Why the Human Element Matters in Healthcare Cybersecurity
By Gil Vidals, , HIPAA Blog, Resources, Security

Honoring the human element is key to delivering effective healthcare. But what about healthcare cybersecurity? 

It’s a question worth asking: What does it mean to value and care for a “whole person?”

Numerous studies have shown that it’s not just the absence of disease that should be the goal of healthcare treatment plans. Wise doctors understand: humans are multi-dimensional creatures; holistic care is needed to aid the healing process. 

For example, we need companionship (the relational) to thrive. Uplifting music and art (beauty), prayer and fellowship (spiritual), and even trees outside our window (the aesthetic) will all have an impact on us. Our mental/spiritual health is connected to our physical.

But what about healthcare IT? Isn’t that just about nerdy coders and slick cyber-tools?

Of course, the nerdy coders (who are people too – don’t let them fool you) and slick tools matter – a lot. You don’t go into battle against malicious, heartless hackers without trained “soldiers” and state-of-the-art, defensive armor. This has become an essential service for healthcare – a patient safety issue. This is what HIPAA Vault offers. 

The reality is, these cyber thugs are smart, using more sophisticated means of exploiting us every day (if you can call an exploitative thing “smart”). They won’t stop until they find the chink in our armor. It’s true, our organizations are only as strong and safe as our weakest link.

But what if that “weakest link” is some aspect of our human condition, and not necessarily our technology? Will we be able to recognize these weaknesses, so we can address them? What should we even look for?

First, we must recognize how prone we are to minimize or bypass the human element.

In her book, Reclaiming Conversation, MIT professor Sherry Turkle notes that “eighty-nine percent of Americans say that during their last social interaction, they took out a phone, and 82 percent said that it deteriorated the conversation they were in.”

“Eighty-nine percent of Americans say that during their last social interaction, they took out a phone, and 82 percent said that it deteriorated the conversation they were in.” – Reclaiming Conversation

When we’re constantly plugged into a digital world, we can easily think that technology will solve all our problems. In so doing, we can miss the primary importance of human interaction and showing concern for one another. This is a form of the single-focus, disease-free mentality mentioned above. We’ll say more about this in a moment.

Second, this focus on technology will often minimize our capacity for human error.

Yet when pressed, as Kaspersky points out, “52% of businesses admit that employees are their biggest weakness in IT security, with their careless actions putting business IT security strategy at risk.”

Hackers know this well. As Tim Conkle notes, 

Threat actors target human laziness and human fallibility for their most effective attacks. Social engineering cannot exist without both being present …

[for instance], a urinal is the riskiest and easiest place to pick a pocket. [Who knew?] The average man will stare ahead to the point of absurdity due to the social expectation and unwritten urinal code. What happens when they are targeting more than a wallet and scan an RFID card? Laziness put the card where it could be accessed; human fallibility made the person miss the security threat. One feeds into the other. Social expectations were just the glue to make the attack possible… 

Not a single [company] will tell you they don’t want security. Now ask them if they’re willing to sacrifice convenience or efficiency for security and see where they stand. How many are left?

                                                       – The Human Element of Cybersecurity, in Forbes

It’s true, and we say it often: a necessary counter to laziness and human fallibility that’s often missed (because it’s not always convenient) is phishing awareness and advanced cybersecurity training. Helpful programs (such as those offered by Infosec) are available and should be utilized. 

Download Now!

But what brings real change – from the inside out – is when the motivation to care about the human element sinks deep into our bones. This movement towards another’s welfare happens as we experience it ourselves, become gripped by it, and see it regularly modeled for us from the top-down. What do we mean?


Nurturing this end-view of another’s well-being is a lifestyle. As Albert Einstein put it, Only a life lived for others is a life worthwhile. We’re not here for ourselves.

As leadership models this by demonstrating a more holistic sense of care of their employee’s lives –  focusing on encouragement and treating them as more than just a paycheck or utilitarian means to an end (profit) – their team will respond. They’ll care for customers and coworkers more because they know how it feels to receive care.  

This is the power of gratitude. It naturally seeks an outlet.

Holistic care is more than than just regular performance raises; it’s adequate time off, attractive workspaces with opportunities to unwind (a ping-pong table), and educational classes that stimulate, equip, and challenge. It’s curiosity about their lives, a valuing of the multi-dimensional aspect of what it means to be human. This is something we all long for.   


How does this “life lived for others” translate to healthcare cybersecurity? When HIPAA awareness, workstation security, and two-factor authentication actually have a human shape to them – a real person on the other end who will be impacted for good or ill by their choices – laziness is overcome by mindfulness. These security concerns won’t be just occasional check-boxes to be completed for an audit, but a lifestyle.    

Your staff will see that inconveniencing themselves for others actually promotes healthier, happier, and safer customers; healthcare practices whose patients won’t be exploited by hackers with their personal information published online, or held for ransom. Patients who are cared for holistically, and won’t need to consider a lawsuit against their health provider for not securing their data. 

HIPAA Vault’s leadership is committed to modeling these very things. Our 24/7/365 personal service is dedicated to our own inconvenience so that your uptime is maintained. After all, we know that you can’t treat patients very well — as part of a well-rounded, holistic plan — if their data isn’t available, and its integrity maintained.

HIPAA Vault is a low-cost leader of HIPAA compliant solutions, enabling healthcare providers, business organizations, and government agencies to secure their protected health information from data breaches, threats, and security vulnerabilities.