Healthcare cybersecurity has changed significantly over the past decade. A compliance-driven, checklist-based approach used to be the standard. Now, we are moving toward more proactive measures to address high-velocity, high-impact cyberattacks.

Patient information is not like other types of information. It is very personal. That is why healthcare information must be kept both private and secure. Yet, there are many challenges. From technical misconfigurations to vulnerabilities and human mistakes, there are several reasons why healthcare cybersecurity programs face common pitfalls. The strength of a program largely depends on how well it is governed—and how well we are managing who (and what) has access to our systems, networks, devices, and physical spaces; when they have access; and why they have access.

Cybersecurity is a shared responsibility, and it is important for all stakeholders to act. Patient safety hangs in the balance. We are entrusted not only with their care but also with their information. Patient safety depends on the integrity and reliability of the patient information.

This book is intended to be a resource for a range of individuals involved in healthcare, including doctors, nurses, informaticists, cybersecurity professionals, compliance officers, vendors, contractors, and others—as well as those who are new to the field or are interested in learning more about healthcare cybersecurity.