Two professionals collaborate over documents and laptops, planning and analyzing data at a wooden desk.

How to Run a Cyber Drill Without Scaring Your Healthcare Staff

May 27, 2025

Cyber drills don't have to feel like fire drills. They can build trust and confidence—if done right. In long-term care, where stress levels are already sky-high, we need a gentler, more thoughtful approach.

Cyber readiness isn't just about detecting threats—it's about ensuring your team knows what to do when something feels off. But here's the catch: how you practice matters just as much as whether you practice at all. Staff already face a dozen demands every hour. A drill that feels punitive or confusing won't help—it may even make things worse.

According to NIST, well-run cyber simulations improve response time and reduce the severity of data breaches by 30%.

One Ohio LTC provider designed a quarterly "tabletop exercise" that walked through a fake phishing scenario. They invited nursing staff, housekeeping, and even the front desk team. No one was blamed, and questions were welcomed. Over time, the team began to anticipate issues and solve them together. Nurses started suggesting improvements. Housekeepers flagged their tech concerns. Suddenly, cybersecurity wasn't just an IT thing—it became a team effort.

"People support what they help create." - David Rendall

On the flip side, a nursing home administrator I met in Cleveland ran a surprise drill with zero prep. Staff panicked, care was delayed, and afterward no one wanted to talk about cybersecurity again. The drill caused more harm than good. The administrator later said, "It was supposed to help us—it just scared everyone."

"Start with empathy. Otherwise, you'll only get resistance." - Brené Brown

Cyber drills are not just a checkbox for auditors—they're a moment to build real-world readiness. They're about showing your team, "We've got your back, and we're going to handle this together."

If you ran a cyber drill tomorrow, would your staff feel empowered—or blindsided?

Interested in a conversation or want to learn more about our IT Services and Support for Health Care Organizations? Contact us here.