by June Kaminski, RN MSN PhD(c)
Editor in Chief
CJNI was initiated by June Kaminski in 2006 when she was President-Elect of CNIA. She is currently Faculty and Chair of a BSN Advanced Entry nursing program at Kwantlen Polytechnic University; Communications Officer, Webmaster, and former President of the Canadian Association of Nurses for the Environment and Editor in Chief of the Online Journal of Nursing Informatics. In 2012, June was honoured to receive the CASN and Canada Health Infoway’s inaugural Nursing Faculty E-Health Award 2012 in Ottawa Canada. She also won the Distinguished Teaching Award from Kwantlen Polytechnic University in 2016. She offers the Nursing Informatics Learning Centre with accredited CEU informatics courses.
Citation: Kaminski, J. (2024). Editorial. October is Cyber security Awareness Month—A call to stay vigilant, especially in healthcare. Canadian Journal of Nursing Informatics, 19(3). https://cjni.net/journal/?p=13467
October is traditionally associated with the changing seasons, pumpkin-spiced everything, and a looming sense of winter. But in the digital age, it holds another crucial significance—Cybersecurity Awareness Month. Since 2004, this initiative, co-led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA), has grown in prominence (Cybersecurity and Infrastructure Security Agency (CISA), 2024). It aims to raise awareness about the importance of securing our digital lives in an increasingly interconnected world. This message is particularly critical for the healthcare industry, which faces unique and growing cybersecurity threats.
The digital world, for all its conveniences, has also birthed a growing battleground. The average person is more connected today than at any time in history—smartphones, wearable devices, home assistants, and the Internet of Things (IoT) are woven into our daily routines. Each new connection represents another potential vulnerability. Cybercriminals, once seen as lone hackers in dark basements, have evolved into sophisticated networks with motivations ranging from financial gain to political influence.
Healthcare is among the most targeted industries by cybercriminals. Sensitive data, such as patient records, makes hospitals, clinics, and nursing facilities prime targets. In 2023 alone, cyberattacks on healthcare organizations skyrocketed, leading to breaches of millions of patient records, interruptions in care, and even significant financial losses. The global healthcare cybersecurity market is projected to reach $37 billion by 2027 as more hospitals and care facilities look to strengthen their digital defenses (Global Market Insights, 2023).
For healthcare professionals, including nurses who are often on the frontline of patient care, cybersecurity isn’t just a technical issue—it’s a matter of patient safety. When a hospital’s systems are breached, it can compromise life-saving operations, delay treatments, and even endanger lives. From ransomware attacks to phishing attempts targeting staff, the threats are real, and the stakes are high.
Cybersecurity Awareness Month provides a unique opportunity for healthcare institutions and professionals to come together with a unified goal: to be more informed and better prepared. For nurses, doctors, and other frontline workers, the connection between cybersecurity and patient safety is becoming clearer. The month focuses on easy-to-follow guidance on key security practices such as recognizing phishing attempts, using strong and unique passwords, enabling multi-factor authentication (MFA), and keeping software updated (CISA, 2024).
The global theme for 2024—Secure Our World—and the Canadian theme: Generation Cyber Safe: Because online security knows no age (CISA 2024; Government of Canada, 2024), emphasize personal responsibility in the fight against cyber threats. In the healthcare field, this means understanding how every action, from handling patient data to accessing electronic health records (EHRs), can affect the overall security of the system. The healthcare industry’s complexity and reliance on interconnected systems mean that even a small security breach can have widespread consequences.
The healthcare sector faces unique challenges when it comes to cybersecurity. Hospitals and clinics, while implementing cutting-edge medical technologies, often operate with legacy systems that are outdated and vulnerable. Additionally, healthcare workers, especially nurses, are often juggling many tasks at once, leaving them more susceptible to phishing scams or social engineering attacks.
