Kelly K. James

On September 27, 2024, UMC Health System in Lubbock, Texas, experienced an IT outage because of a cybersecurity incident that temporarily diverted patients to other healthcare facilities. So far, in 2024, there have been 386 cyberattacks on healthcare organizations. These high-impact ransomware attacks disrupt and delay patient care.

In recent years, many healthcare systems, including Scripps Health, Universal Health Services, Vastaamo, Sky Lakes, and the University of Vermont, have paid millions — even tens of millions — to recover data after a cyberattack or data breach. When healthcare systems come under cyber fire, the impact extends far past disrupting workflows and compromising data, patient safety can be also be compromised, vital information may be lost, and imaging and lab results can go missing or be held for ransom, making physicians’ job difficult or impossible.

In fact, cyberattacks on hospitals are far more common than you may realize. A new report issued by Ponemon and Proofpoint found that 92% of healthcare organizations have experienced a cyberattack in the past 12 months. Even more sobering is that about half of the organizations affected suffered disruptions in patient care.
 

Healthcare Systems = ‘Soft Targets’

Healthcare systems are a “soft target” for hackers for several reasons, pointed out Matthew Radolec, vice president, incident response and cloud operations at Varonis, a data security company. “One, they’re usually an amalgamation of many healthcare systems that are interconnected,” said Radolec. “A lot of hospitals are connected to other hospitals or connected to educational institutions, which means their computer vulnerabilities are shared ... and if they have an issue, it could very easily spread to your network.”

Another factor is the cost of securing data. “[With hospitals], they’ll say that a dollar spent on security is a dollar not spent on patient care,” said Radolec. “So the idea of investing in security is really tough from a budget standpoint…they’re choosing between a new MRI machine or better antivirus, backups, or data security.”

Because of the wealth of private data and healthcare information they maintain, hospitals are considered “high impact” for cybercriminals. Attackers know that if they get a foothold in a hospital, it’s more likely to pay — and pay quickly, Radolec told this news organization. Hospitals are also likely to have cyber insurance to help cover the cost of having their data stolen, encrypted, and ransomed.

The 2024 Microsoft Digital Defense Report also found that the bad actors are more sophisticated and better resourced and can challenge even the best cybersecurity. Improved defenses may not be good enough, and the sheer volume of attacks must be met with effective deterrence and government solutions that impose consequences for cybercriminals.
 

Vulnerable Users

Whether through a phishing email or text, password attack, or web attack, “the moment a ‘threat actor’ gets into your institution and gets credentials ... that’s the Nirvana state of a threat actor,” warned Ryan Witt, chair of the healthcare customer advisory board and vice president of Industry Solutions at Proofpoint, a cybersecurity platform. “They have those credentials and will go into deep reconnaissance mode. It often takes healthcare up to 6 months to even ascertain whether somebody’s actually in the network.” During that time, the hacker is learning how the institution works, what job functions matter, and how best to plan their attack.

“Attackers are getting in because they’re buying databases of usernames and passwords. And they’re trying them by the millions,” added Radolec. “For a sophisticated actor, all it takes is time and motivation. They have the skills. It’s just a matter of how persistent they want to be.”

Certain hospital staff are also more likely to be targeted by cyberhackers than others. “About 10% of a healthcare organization’s user base is much more vulnerable for all sorts of reasons — how they work, the value of their job title and job function, and therefore their access to systems,” said Witt.

High-profile staff are more likely to be targeted than those in lower-level positions; the so-called “CEO attack” is typical. However, staff in other hospital departments are also subject to cybercriminals, including hospice departments/hospice organizations and research arms of hospitals.
 

The Impact of Cyberattacks on Patients 

Physicians and healthcare execs may have considered cybersecurity more of a compliance issue than a true threat to patients in the past. But this attitude is rapidly changing. “We are starting to see a very clear connection between a cyber event and how it can impact patient care and patient safety,” said Witt.

