May 27, 2025
I'll be honest—when someone first suggested
a "cybersecurity drill" at our office, I thought: Great. Another thing for
staff to worry about. But done right, a cyber drill isn't about blame or
fear. It's about showing your team they can handle anything—with clarity and
confidence.
"You don't rise to the level of your
goals. You fall to the level of your systems."
—James Clear, Atomic Habits
Why This Matters
In 2024, more than 60% of ransomware
attacks in healthcare were successful because staff didn't know how to respond
in the first 30 minutes. They froze. They improvised. And in some cases—they
clicked again.
A drill gives you a safe, controlled
environment to test your response and train your team.
What a Good Cyber Drill Looks Like
- Announce It Softly: Start with a
"tabletop" drill—where leadership walks through a fake scenario using real
policies.
- Assign Clear Roles: Who takes the
lead? Who calls IT? Who communicates with families or state officials?
- Use a Realistic Prompt: Like a fake
phishing email or a simulated ransomware lock screen.
- Debrief Kindly: This is where the
learning happens. Ask: What worked? What confused us?
One Administrator's Advice
Penny Harris, a long time Administrator with
a local facility shared with me:
"Our first drill felt awkward. But after we
laughed about it, we realized—we had real gaps. And I'd rather find them in
practice than in a crisis."
Cyber drills don't have to be scary. They
can be empowering—when you lead with empathy and clarity.
Interested in a conversation or want to
learn more? Call us or email [email protected].
