Here are ways to implement feedback loops and positions for positive improvements:

Solicit Feedback

For employees: have a dedicated email address or intranet form for reporting suspicious activity. 

For patients: Have a link on your website or patient portal where they can report security concerns. 

Continue to Educate

Employees: Send out communications via email or Teams titled “Cyber Safety is Patient Safety” with security tips. 

Patients: Invite patients to report suspicious emails. Educate them on common healthcare-related frauds. 

Acknowledge and Reward Contributions 

Employees: Make sure that all reported legitimate threats are acknowledged organization-wide. 

Patients: Use an automated email response like “Thank you for your report. Our security team is investigating this concern. Your vigilance helps us protect the security and privacy of all our patients.” 

From these actions, continue to identify trends. Are there patterns related to a specific control deficiency? Review how to improve systems and policies to remediate critical vulnerabilities immediately. Are there gaps in the training curriculum or information security policies? And prepare for disaster scenarios based upon the likelihood and impact of potential threats.