Here are a few pressing cybersecurity concerns in healthcare:
1. Ransomware Attacks: Ransomware attacks have become increasingly common, encrypting critical patient data and demanding large sums for its release. This not only disrupts care but can also lead to significant financial losses. In 2021, ransomware cost the healthcare industry $20.8 billion globally due to downtime and recovery efforts (FBI, 2022).
2. Phishing Scams: Cybercriminals often target healthcare workers with phishing emails, impersonating vendors, patients, or even internal colleagues to gain access to systems. Busy nurses and doctors might unknowingly click on malicious links if they are not trained to recognize these red flags.
3. Medical Device Vulnerabilities: Many hospitals use network-connected medical devices, such as pacemakers or infusion pumps. These devices can be susceptible to hacking, posing risks to patient health. Nurses and healthcare professionals need to be aware of these risks to ensure devices are properly maintained and secured (FDA, 2021).
The healthcare sector must take proactive measures to protect against growing cyber threats, and this includes everyone from IT departments to frontline workers like nurses. Here are a few critical steps that healthcare institutions and professionals can take:
1. Continuous Education and Training: Nurses, doctors, and administrative staff should undergo regular cybersecurity training. Learning how to recognize phishing emails, suspicious behaviour, and the importance of securing patient records is essential. With nurses often being the primary caregivers, they are especially vulnerable to being targeted.
2. Strong Authentication: Using multi-factor authentication (MFA) to access sensitive information, such as client health records, adds an extra layer of security. This simple step can significantly reduce the chances of unauthorized access.
3. Data Backup and Recovery Plans: Hospitals must have secure and regular data backup protocols in place. In the event of a ransomware attack, the ability to recover patient information quickly is crucial. Nurses should also be aware of how to access critical information during such events.
4. Keeping Software and Systems Updated: Cybercriminals frequently exploit outdated software with known vulnerabilities. Ensuring that all medical devices, systems, and applications are regularly updated can prevent potential breaches.
5. Zero Trust Model: Implementing a “Zero Trust” framework, which assumes that every device and user accessing the network could potentially be compromised, is a strategy that healthcare organizations are adopting. It minimizes risk by continually verifying users’ identities and devices.
In the high-pressure environment of healthcare, where lives are at stake, cybersecurity can sometimes be an afterthought. But building a culture of security is essential to safeguarding patient data and ensuring the continuity of care. Nurses and healthcare workers are a critical part of this culture. They interact with systems daily and must understand their role in protecting sensitive information.
Healthcare organizations must create an environment where cybersecurity is integrated into day-to-day operations and is seen as a fundamental aspect of patient care. This culture begins with the recognition that cybersecurity is not just an IT problem—it is everyone’s responsibility.
As we observe Cybersecurity Awareness Month this October, it is important to remember that cybersecurity is a shared responsibility, particularly in healthcare. Nurses, doctors, and all healthcare workers need to be aware of how their actions can impact both their patients’ safety and the security of the healthcare system. Staying informed, practicing good cyber hygiene, and encouraging others to do the same can reduce the risk of falling victim to cyberattacks.
In healthcare, cybersecurity is not just about protecting data; it’s about protecting lives. This October let’s commit to making the digital world—and healthcare—safer for everyone.
Cybersecurity and Infrastructure Security Agency. (2024). Cybersecurity Awareness Month. https://www.cisa.gov/cybersecurity-awareness-month
Cybersecurity Ventures. (2023). Cybercrime to inflict $8 trillion in damages in 2023. https://cybersecurityventures.com
Federal Bureau of Investigation (FBI). (2022). 2021 Internet crime report. https://www.fbi.gov
Food and Drug Administration (FDA). (2021). Cybersecurity in medical devices: A framework for healthcare. https://www.fda.gov
Global Market Insights. (2023). Healthcare cybersecurity market size worth $37 billion by 2027. https://www.gminsights.com
Government of Canada. (2024). October is Cyber Security Awareness Month in Canada. https://www.getcybersafe.gc.ca/en/cyber-security-awareness-month