According to the Proofpoint report, cyber breaches can severely affect patient care. In 2024:

• 56% of respondents saw a delay in patient tests/procedures
• 53% experienced increased patient complications from medical procedures
• 52% noted a longer patient length of stay
• 44% saw an increase in patient transfers to other facilities
• 28% had an increase in mortality rate

What Hospitals and Physicians Can Do

Fortunately, hospitals can take measures to better protect their data and their patients. One strategy is segmenting networks to reduce the amount of data or systems one person or system can access. Educating staff about the dangers of phishing and spoofing emails also help protect organizations from ransomware attacks. Having staff avoid reusing passwords and updating logins and passwords frequently helps.

Most hospitals also need more robust security controls. Physicians and healthcare facilities must also embrace the cybersecurity controls found in other industries, said Witt. “Multifactor authentication is one of those things that can cause us frustration,” he said. “The controls can seem onerous, but they’re really valuable overall…and should become standard practice.”

Doctors can also prepare for a ransomware attack and protect patients by practicing some “old-school” medicine, like using paper systems and maintaining good patient notes — often, those notes are synced locally as well as offsite, so you’d be able to access them even during a data breach. “It’s smart to write prescriptions on pads sometimes,” said Radolec. “Don’t forget how to do those things because that will make you more resilient in the event of a ransomware attack.”
 

A Continuing Threat

Cyberattacks will continue. “When you look at the high likelihood [of success] and the soft target, you end up with ... a perfect storm,” said Radolec. “Hospitals have a lot of vulnerabilities. They have to keep operations going just to receive income, but also to deliver care to people.”

That means that the burden is on healthcare organizations — including physicians, nurses, staff, and C-level execs — to help keep the “security” in cybersecurity. “We are all part of the cybersecurity defense,” said Witt. Helping to maintain that defense has become a critical aspect of caring for patients.

A version of this article first appeared on Medscape.com.

On September 27, 2024, UMC Health System in Lubbock, Texas, experienced an IT outage because of a cybersecurity incident that temporarily diverted patients to other healthcare facilities. So far, in 2024, there have been 386 cyberattacks on healthcare organizations. These high-impact ransomware attacks disrupt and delay patient care.

In recent years, many healthcare systems, including Scripps Health, Universal Health Services, Vastaamo, Sky Lakes, and the University of Vermont, have paid millions — even tens of millions — to recover data after a cyberattack or data breach. When healthcare systems come under cyber fire, the impact extends far past disrupting workflows and compromising data, patient safety can be also be compromised, vital information may be lost, and imaging and lab results can go missing or be held for ransom, making physicians’ job difficult or impossible.

In fact, cyberattacks on hospitals are far more common than you may realize. A new report issued by Ponemon and Proofpoint found that 92% of healthcare organizations have experienced a cyberattack in the past 12 months. Even more sobering is that about half of the organizations affected suffered disruptions in patient care.
 

Healthcare Systems = ‘Soft Targets’

Healthcare systems are a “soft target” for hackers for several reasons, pointed out Matthew Radolec, vice president, incident response and cloud operations at Varonis, a data security company. “One, they’re usually an amalgamation of many healthcare systems that are interconnected,” said Radolec. “A lot of hospitals are connected to other hospitals or connected to educational institutions, which means their computer vulnerabilities are shared ... and if they have an issue, it could very easily spread to your network.”

Another factor is the cost of securing data. “[With hospitals], they’ll say that a dollar spent on security is a dollar not spent on patient care,” said Radolec. “So the idea of investing in security is really tough from a budget standpoint…they’re choosing between a new MRI machine or better antivirus, backups, or data security.”

Because of the wealth of private data and healthcare information they maintain, hospitals are considered “high impact” for cybercriminals. Attackers know that if they get a foothold in a hospital, it’s more likely to pay — and pay quickly, Radolec told this news organization. Hospitals are also likely to have cyber insurance to help cover the cost of having their data stolen, encrypted, and ransomed.

