Three Lessons on Healthcare Cybersecurity & Beyond

I have learned quite a bit about the healthcare cybersecurity space and critical infrastructure security and resilience this past month. The following are my observations, based upon what I learned during the NIST/OCR HIPAA conference, the HIMSS Healthcare Security Forum, the Industrial Control Systems Joint Working Group conference, and my speaking to health policy and management graduate students.

1. More people are interested in healthcare cybersecurity (and cybersecurity, generally).

Relatively speaking, cybersecurity may be of interest to a lot of people. But, most people do not want to get “too deep” in the weeds as far as the technical information. More people are interested in learning about healthcare cybersecurity (and cybersecurity generally). However, I have also found that the “depth” to which they want to learn may vary. Getting too technical with jargon may lose many people. Cybersecurity information (and education) must be communicated in a way in which anyone can understand it.

However, increased cybersecurity literacy and awareness can reduce risk from the human element. For these reasons, I think that it is absolutely fantastic that more people want to learn about what is happening in the cybersecurity realm. We need to stay ahead of the threat.

Yet, there are definitely those professionals (and students) who are interested in getting into the cybersecurity field. These are the individuals who do not mind getting deep into the technical details. In fact, they thrive on the challenge. For these individuals, I applaud your interest, enthusiasm, and drive: we need more of you to keep our information systems (and data) safe and secure.

2. People want to know more.

While not everyone may want to be in the trenches of cybersecurity, people want to learn more about how cyberattacks occur and how they can do their part to protect their organization and its assets. This is a great development. It used to be that people really did not care about cybersecurity (or the hidden dangers).

An excellent way for you to know more and get more involved in healthcare cybersecurity is to join our HIMSS Healthcare Cybersecurity Community. We have free monthly healthcare cybersecurity webinars. On Sept. 27h from 2-3pm ET, we will talk about National Cyber Security Awareness Month and how you can get involved. So, if you are not already a member of our Community, please join today:

3. Too many silos, not enough information sharing.

Conferences can be an excellent way to share information with trusted peers. Our HIMSS Healthcare Security Forum events and our HIMSS Annual Conference are great ways in which you can get the latest and greatest information (and intelligence.) But, why limit yourself and your opportunity to learn about what is happening to once, twice, or a few times a year? Additional avenues of information sharing include the HIMSS Healthcare Cybersecurity Community, InfraGard, US-CERT, and other entities and organizations.

Information sharing is valuable since it helps us (and our organizations) stay ahead of the threat. Either we learn about threats that may occur (but have not happened yet in the field) or we may learn about threats that may have already occurred to other entities, either within our healthcare sector or external to our healthcare sector (e.g., financial, manufacturing, energy, etc.). So, it makes sense to not just share information with our healthcare peers, but also with colleagues in other sectors (e.g., financial, manufacturing, energy, and others.)


The future is bright for healthcare cybersecurity. It is a definite plus that there are more people interested in cybersecurity (including those wishing to get more involved with this field). Whether you are a seasoned IT security professional, physician, nurse, office manager, or an informaticist that now has cybersecurity responsibility at your organization (or an up and coming professional in the field), we need your help to improve the state of healthcare cybersecurity. In closing, I am sincerely appreciative of everyone who is helping us fight the good fight.