Cybersecurity Tips for Smaller Hospitals Benefit Large Ones, Too

By Fast Practice
April 17, 2019

Several breaches involve mistakes or malicious behavior, so all health care organizations can benefit from these suggestions.

Smaller hospitals have fewer resources than their larger peers to invest in information technology, particularly cybersecurity. However, they still need to meet the same basic standards as larger facilities.

It’s a dilemma pointed out in an article published recently in Health Data Management. Author Brian Stone brings up a few helpful reminders for community and regional hospitals to make the most of their IT security budget: 

Monitoring cloud-based environments: By monitoring, smaller hospitals’ IT departments develop insight into how users interact with their applications, making it easier to secure and optimize their business systems.

Training and rewarding appropriate behavior: By training users on security and regulations, and creating a compliance culture, smaller hospitals can become more secure. It helps more if they sanction offenders while rewarding positive behavior.

Using a third-party security vendor: Using a third party takes an extra monitoring load off IT’s plate. Such vendors might also be able to train new employees, conduct ongoing educational sessions and tackle internal problems as they arise.

Of course, many health care organizations, large and small, fail to allocate enough of their budgets to these problems until they’ve had a severe breach. Several breaches involve mistakes or malicious behavior, so the kind of training advocated by Stone can be effective in both environments. (In other words, if all you must do is fight off the occasional outside marauder, the data assets may be more secure than you think.)

That said, creating a security-conscious culture takes not only training, but also time. It helps that many younger employees are exposed to data security just by being raised in an IT-connected generation. However, many workers will find security counterintuitive, so you need to get them on board. You want as many people as possible available to recognize when something bad occurs.

Put another way, it’s important to remember that IT security isn’t a one-off exercise, but rather something that needs to be embedded in the way people work, in much the same way as patient safety considerations are among clinicians. If you integrate security thinking into your team’s habits and workflow, you’re likely to accomplish a great deal.

Topics: Technology

Podcast: Is Telehealth the New Black?
Why Hospitals Should Keep Moonlighters on Hand
Online Courses - Transition from Leadership to Management

Popular Articles


About Physician Leadership News

Now more than ever, physicians are leaders in their organizations and communities.

The American Association for Physician Leadership maximizes and supports physician leadership through education, community, and influence. We promote thought leadership in health care through our Physician Leadership News website, bimonthly Physician Leadership Journal and other channels.

We focus on industry leadership issues such as patient care, finance, professional development, law, and technology. Association announcements and news of association events can be found.

Send us your feedback at

Journal Submission Guidelines

AAPL's award-winning print publication, the Physician Leadership Journal, welcomes originally authored manuscripts for peer review that meet competency, formatting and preparation criteria. To review these guidelines and other information regarding submissions, click here.