The 2024 Microsoft Digital Defense Report also found that the bad actors are more sophisticated and better resourced and can challenge even the best cybersecurity. Improved defenses may not be good enough, and the sheer volume of attacks must be met with effective deterrence and government solutions that impose consequences for cybercriminals.
 

Vulnerable Users

Whether through a phishing email or text, password attack, or web attack, “the moment a ‘threat actor’ gets into your institution and gets credentials ... that’s the Nirvana state of a threat actor,” warned Ryan Witt, chair of the healthcare customer advisory board and vice president of Industry Solutions at Proofpoint, a cybersecurity platform. “They have those credentials and will go into deep reconnaissance mode. It often takes healthcare up to 6 months to even ascertain whether somebody’s actually in the network.” During that time, the hacker is learning how the institution works, what job functions matter, and how best to plan their attack.

“Attackers are getting in because they’re buying databases of usernames and passwords. And they’re trying them by the millions,” added Radolec. “For a sophisticated actor, all it takes is time and motivation. They have the skills. It’s just a matter of how persistent they want to be.”

Certain hospital staff are also more likely to be targeted by cyberhackers than others. “About 10% of a healthcare organization’s user base is much more vulnerable for all sorts of reasons — how they work, the value of their job title and job function, and therefore their access to systems,” said Witt.

High-profile staff are more likely to be targeted than those in lower-level positions; the so-called “CEO attack” is typical. However, staff in other hospital departments are also subject to cybercriminals, including hospice departments/hospice organizations and research arms of hospitals.
 

The Impact of Cyberattacks on Patients 

Physicians and healthcare execs may have considered cybersecurity more of a compliance issue than a true threat to patients in the past. But this attitude is rapidly changing. “We are starting to see a very clear connection between a cyber event and how it can impact patient care and patient safety,” said Witt.

According to the Proofpoint report, cyber breaches can severely affect patient care. In 2024:

• 56% of respondents saw a delay in patient tests/procedures
• 53% experienced increased patient complications from medical procedures
• 52% noted a longer patient length of stay
• 44% saw an increase in patient transfers to other facilities
• 28% had an increase in mortality rate

What Hospitals and Physicians Can Do

Fortunately, hospitals can take measures to better protect their data and their patients. One strategy is segmenting networks to reduce the amount of data or systems one person or system can access. Educating staff about the dangers of phishing and spoofing emails also help protect organizations from ransomware attacks. Having staff avoid reusing passwords and updating logins and passwords frequently helps.

Most hospitals also need more robust security controls. Physicians and healthcare facilities must also embrace the cybersecurity controls found in other industries, said Witt. “Multifactor authentication is one of those things that can cause us frustration,” he said. “The controls can seem onerous, but they’re really valuable overall…and should become standard practice.”

Doctors can also prepare for a ransomware attack and protect patients by practicing some “old-school” medicine, like using paper systems and maintaining good patient notes — often, those notes are synced locally as well as offsite, so you’d be able to access them even during a data breach. “It’s smart to write prescriptions on pads sometimes,” said Radolec. “Don’t forget how to do those things because that will make you more resilient in the event of a ransomware attack.”
 

A Continuing Threat

Cyberattacks will continue. “When you look at the high likelihood [of success] and the soft target, you end up with ... a perfect storm,” said Radolec. “Hospitals have a lot of vulnerabilities. They have to keep operations going just to receive income, but also to deliver care to people.”

That means that the burden is on healthcare organizations — including physicians, nurses, staff, and C-level execs — to help keep the “security” in cybersecurity. “We are all part of the cybersecurity defense,” said Witt. Helping to maintain that defense has become a critical aspect of caring for patients.

A version of this article first appeared on Medscape.com.

On September 27, 2024, UMC Health System in Lubbock, Texas, experienced an IT outage because of a cybersecurity incident that temporarily diverted patients to other healthcare facilities. So far, in 2024, there have been 386 cyberattacks on healthcare organizations. These high-impact ransomware attacks disrupt and delay patient care.

