A thorough risk assessment is prudent for any organization, but is particularly essential for companies in the healthcare industry. Protecting patient data is important, and failing to have robust security measures can shut down facilities and have life-or-death ramifications.
However, implementing industry-standard cybersecurity practices can inhibit clinicians’ work, also leading to life-and-death consequences. For example, systems that prevent log-ins if clinicians are logged in elsewhere can interrupt or delay surgeries. That is why I feel that cybersecurity professionals should spend quality time with their healthcare clients, conducting in-depth interviews and visiting their workplaces, to develop cybersecurity measures that balance clinicians’ vital workflow operations with security and patient privacy.