Cyber Security Strategies Must Consider the Mental Health of Staff

With cyber-attacks on the rise, organizations need strict cyber security measures to prevent
full-blown breaches from causing damage to finances, reputation, and the mental health of those involved. The impact of a ransomware attack can be debilitating and long-lasting on a company’s business and morale.

According to the Canadian Medical Association Journal, there have been at least 14 major cyber-attacks on Canadian health information systems since 2015, with serious impacts, including ransomware.

This impact was severe after the coordinated ransomware attacks on Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare and Windsor Regional Hospital, and their shared service provider, TransForm Shared Service Organization. The resulting stolen data was published online and negatively impacted
operations as teams worked to restore services.

Overlooking the human factor of cyber security: While good cyber security practices typically focus on computing devices and networks, the human factor is often overlooked. Healthcare IT security professionals are always on high alert and the fear of missing a critical threat or vulnerability can lead to stress and anxiety. From the ongoing risk of ransomware attacks to phishing emails and malware, it can feel that cyber security threats are becoming more advanced and persistent.

IT workers bear the responsibility of safeguarding sensitive patient record systems and data, critical care management systems that lives depend on. The fear of making a mistake that could compromise patient safety or privacy can weigh heavily on their minds. And the relentless pace of cyber security work, especially during incidents or breaches, can lead to burnout and high-pressure situations that take a toll on mental health.

Supporting the mental health of IT security professionals is crucial for their well-being and effectiveness. Flexible work schedules, backup staff, and health plans are just the beginning. Companies should also promote work-life balance, encourage employees to take breaks and disconnect from work when needed, and help workers monitor and reduce stress levels.

The importance of company-wide awareness and protection: Cyber security stress is inevitable among security professionals, and discussing burnout can be complicated. However, IT security leadership must address these workplace issues to avoid compromising team members’ well-being, talent retention, and productivity.

One way to support IT team members is to spread the responsibility of cyber security among all staff to proactively enhance the organization’s security posture. This can be accomplished by:

• A security-first culture backed by enforced policies and guidelines that define expected behaviours and outcomes.
• Mandatory security training to reduce vulnerabilities and emphasize ownership by teaching everyone how to respond to a perceived cyber-attack.
• A disaster recovery plan that addresses safe data storage, backup, and quick recovery from a data-destructive event, assuring employees, patients, and partners that their information can and will be protected.

Remember, cyber security is everyone’s responsibility. By fostering a security-conscious culture, organizations can significantly reduce risks and protect valuable assets. By prioritizing employee well-being and implementing measures to mitigate the impact of cyber-attacks, healthcare organizations can better protect their patients, customers, and
critical infrastructure.