In recent years, many healthcare systems, including Scripps Health, Universal Health Services, Vastaamo, Sky Lakes, and the University of Vermont, have paid millions — even tens of millions — to recover data after a cyberattack or data breach. When healthcare systems come under cyber fire, the impact extends far past disrupting workflows and compromising data, patient safety can be also be compromised, vital information may be lost, and imaging and lab results can go missing or be held for ransom, making physicians’ job difficult or impossible.

In fact, cyberattacks on hospitals are far more common than you may realize. A new report issued by Ponemon and Proofpoint found that 92% of healthcare organizations have experienced a cyberattack in the past 12 months. Even more sobering is that about half of the organizations affected suffered disruptions in patient care.
 

Healthcare Systems = ‘Soft Targets’

Healthcare systems are a “soft target” for hackers for several reasons, pointed out Matthew Radolec, vice president, incident response and cloud operations at Varonis, a data security company. “One, they’re usually an amalgamation of many healthcare systems that are interconnected,” said Radolec. “A lot of hospitals are connected to other hospitals or connected to educational institutions, which means their computer vulnerabilities are shared ... and if they have an issue, it could very easily spread to your network.”

Another factor is the cost of securing data. “[With hospitals], they’ll say that a dollar spent on security is a dollar not spent on patient care,” said Radolec. “So the idea of investing in security is really tough from a budget standpoint…they’re choosing between a new MRI machine or better antivirus, backups, or data security.”

Because of the wealth of private data and healthcare information they maintain, hospitals are considered “high impact” for cybercriminals. Attackers know that if they get a foothold in a hospital, it’s more likely to pay — and pay quickly, Radolec told this news organization. Hospitals are also likely to have cyber insurance to help cover the cost of having their data stolen, encrypted, and ransomed.

The 2024 Microsoft Digital Defense Report also found that the bad actors are more sophisticated and better resourced and can challenge even the best cybersecurity. Improved defenses may not be good enough, and the sheer volume of attacks must be met with effective deterrence and government solutions that impose consequences for cybercriminals.
 

Vulnerable Users

Whether through a phishing email or text, password attack, or web attack, “the moment a ‘threat actor’ gets into your institution and gets credentials ... that’s the Nirvana state of a threat actor,” warned Ryan Witt, chair of the healthcare customer advisory board and vice president of Industry Solutions at Proofpoint, a cybersecurity platform. “They have those credentials and will go into deep reconnaissance mode. It often takes healthcare up to 6 months to even ascertain whether somebody’s actually in the network.” During that time, the hacker is learning how the institution works, what job functions matter, and how best to plan their attack.

“Attackers are getting in because they’re buying databases of usernames and passwords. And they’re trying them by the millions,” added Radolec. “For a sophisticated actor, all it takes is time and motivation. They have the skills. It’s just a matter of how persistent they want to be.”

Certain hospital staff are also more likely to be targeted by cyberhackers than others. “About 10% of a healthcare organization’s user base is much more vulnerable for all sorts of reasons — how they work, the value of their job title and job function, and therefore their access to systems,” said Witt.

High-profile staff are more likely to be targeted than those in lower-level positions; the so-called “CEO attack” is typical. However, staff in other hospital departments are also subject to cybercriminals, including hospice departments/hospice organizations and research arms of hospitals.
 

The Impact of Cyberattacks on Patients 

Physicians and healthcare execs may have considered cybersecurity more of a compliance issue than a true threat to patients in the past. But this attitude is rapidly changing. “We are starting to see a very clear connection between a cyber event and how it can impact patient care and patient safety,” said Witt.

According to the Proofpoint report, cyber breaches can severely affect patient care. In 2024:

• 56% of respondents saw a delay in patient tests/procedures
• 53% experienced increased patient complications from medical procedures
• 52% noted a longer patient length of stay
• 44% saw an increase in patient transfers to other facilities
• 28% had an increase in mortality rate

What Hospitals and Physicians Can Do

Fortunately, hospitals can take measures to better protect their data and their patients. One strategy is segmenting networks to reduce the amount of data or systems one person or system can access. Educating staff about the dangers of phishing and spoofing emails also help protect organizations from ransomware attacks. Having staff avoid reusing passwords and updating logins and passwords frequently helps.

