Nurses and Cyber Security: What You Need to Know

Laura A. Stokowski, RN, MS; Satish M. Mahajan, PhD, MStat, MEng, RN


June 16, 2016

Under Attack

In 2015, hospitals and healthcare systems were the number one victims of cyber attacks. No industry is immune, but hospitals and healthcare systems seem to have become a favorite target of hackers out to profit from insufficiently secure networks, so much so that IBM called 2015 the "year of the healthcare security breach." Almost 100 million healthcare records were compromised last year.

Protected health information has a high resale value on the black market. Electronic health records (EHRs) contain not only personal health and medical information, but also Social Security numbers, employment details, and banking and financial information.[1]

Although numbers of cyber attacks on hospitals and health systems are not publicly available, at least three major attacks have taken place so far this year. An attack on MedStar forced the US capital region's largest healthcare system to shut down much of its computer network earlier this spring, and hospitals in Kentucky and Los Angeles have also fallen victim to recent ransomware attacks.[2] In March, the Los Angeles Times reported that two more Southern California hospitals were compromised by hackers.[3]

This crisis is expected to worsen, because hackers are getting more sophisticated and many businesses have failed to adopt the security measures needed to thwart such attacks.[2] The US and Canadian governments have issued an alert to hospitals, businesses, and individuals about ransomware attacks, including information on how users can prevent and mitigate against such attacks.

Satish M. Mahajan, PhD, MStat, MEng, RN, Postdoctoral Scholar, Betty Irene Moore School of Nursing and School of Medicine, University of California Davis; Critical Care Informatics Coordinator, Veterans Affairs Palo Alto Health Care System, Palo Alto, California

Humans are the weakest link, and human error is to blame for most cyber attacks on hospitals and healthcare systems. What nurses (and other employees) do or fail to do in their interactions with those systems can compromise security and facilitate malicious, and extremely expensive, attacks on the system. Online attacks are estimated to cost $150 billion annually,[4] but it's hard to put a price on the loss of public trust in the healthcare institution's shattered reputation.

Medscape spoke with Satish M. Mahajan, PhD, MStat, MEng, RN, about the increasing problem of cyber attacks, and what nurses need to know both in preventing and responding to attacks on their hospitals and healthcare computer networks. Dr Mahajan is uniquely qualified to address the issues of cyber security and nurses. In an unusual career move, after majoring in engineering, Dr Mahajan went to nursing school, earning a PhD in nursing from the University of California. Working as a critical care nurse provided an invaluable perspective on how nurses interact with computer systems in the course of care, and the ways in which nurses might inadvertently open the doors of those systems and invite hackers in. Dr Mahajan now combines his IT and nursing backgrounds, often applying his skills to educating hospital employees about their role in preventing cyber attacks.


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.