May 27, 2025
Let me say what most compliance emails
don't: Your team isn't the problem. They're doing 100 things right every day.
But cybersecurity training often treats staff like the weakest link—instead of
the first line of defense.
That mindset has to change.
"Clear is kind. Unclear is
unkind."
—Brené Brown
What the Numbers Say
According to HIPAA Journal, over 80% of healthcare breaches in 2024 involved
human error—clicking a bad link, reusing passwords, or sending info to the
wrong place.
But here's the thing: most of these errors
happened because the system didn't make it easy to do the right thing.
A Better Way Forward
- Make MFA user-friendly: If it's clunky, staff will bypass it.
- Role-play phishing emails: Turn training into 3-minute "what
would you do?" moments in morning huddles.
- Empower, don't shame: Praise the nurse who speaks up about a
suspicious email—even if it turns out to be nothing.
One Facility's Story
At Greenwood Senior Living in Columbus, they paired their cyber training with
donuts and storytelling—each nurse shared one "close call." What started as a
checkbox session turned into a culture shift.
Your people can be your biggest
cybersecurity asset. But they need the right tools—and a little encouragement.
Interested in a conversation or want to
learn more? Call us or email michaelmoran@aresgrp.com.