Most hospitals also need more robust security controls. Physicians and healthcare facilities must also embrace the cybersecurity controls found in other industries, said Witt. “Multifactor authentication is one of those things that can cause us frustration,” he said. “The controls can seem onerous, but they’re really valuable overall…and should become standard practice.”

Doctors can also prepare for a ransomware attack and protect patients by practicing some “old-school” medicine, like using paper systems and maintaining good patient notes — often, those notes are synced locally as well as offsite, so you’d be able to access them even during a data breach. “It’s smart to write prescriptions on pads sometimes,” said Radolec. “Don’t forget how to do those things because that will make you more resilient in the event of a ransomware attack.”
 

A Continuing Threat

Cyberattacks will continue. “When you look at the high likelihood [of success] and the soft target, you end up with ... a perfect storm,” said Radolec. “Hospitals have a lot of vulnerabilities. They have to keep operations going just to receive income, but also to deliver care to people.”

That means that the burden is on healthcare organizations — including physicians, nurses, staff, and C-level execs — to help keep the “security” in cybersecurity. “We are all part of the cybersecurity defense,” said Witt. Helping to maintain that defense has become a critical aspect of caring for patients.

A version of this article first appeared on Medscape.com.

While she cared deeply about her work, Melissa Adams*, a family nurse practitioner (NP) in Madison, Alabama, was being frequently triple-booked, didn’t feel respected by her office manager, and started to worry about becoming burned out. When she sought help, “the administration was tone-deaf,” she said. “When I asked about what I could do to prevent burnout, they sent me an article about it. It was clear to me that asking for respite from triple-booking and asking to be respected by my office manager wasn’t being heard ... so I thought, ‘how do I fly under the radar and get by with what I can?’ ” That meant focusing on patient care and refusing to take on additional responsibilities, like training new hires or working with students.

“You’re overworked and underpaid, and you start giving less and less of yourself,” Ms. Adams said in an interview.

Quiet quitting, defined as performing only the assigned tasks of the job without making any extra effort or going the proverbial extra mile, has gained attention in the press in recent years. A Gallup poll found that about 50% of the workforce were “quiet quitters” or disengaged.

It may be even more prevalent in healthcare, where a recent survey found that 57% of frontline medical staff, including NPs and physician assistants (PAs), report being disengaged at work.
 

The Causes of Quiet Quitting

Potential causes of quiet quitting among PAs and NPs include:

• Unrealistic care expectations. They ask you to give your all to patients, handle everything, and do it all in under 15 minutes since that’s how much time the appointment allows, Ms. Adams said.
• Lack of trust or respect. Physicians don’t always respect the role that PAs and NPs play in a practice.
• Dissatisfaction with leadership or administration. There’s often a feeling that the PA or NP isn’t “heard” or appreciated.
• Dissatisfaction with pay or working conditions.
• Moral injury. “There’s no way to escape being morally injured when you work with an at-risk population,” said Ms. Adams. “You may see someone who has 20-24 determinants of health, and you’re expected to schlep them through in 8 minutes — you know you’re not able to do what they need.”

What Quiet Quitting Looks Like

Terri Smith*, an NP at an academic medical center outpatient clinic in rural Vermont, said that, while she feels appreciated by her patients and her team, there’s poor communication from the administration, which has caused her to quietly quit.

“I stopped saying ‘yes’ to all the normal committee work and the extra stuff that used to add a lot to my professional enjoyment,” she said. “The last couple of years, my whole motto is to nod and smile when administration says to do something — to put your head down and take care of your patients.”

