We have all lived with cyber risks for many years now, so many that last October, we celebrated the 21st Cybersecurity Awareness Month. The math doesn’t throw me, but realizing how long we have lived with cyber risks certainly did. I have long known about digital dangers and disturbances such as: 

• The risks inherent in our cyber-lives with scams lurking around every corner. 

• The hassles of modern life with the constant spam and endless pop-up ads.  

• There’s the spooky side, too – the ever-watchful 1984 “Big Brother/Computer Overlord” lurking behind our screens. 

But recently, something feels different. Cyberattacks are escalating fast, and the chaos they’ve caused shows just how unstable things in cyberspace have become as evidenced by these disruptions. 

Just look at what’s happened over the last several months: 

• The Change Healthcare cyberattack.  

• Carrier outages (AT&T).  

• The global IT outage with the CrowdStrike event that shook the world.  

• Let’s not forget the deep fake scam in Hong Kong that defrauded a company of $25 million—through a fake video conference.

These incidents caught my attention and changed my focus. If they haven’t changed yours yet, let this serve as a wake-up call, or at least a notification to heighten your awareness. 

When IT systems go down and are disrupted, it’s not just the hospital that suffers – it’s everyone. EMS systems struggle to deliver high-quality care, nearby facilities get overcrowded and overwhelmed, and performance impacts the hospital that suffers from it. 

These ripple effects are well-documented and felt acutely in real time – helplessness, fear, and frustration. But what may surprise you is just how long the effects linger and ripple throughout a community. 

The “clean-up” after a cyberattack can drag on for at least three years – long after the headlines have faded and extended well beyond the acute period. Studies show that the aftermath can reduce the quality of patient care.  

According to researchers Sung Choi and M. Eric Johnson, post-breach cybersecurity measures often impede productivity, quality, and the clinical care we strive to deliver. And worse, in this case, it contributes to increased 30-day mortality for conditions like Acute Myocardial Infarctions for at least two years. (Other quality matters were also adversely affected.) 

For a deeper dive, check out these articles: 

• Do Hospital Data Breaches Reduce Patient Care Quality? (The answer is “Yes.”) 

• Data breach remediation efforts and their implications for hospital quality 

If you think you’re safe from cyberattacks, think again: 46% of Americans have indicated they’ve encountered a scam or cyberattack at least once, according to a report from Consumer Reports, Aspen Digital, and the Global Cyber Alliance. 

If you haven’t been targeted yet, consider yourself lucky—the odds are starting to stack against you. 

So, I’ve taken the advice of our Enterprise Chief Medical Officer, Dr. Randy Pilgrim, to heart: “Face reality. Adjust.” The reality is we need to better understand this threat to deal with it effectively. 

It’s no longer just about institutional safety—it’s about personal safety, too. Much like locking your doors and securing your valuables, a few simple steps can make all the difference: 

• Use strong passwords for everything. 

• Enable Multi-Factor Authentication (MFA). 

• Stay alert for Social Engineering Attacks like phishing, vishing, smishing, whaling, pretexting, baiting, and typosquatting.

Yes, these are quite a few things to keep track of, and there are others. That’s why you must educate yourself on what to watch out for and do. 

Here is some basic advice:  

1. If you are asked for important private information, be very suspicious.
2. If you feel pressured to respond to a request, take a deep breath, think carefully about your response, and double-check the source.
3. If it sounds ‘too good to be true” or you find yourself wishfully thinking, think again and act rationally.

Note: These are all true of in-person scams as well. In addition, you should anticipate blended scams, which also occur during natural disasters, such as those that have recently occurred. 

There’s a growing consensus that cyberattacks on health care should be treated as disasters—and rightfully so.  Indeed, the disaster framework of Prevention, Mitigation, Preparedness, Response, and Recovery applies very well to cyberattacks. 

The government rightly considers health care as part of the 16 critical infrastructures, alongside transportation, financial services, and utilities. Health care is the most targeted right now, and we need to step up our response. 

We need more education and action, and to work together to protect ourselves, our patients, and our future. 

The 2020s are certainly going to be another decade to remember. Let’s continue doing our part to improve things—for ourselves and each other.