By Nadia ElKaissi, CHTM
Let’s face it: when it comes to cybersecurity, many leaders in the healthcare technology management (HTM) field fall back on the classic excuse, “Technology and computers are not my forte.” This is the professional equivalent of saying, “I skipped my flu shot because needles scare me.” But in today’s healthcare environment, where patient safety, trust, and even lives are at stake, cybersecurity isn’t a task to be handed down the HTM or IT hallway – it’s a leadership priority.
Imagine you’re a hospital executive leader, and someone tells you the surgical wing has a water leak that could compromise equipment sterilization. Would you shrug and say, “I’m not a plumber?” Of course not! You would ask questions, understand risks, and work with engineering or facilities to make decisions to fix the situation. So why does cybersecurity – a risk that can paralyze operations, compromise patient data, and destroy trust – get less attention? The truth is, cyberattacks don’t care if you are fluent in tech jargon. Whether it’s ransomware locking down an entire network or a phishing email sneaking past your staff, the fallout lands squarely on leadership’s shoulders.
Healthcare has become the favorite playground for hackers. Medical records fetch a higher price on the dark web than credit card numbers, and Internet of Medical Things (IoMT) devices, like insulin pumps and heart monitors, are often undersecured. The consequences of a breach aren’t just financial – they’re life-threatening. A hacked MRI machine or compromised ventilator isn’t just a headline, it’s a patient safety crisis. So, when leadership waves off cybersecurity with an “I don’t understand computers,” they’re essentially handing hackers the keys to the hospital.
So, how do we change the mentality from “Not my problem” to “My responsibility?” The good news is that you don’t need to know how to code or configure firewalls to be an effective cybersecurity advocate. But you do need to embrace a leadership mindset that prioritizes cybersecurity as part of your organization’s risk management strategy.
1. Learn the Basics: You don’t need to become the next Bill Gates, but understanding key concepts like ransomware and zero trust can go a long way. Think of it as learning CPR – not because you’ll perform surgery, but because knowing the basics could save lives.
2. Invest in Training: Your employees are your first line of defense. Regular, engaging cybersecurity training can help prevent human errors, which account for a significant number of breaches. And no, a single boring PowerPoint presentation from 2017 doesn’t count.
3. Ask the Right Questions: You don’t need to know the difference between a VPN and a VLAN, but you should be asking questions like:
• Are we regularly testing our cybersecurity defenses?
• What’s our incident response plan for a data breach?
• Are we isolating our networked medical devices?
• Are we following our vulnerability management procedures?
Your HTM teams aren’t expecting you to solve problems – they just need your support to prioritize and fund the solutions.
4. Be a Champion, Not an Obstacle: Cybersecurity requires resources, and HTM teams often face pushback from executives who see it as unnecessary costs. Flip the script: cybersecurity is an investment in patient safety and trust. Every dollar spent on prevention could save millions in breach recovery costs and reputation damage.
Let’s turn the “I Don’t Know” into “Let’s Figure It Out.” The best leaders aren’t the ones who have all the answers – they’re the ones who ask the right questions and empower their team to act. Cybersecurity isn’t about understanding every technical detail; it’s about creating a culture of awareness, preparedness and accountability.
So, the next time a phishing simulation lands in your inbox, don’t groan or roll your eyes. Recognize it for what it is: a life-saving drill. And if you don’t understand something, don’t hide behind “I’m not a tech person.” Instead, lean in, ask questions, and commit to learning. Because in the healthcare world, where lives are literally on the line, “I don’t understand networking” isn’t just outdated – it’s dangerous. And as an HTM leader, you have the power to turn cybersecurity from a daunting challenge into a strategic advantage.