While the term “quiet quitting” may be new, the issue is not, said Bridget Roberts, PhD, a healthcare executive who ran a large physician’s group of 100 healthcare providers in Jacksonville, Florida, for a decade. “Quiet quitting is a fancy title for employees who are completely disengaged,” said Dr. Roberts. “When they’re on the way out, they ‘check the box’. That’s not a new thing.”

“Typically, the first thing you see is a lot of frustration in that they aren’t able to complete the tasks they have at hand,” said Rebecca Day, PMNHP, a doctoral-educated NP and director of nursing practice at a Federally Qualified Health Center in Corbin, Kentucky. “Staff may be overworked and not have enough time to do what’s required of them with patient care as well as the paperwork required behind the scenes. It [quiet quitting] is doing just enough to get by, but shortcutting as much as they can to try to save some time.”
 

Addressing Quiet Quitting

Those kinds of shortcuts may affect patients, admits Ms. Smith. “I do think it starts to seep into patient care,” she said. “And that really doesn’t feel good ... at our institution, I’m not just an NP — I’m the nurse, the doctor, the secretary — I’m everybody, and for the last year, almost every single day in clinic, I’m apologizing [to a patient] because we can’t do something.”

Watching for this frustration can help alert administrators to NPs and PAs who may be “checking out” at work. Open lines of communication can help you address the issue. “Ask questions like ‘What could we do differently to make your day easier?’” said Dr. Roberts. Understanding the day-to-day issues NPs and PAs face at work can help in developing a plan to address disengagement.

When Dr. Day sees quiet quitting at her practice, she talks with the advance practice provider about what’s causing the issue. “’Are you overworked? Are you understaffed? Are there problems at home? Do you feel you’re receiving inadequate pay?’ ” she said. “The first thing to do is address that and find mutual ground on the issues…deal with the person as a person and then go back and deal with the person as an employee. If your staff isn’t happy, your clinic isn’t going to be productive.”

Finally, while reasons for quiet quitting may vary, cultivating a collaborative atmosphere where NPs and PAs feel appreciated and valued can help reduce the risk for quiet quitting. “Get to know your advanced practice providers,” said Ms. Adams. “Understand their strengths and what they’re about. It’s not an ‘us vs them’ ... there is a lot more commonality when we approach it that way.” Respect for the integral role that NPs and PAs play in your practice can help reduce the risk for quiet quitting — and help provide better patient care.

*Names have been changed.

A version of this article first appeared on Medscape.com.

While she cared deeply about her work, Melissa Adams*, a family nurse practitioner (NP) in Madison, Alabama, was being frequently triple-booked, didn’t feel respected by her office manager, and started to worry about becoming burned out. When she sought help, “the administration was tone-deaf,” she said. “When I asked about what I could do to prevent burnout, they sent me an article about it. It was clear to me that asking for respite from triple-booking and asking to be respected by my office manager wasn’t being heard ... so I thought, ‘how do I fly under the radar and get by with what I can?’ ” That meant focusing on patient care and refusing to take on additional responsibilities, like training new hires or working with students.

“You’re overworked and underpaid, and you start giving less and less of yourself,” Ms. Adams said in an interview.

Quiet quitting, defined as performing only the assigned tasks of the job without making any extra effort or going the proverbial extra mile, has gained attention in the press in recent years. A Gallup poll found that about 50% of the workforce were “quiet quitters” or disengaged.

It may be even more prevalent in healthcare, where a recent survey found that 57% of frontline medical staff, including NPs and physician assistants (PAs), report being disengaged at work.
 

The Causes of Quiet Quitting

Potential causes of quiet quitting among PAs and NPs include:

• Unrealistic care expectations. They ask you to give your all to patients, handle everything, and do it all in under 15 minutes since that’s how much time the appointment allows, Ms. Adams said.
• Lack of trust or respect. Physicians don’t always respect the role that PAs and NPs play in a practice.
• Dissatisfaction with leadership or administration. There’s often a feeling that the PA or NP isn’t “heard” or appreciated.
• Dissatisfaction with pay or working conditions.
• Moral injury. “There’s no way to escape being morally injured when you work with an at-risk population,” said Ms. Adams. “You may see someone who has 20-24 determinants of health, and you’re expected to schlep them through in 8 minutes — you know you’re not able to do what they need.”

