Patricia Washburn

Technical writer, cybersecurity analyst, copy editor, web developer

Cyber Care Is Patient Care

Cyber Care Is Patient Care

First Do No Digital Harm: Why Cybersecurity is the New Frontline of Patient Care

When you think about patient safety, you probably think of strict sterilization protocols, double-checking dosages, verifying patient identities, and maintaining a clean environment.

Today, though, patient safety encompasses an entirely different kind of invisible threat. It requires us to look beyond the physical borders of our clinics and hospital floors. In the modern healthcare environment, cybersecurity is no longer just an “IT issue.” It is a fundamental pillar of patient care and organizational resilience here at Rush.

To understand why our digital protocols—like multi-factor authentication, complex passwords, and phishing training—are so vital, we have to look at the broader, and sometimes surprising, landscape of global cyber threats.

Global Conflicts, Local Impacts
It is easy to assume that geopolitical conflicts happening thousands of miles away have little bearing on our day-to-day operations at Rush. However, the digital world has erased those borders.

Hospitals and healthcare systems are increasingly caught in the crossfire of international disputes. Nation-state actors and organized cybercriminal syndicates frequently target critical U.S. infrastructure—and healthcare is at the very top of that list. Why? Because the work we do is quite literally life or death. Attackers know that disrupting healthcare operations creates maximum chaos, panic, and pressure.

Consider the recent cyberattack on Stryker, a major medical technology company. Security analysts attributed this breach to Iranian nation-state actors, viewing it as a retaliatory strike related to ongoing conflicts in the Middle East and U.S. foreign policy. This wasn’t just a random group of hackers looking for a quick payout; it was a calculated geopolitical move aimed at disrupting the American medical sector.

When a foreign actor wants to strike at the U.S., they don’t necessarily need to target military bases. They can simply target the technology that keeps our patients breathing, our records accessible, and our surgeries on schedule.

The Domino Effect: Third-Party Supply Chain Risks
You might be thinking, “Our IT department at Rush has strong defenses. Why should I worry?”

While our internal security is robust, healthcare today relies on a massive, interconnected web of third-party vendors. This is known as our digital supply chain. We use external software for medical imaging, billing, lab results, and even the smart pumps that deliver IV medications.

If a hacker cannot break into Rush directly, they will try to break into one of our vendors. If a vendor’s software is compromised, the ripple effect can instantly reach our hospital floors. A breach in our supply chain can mean that vital patient history is suddenly unavailable, surgical schedules are wiped out, or ambulances have to be diverted to other facilities.

When a vendor is hit, patient care is delayed. In healthcare, delayed care is denied care.

Reframing the “Annoyance” of Cyber Hygiene
As healthcare workers, your days are incredibly busy. You are dealing with high-stress situations, and the last thing you want is another administrative hurdle. It is easy to view two-factor authentication prompts and required training as annoying interruptions to your workflow.

Let’s reframe how we view these digital speed bumps. Think of cyber hygiene the exact same way you think of hand hygiene. Washing your hands, wearing PPE, and sanitizing equipment take extra time, but you do them without question because they help protect your patients.

Cybersecurity protocols are the digital equivalent of scrubbing in. By protecting your login credentials, you are protecting the patient’s privacy, their treatment plan, and the operational integrity of Rush. You are keeping the digital environment sterile.

Your Role on the Frontline
You do not need to be a computer expert to be a vital part of Rush’s cybersecurity defense. You simply need to remain vigilant. Here is how you can protect your patients every day:

  • Pause before you click: Phishing emails are the number one way hackers gain access to hospital networks. If an email looks urgent, threatening, or slightly “off” (even if it appears to be from a colleague or a familiar vendor), take a breath. Verify the sender by phone or in person before clicking links or downloading attachments.
  • Protect your credentials: Never share your passwords or badge access with anyone, even to help out a busy colleague. Hackers only need one valid login to infiltrate a network.
  • Report the unusual: If a medical device is acting erratically, if your computer is running unusually slow, or if you notice suspicious pop-ups, report it to the IT Help Desk immediately. It is always better to report a false alarm than to ignore a genuine breach.
  • Embrace the updates: When IT pushes a software update to your workstation or requires multi-factor authentication, recognize it as an essential upgrade to our patient safety shields.

As healthcare professionals, you dedicate your lives to healing and protecting others. By understanding the global threats we face and embracing safe digital practices, you extend that protection into the digital realm. Every time you spot a phishing email, and every time you secure your workstation, you are actively defending Rush—and most importantly, you are keeping our patients safe.