A strong cybersecurity strategy starts with staff

Michael Archuleta, CIO of Mt. San Rafael Hospital, warns that nearly 50% of healthcare organizations fail to provide basic cybersecurity awareness training for employees, leaving critical systems vulnerable. The "human firewall"—staff trained to recognize threats—is identified as the weakest link in healthcare cybersecurity, with Archuleta urging immediate investment in workforce education to mitigate breaches. Published in April 2026, the report highlights how underprepared employees increase risks of phishing, ransomware, and data leaks, emphasizing cyber literacy as a foundational defense strategy. Archuleta ties cybersecurity gaps to broader operational risks, including AI integration and patient data protection, stressing that staff training must evolve alongside emerging technological threats. The call to action targets healthcare leaders, framing cyber-aware staff as essential to safeguarding patient trust, financial stability, and compliance in an increasingly digital industry.