What Quiet Quitting Looks Like

Terri Smith*, an NP at an academic medical center outpatient clinic in rural Vermont, said that, while she feels appreciated by her patients and her team, there’s poor communication from the administration, which has caused her to quietly quit.

“I stopped saying ‘yes’ to all the normal committee work and the extra stuff that used to add a lot to my professional enjoyment,” she said. “The last couple of years, my whole motto is to nod and smile when administration says to do something — to put your head down and take care of your patients.”

While the term “quiet quitting” may be new, the issue is not, said Bridget Roberts, PhD, a healthcare executive who ran a large physician’s group of 100 healthcare providers in Jacksonville, Florida, for a decade. “Quiet quitting is a fancy title for employees who are completely disengaged,” said Dr. Roberts. “When they’re on the way out, they ‘check the box’. That’s not a new thing.”

“Typically, the first thing you see is a lot of frustration in that they aren’t able to complete the tasks they have at hand,” said Rebecca Day, PMNHP, a doctoral-educated NP and director of nursing practice at a Federally Qualified Health Center in Corbin, Kentucky. “Staff may be overworked and not have enough time to do what’s required of them with patient care as well as the paperwork required behind the scenes. It [quiet quitting] is doing just enough to get by, but shortcutting as much as they can to try to save some time.”
 

Addressing Quiet Quitting

Those kinds of shortcuts may affect patients, admits Ms. Smith. “I do think it starts to seep into patient care,” she said. “And that really doesn’t feel good ... at our institution, I’m not just an NP — I’m the nurse, the doctor, the secretary — I’m everybody, and for the last year, almost every single day in clinic, I’m apologizing [to a patient] because we can’t do something.”

Watching for this frustration can help alert administrators to NPs and PAs who may be “checking out” at work. Open lines of communication can help you address the issue. “Ask questions like ‘What could we do differently to make your day easier?’” said Dr. Roberts. Understanding the day-to-day issues NPs and PAs face at work can help in developing a plan to address disengagement.

When Dr. Day sees quiet quitting at her practice, she talks with the advance practice provider about what’s causing the issue. “’Are you overworked? Are you understaffed? Are there problems at home? Do you feel you’re receiving inadequate pay?’ ” she said. “The first thing to do is address that and find mutual ground on the issues…deal with the person as a person and then go back and deal with the person as an employee. If your staff isn’t happy, your clinic isn’t going to be productive.”

Finally, while reasons for quiet quitting may vary, cultivating a collaborative atmosphere where NPs and PAs feel appreciated and valued can help reduce the risk for quiet quitting. “Get to know your advanced practice providers,” said Ms. Adams. “Understand their strengths and what they’re about. It’s not an ‘us vs them’ ... there is a lot more commonality when we approach it that way.” Respect for the integral role that NPs and PAs play in your practice can help reduce the risk for quiet quitting — and help provide better patient care.

*Names have been changed.

A version of this article first appeared on Medscape.com.

While she cared deeply about her work, Melissa Adams*, a family nurse practitioner (NP) in Madison, Alabama, was being frequently triple-booked, didn’t feel respected by her office manager, and started to worry about becoming burned out. When she sought help, “the administration was tone-deaf,” she said. “When I asked about what I could do to prevent burnout, they sent me an article about it. It was clear to me that asking for respite from triple-booking and asking to be respected by my office manager wasn’t being heard ... so I thought, ‘how do I fly under the radar and get by with what I can?’ ” That meant focusing on patient care and refusing to take on additional responsibilities, like training new hires or working with students.

“You’re overworked and underpaid, and you start giving less and less of yourself,” Ms. Adams said in an interview.

Quiet quitting, defined as performing only the assigned tasks of the job without making any extra effort or going the proverbial extra mile, has gained attention in the press in recent years. A Gallup poll found that about 50% of the workforce were “quiet quitters” or disengaged.

