October 2023 marks the 20th anniversary of Cybersecurity Awareness Month. Millions of cyberattacks happen every day, and health care providers are not immune. Aging services providers are facing threats on multiple levels, and many are unprepared, reactive, or ill-equipped to address the dangers. Below are four common myths about cyberattacks, plus helpful tips about how aging services providers should be thinking about their cybersecurity.

Myth 1: Cyberattacks only happen to large health care providers, like hospitals.

Fact: Cyberattacks happen to businesses and providers of all sizes. Many hackers understand that smaller organizations are more vulnerable, so they can more easily infiltrate their network.

Myth 2: My organization has firewalls and antivirus software protection, so cyber threats aren’t a concern.

Fact: Most cyberattacks are initiated with some human involvement, meaning that someone within a community clicks on malicious email links or performs a task that appears to come from a trusted source. The best security involves people, processes, and administration.

Myth 3: Cyberattacks don’t impact organizations, just the people who were hacked.

Fact: This is far from the truth. While individuals may be targeted, most cyberattacks have significant impact on organizations. Between 2016 and 2021, ransomware attacks on health delivery organizations doubled, with a huge portion of them (41%) disrupting the delivery of care through electronic system downtime. Prescriptions, procedure orders, medical record access, updates, and provider communications all come to a halt electronically as organizations are forced to go to paper.

Myth 4: Security attacks only happen to employees, and we train our staff to recognize common threats.

Fact: Cyberattacks can target your staff but also your residents. If a hacker can penetrate your community through a resident, a community’s broader system can be at risk. This is why cybersecurity is so important to independent and assisted living communities, because it’s not just your staff who may be at risk.

I encourage LeadingAge members to take cybersecurity very seriously. As software, systems, and technologies continue to evolve, it’s important that leaders and IT professionals in our sector continue to address the most critical cyber threats facing our organizations. Join LeadingAge and health care security experts from Baker, Donelson, Bearman, Caldwell & Berkowitz and from BlueOrange Compliance on October 17 for an in-depth look at cybersecurity preparedness for aging services providers. Learn more and register here.

For another quick read, I recommend the Cybersecurity Q&A with BlueOrange Compliance CEO John DiMaggio.