In healthcare security, they are taught above all else that life and limb are important. Given that it makes sense that data and personal information are not always the top priority, and this drives what happens. A lot of activity that might be considered suspicious in any other industry is overlooked. We need to make a cultural shift from cyber-security as a compliance “check-box” to doctors treating the protection of their patients’ personal data as a priority. Maybe even putting the consequences of prison time or financial loss directly on the clinical staff responsible.