It may be even more prevalent in healthcare, where a recent survey found that 57% of frontline medical staff, including NPs and physician assistants (PAs), report being disengaged at work.
 

The Causes of Quiet Quitting

Potential causes of quiet quitting among PAs and NPs include:

• Unrealistic care expectations. They ask you to give your all to patients, handle everything, and do it all in under 15 minutes since that’s how much time the appointment allows, Ms. Adams said.
• Lack of trust or respect. Physicians don’t always respect the role that PAs and NPs play in a practice.
• Dissatisfaction with leadership or administration. There’s often a feeling that the PA or NP isn’t “heard” or appreciated.
• Dissatisfaction with pay or working conditions.
• Moral injury. “There’s no way to escape being morally injured when you work with an at-risk population,” said Ms. Adams. “You may see someone who has 20-24 determinants of health, and you’re expected to schlep them through in 8 minutes — you know you’re not able to do what they need.”

What Quiet Quitting Looks Like

Terri Smith*, an NP at an academic medical center outpatient clinic in rural Vermont, said that, while she feels appreciated by her patients and her team, there’s poor communication from the administration, which has caused her to quietly quit.

“I stopped saying ‘yes’ to all the normal committee work and the extra stuff that used to add a lot to my professional enjoyment,” she said. “The last couple of years, my whole motto is to nod and smile when administration says to do something — to put your head down and take care of your patients.”

While the term “quiet quitting” may be new, the issue is not, said Bridget Roberts, PhD, a healthcare executive who ran a large physician’s group of 100 healthcare providers in Jacksonville, Florida, for a decade. “Quiet quitting is a fancy title for employees who are completely disengaged,” said Dr. Roberts. “When they’re on the way out, they ‘check the box’. That’s not a new thing.”

“Typically, the first thing you see is a lot of frustration in that they aren’t able to complete the tasks they have at hand,” said Rebecca Day, PMNHP, a doctoral-educated NP and director of nursing practice at a Federally Qualified Health Center in Corbin, Kentucky. “Staff may be overworked and not have enough time to do what’s required of them with patient care as well as the paperwork required behind the scenes. It [quiet quitting] is doing just enough to get by, but shortcutting as much as they can to try to save some time.”
 

Addressing Quiet Quitting

Those kinds of shortcuts may affect patients, admits Ms. Smith. “I do think it starts to seep into patient care,” she said. “And that really doesn’t feel good ... at our institution, I’m not just an NP — I’m the nurse, the doctor, the secretary — I’m everybody, and for the last year, almost every single day in clinic, I’m apologizing [to a patient] because we can’t do something.”

Watching for this frustration can help alert administrators to NPs and PAs who may be “checking out” at work. Open lines of communication can help you address the issue. “Ask questions like ‘What could we do differently to make your day easier?’” said Dr. Roberts. Understanding the day-to-day issues NPs and PAs face at work can help in developing a plan to address disengagement.

When Dr. Day sees quiet quitting at her practice, she talks with the advance practice provider about what’s causing the issue. “’Are you overworked? Are you understaffed? Are there problems at home? Do you feel you’re receiving inadequate pay?’ ” she said. “The first thing to do is address that and find mutual ground on the issues…deal with the person as a person and then go back and deal with the person as an employee. If your staff isn’t happy, your clinic isn’t going to be productive.”

Finally, while reasons for quiet quitting may vary, cultivating a collaborative atmosphere where NPs and PAs feel appreciated and valued can help reduce the risk for quiet quitting. “Get to know your advanced practice providers,” said Ms. Adams. “Understand their strengths and what they’re about. It’s not an ‘us vs them’ ... there is a lot more commonality when we approach it that way.” Respect for the integral role that NPs and PAs play in your practice can help reduce the risk for quiet quitting — and help provide better patient care.

*Names have been changed.

A version of this article first appeared on Medscape.com.