Digital Integrity in Healthcare: From a Teachable Moment to a Teachable Roadmap

For healthcare professionals, digital safety is now as vital as patient confidentiality. Recently, a verified professional account on a major social media platform, one I had built since 2011 to share evidence-based exercise medicine and advocate for physical activity, was hijacked. Overnight, my brand was impersonated, and my access was revoked. Fourteen years of professional communication and community vanished behind a login wall that no longer recognised my registered name, number or identity.

This was not the result of carelessness. My devices were fully secured: an up-to-date iPhone, high security-protected laptop, unique passwords and two-factor authentication enabled. Yet the account was compromised. I remain in contact with the platform’s impersonation and recovery teams but, at the time of writing, my professional identity there has not yet been restored.

The incident revealed an unsettling truth: even when clinicians uphold exemplary digital hygiene, systemic vulnerabilities within recovery and verification workflows can undermine professional identity and the integrity of public health communication. It was a stark reminder that cybersecurity is as much about culture and human behaviour as it is about code.

It began, as many lessons do, with a single vibration on my phone. Two unexpected text messages, both claiming to be from the platform. Not requested by me. Within minutes I was refreshing screens, generating codes and negotiating with algorithms that no longer recognised me. In that strange digital silence, I felt something every clinician knows: the moment you realise the system you trust has failed and you must find a way to keep caring anyway.

My professional account, @exerciseworks, had been far more than a social channel. It was a living repository of ideas, collaborations, communities, friends and evidence linking movement to health. To lose it was to feel an entire professional ecosystem evaporate. Yet even as I worked to stabilise the crisis, I found myself shifting from frustration to reflection. In healthcare we speak of near misses, learning incidents and root-cause analyses. Why should digital harms be viewed any differently?

So, I reframed the hack as a teachable moment. Not one defined by failure, but by insight: our professional presence online is as fragile and as vital as any system we safeguard in clinical practice.

Healthcare has long recognised that most adverse events arise not from individual mistakes but from system design and process gaps. Digital incidents deserve the same systemic thinking. Attackers increasingly exploit recovery workflows, authenticator fatigue and social engineering of platform support teams. The result is that doing everything right may still not be enough, which is a humbling yet necessary insight for any clinician maintaining a professional digital presence.

When the breach occurred, I responded using the familiar logic of clinical governance: document, stabilise, escalate. My mobile operator confirmed there had been no SIM swap. My financial institutions were alerted. I kept a detailed record of every step, screenshot and correspondence. These actions mirrored the routines that preserve safety in clinical care: continuity, transparency and evidence gathering.

Yet the deeper learning was personal. Once the initial urgency passed and I paused long enough to reflect, I realised that resilience is a muscle we train both online and offline. Cybersecurity, like exercise, is preventive medicine. It strengthens the connective tissue of trust between health professionals and the public.

Below is the emerging roadmap shaped by this experience.

Towards a teachable digital roadmap

1. See identity as infrastructure.
   Your professional profiles are the arteries of communication. Protect them as you would a patient record.
2. Anticipate human error.
   Two-factor authentication is only as strong as the behaviour around it. In my case, it did not protect identity or intellectual property.
3. Choose multi-factor authentication deliberately.
   SMS codes mitigate some risks but remain vulnerable to interception and SIM-related attacks. Authenticator apps and hardware keys offer stronger, phishing-resistant protection.
4. Embed reflection.
   Schedule digital audits with the same regularity as clinical governance reviews.
5. Document and escalate systematically.
   Record timestamps, screenshots and correspondence. Clear digital forensics support recovery and accelerate platform verification.
6. Build peer verification networks.
   Trusted colleagues who can calmly confirm identity can counter disinformation and support recovery processes.
7. Transform pain into pedagogy.
   Every disruption, once analysed, becomes curriculum material for others: a teachable moment that encourages shared learning and action.

As I worked through the consequences of the breach, one sentence surfaced and stayed with me: perhaps integrity itself is our final firewall, built not of code but of conscience. In that moment, I understood that digital security is not only a technical discipline but an ethical one. How we respond to breach, vulnerability and uncertainty defines the authenticity of our professional selves.

The wider insight is clear. Digital professionalism is not about perfection. It is about resilience within systems of trust. Cybersecurity in healthcare must therefore be reframed not as an IT concern but as an ethical responsibility tied to online safety, transparency and public trust (1, 2, 3,4). 

Institutional stewardship of professional accounts should become standard practice, with documented ownership, recovery protocols and designated validation contacts. Digital identity is not simply a personal tool (5). It is part of our shared clinical infrastructure for credible, evidence-based communication.

Although my own account remains unresolved, the experience has reaffirmed a simple truth: safeguarding digital identity is an act of ethical stewardship for our reputations, our science and the integrity of the health messages we share (6).

Teachable moments, in any format, are opportunities to reconnect, reflect and strengthen our professional integrity. Please check your cyber security systems now. Your creativity and intellectual property are too important to be mishandled.

Author

Ann Gates BPharm (Hons) MRPharmS (Retired)
Honorary Associate Professor, The University of Nottingham
Honorary Visiting Professor, Plymouth Marjon University
Collaborative Partner, Erasmus+ Vanguard Project https://vanguard-erasmus.eu/project/

Acknowledgement

This article was structured and refined with the assistance of OpenAI’s ChatGPT. All content, tone and verification have been reviewed and approved by the author.

References and further information

1. National Cyber Security Centre (2024) Multi-factor authentication guidance for individuals and organisations. London: UK Government. https://www.ncsc.gov.uk/blog-post/not-all-types-mfa-created-equal
2. Cybersecurity and Infrastructure Security Agency (CISA) (2024) Phishing Guidance: Defending Against Social Engineering. Washington, DC: U.S. Department of Homeland Security.
3. European Union Agency for Cybersecurity (ENISA) (2025) ENISA Threat Landscape 2025. Athens: ENISA Publications Office. https://www.enisa.europa.eu/publications/enisa-threat-landscape-2025
4. World Health Organization (2024) Ethics and governance of digital health technologies. Geneva: WHO. https://www.who.int/publications/i/item/9789240084759
5. General Medical Council (2024) Doctors’ use of social media: guidance on maintaining professional standards. London: GMC. https://www.gmc-uk.org/professional-standards/the-professional-standards/using-social-media-as-a-medical-professional/using-social-media-as-a-medical-professional
6. Gates AB, Kerry R, Moffatt F, et al Movement for movement: exercise as everybody’s business British Journal of Sports Medicine 2017;51:767-768. https://bjsm.bmj.com/content/51/10/767