Patients may not understand the ransomware threat specifically, but they are increasingly aware of the broad risks that accompany digital records. Providing optimal care in the digital age means combatting patient fears as well as cyber threats.
Nursing staff will need the support and guidance of their leadership in order to handle common patient questions and alleviate their concerns. As nurses are often the face of the organization for patients, their ability to communicate about cyber security is important to preserving trust. Nurse administrators who have a proactive set of security standards in place can equip their staff to mitigate patient worries. Nurse leadership can also go further by providing focused training for staff on how to communicate effectively with patients and explain hospital policies on cyber security. By anticipating patient queries and giving staff practice discussing technology in terms of risk management, nurse leaders can help their staff and patients feel more confident about the computerization of hospitals.
Keeping Up with a Changing Risk Landscape
Ensuring that their strategies are relevant and effective requires nurse leaders to have awareness of industry-wide changes, both in technology and administrative strategies. The tricks and tools cyber criminals use to launch ransomware attacks are constantly changing. Likewise, health data solutions are constantly changing and evolving both to better serve patients and to keep up with cyber threats. Nurse leaders will need to keep themselves current with best practices in order to communicate an evolving, responsive strategy to their staff.
In this respect, becoming a nurse leader requires individuals to learn how to teach themselves, as well as teach others. Self-education has always been important in the practice of medicine, but additional flexibility is required so that nurse leaders can quickly pivot and turn their own learning experiences into actionable lessons and ongoing training. Teaching in today’s evolving environment takes a blend of time-management, critical thinking, and a talent for communication.
It is a dynamic time for the health care industry and the caregivers working in it. Fighting against ransomware attacks is currently the biggest cyber security challenge hospitals face, and the skills and strategies that nurse leaders leverage to prevent these attacks can prove valuable even as the technology continues to transform. As cyber security practices continue to become an integral part of hospital and caregiver daily operations, it is critical to have nurse leaders who are committed to learning, teaching, problem-solving and using their influence to empower their teams to help protect their patient and organization data.
Norwich University has been a leader in innovative education since 1819. Through its online programs, Norwich delivers relevant and applicable curricula that allow its students to make a positive impact on their places of work and their communities.
Norwich University’s online Master of Science in Nursing program helps students hone their knowledge and skills to assume leadership positions in healthcare systems, nursing informatics or nursing education. The program aims to develop students who could take a role in shaping health policy, in educating other nurses and health care professionals, and in providing advanced care to their patients. Norwich’s online nursing program coursework has been developed based on guidelines by the American Association of Colleges of Nursing, and the program is accredited by the Commission on Collegiate Nursing Education.
Hospitals are hit with 88% of all ransomware attacks, Becker's Hospital Review
Health at a Glance 2015, Organisation for Economic Cooperation and Development
Cybersecurity’s Human Factor: Lessons from the Pentagon, Harvard Business Review
Health IT creates lose-lose situation for physicians, Medical Economics