The Cybersecurity in Healthcare MOOC was developed as part the SecureHospitals.eu project. This project has received funding from the European Union’s Horizon 2020 Coordination Research and Innovation Action under Grant Agreement No. 826497.
The course "Cybersecurity in Healthcare" has been developed to raise awareness and understanding the role of cybersecurity in healthcare (e.g., hospitals, care centres, clinics, other medical or social care institutions and service organisations) and the challenges that surround it. In this course, we will cover both theoretical and practical aspects of cybersecurity. We look at both social aspects as technical aspects that come into play. Furthermore, we offer helpful resources that cover different aspects of cybersecurity. Even if you are not active in the healthcare domain, you will find helpful tips and insights to deal with cybersecurity challenges within any other organisation or in personal contexts as well.
This course begins by introducing the opportunities and challenges that digitalisation of healthcare services has created. It explains how the rise of technologies and proliferation of (medical) data has become an attractive target to cybercriminals, which is essential in understanding why adequate cybersecurity measures are critical within the healthcare environment. In later modules, course contents cover the threats, both inside and outside of healthcare organisations like e.g. social engineering and hacking. Module 4 on Cyber Hygiene describes how to improve cybersecurity within healthcare organisations in practical ways. Module 5 looks deeper into how organisational culture affects cybersecurity, the cybersecurity culture, focusing on the interaction between human behaviour and technology and how organisational factors can boost or diminish the level and attention to cybersecurity in healthcare.
Do you work for a hospital, clinic, medical practice, care centre, care provider, social care organisation, or nursing home? Do you want to improve your personal or your organisation’s cybersecurity (cyber security, IT security, information security, network security, computer security, awareness)? Then please visit https://www.securehospitals.eu to gain access to a range of resources. You can also join the Security providers and Trainers platform (see: https://www.securehospitals.eu/for-providers-and-trainers/) or our Community of Practice (see: https://www.securehospitals.eu/community/).
Cybersecurity in healthcare: technology, data, and human behaviour
It was predicted for 2020 that over 20 billion devices would be connected worldwide – from cell phones to wearable devices, from fridges to coffee makers, almost anything that can be connected to the internet will be connected. But how is increased interconnectivity affecting the healthcare sector – healthcare organisations, the people who work in them, and their patients? The increased digitalisation that we have seen and still see has many advantages, but widespread interconnectivity is also affecting cybersecurity across the world. Healthcare organisations have become a major target for cybercriminals because of the data they hold. Accidents that lead to data breaches can have severe consequences for the patients, staff members, and the healthcare organisation itself.How can healthcare organisations protect themselves, their staff and their patients against these growing threats? And how can healthcare professionals contribute to this process? In this first module, we will dive into the concept of cybersecurity and why it applies to healthcare. Furthermore, we will discover both the opportunities and challenges that have come into existence alongside digitalisation in healthcare. Finally, we will take a first look at the specific threats that healthcare and social care organisations may face. Note: Whenever you feel like you want more information but you don’t know where to start: we have an online library of a range of resources available to you. Please visit: https://www.zotero.org/groups/2280149/securehospitals/library. You can also find the link to the library in the ‘Resources’ tab in the menu.
Social aspects of cybersecurity: social engineering and social media
Welcome to the second module of the course! In this module we will explore the social factors that may influence human behaviour in relation to medical technologies. It is often mentioned that the ‘human is the weakest link’ in cybersecurity. And while the choices we make and the way we act can be problematic, we want to show how cybersecurity incidents often stem from a combination of factors, in the interaction between the human and technology. We will take an in-depth look at how social engineers try to exploit human emotions and natural responses. Additionally, we show how social media use can become problematic. Not just in terms of patient privacy, but also as a treasure trove for cybercriminals to obtain information.
Data breaches, hackers, and malware in healthcare
One of the most well known cases of malware, or ransomware, is WannaCry (2017) that affected the National Health Service (NHS) in the UK especially hard. The case highlights the essence of cybersecurity in the healthcare domain. For this reason we dive deeper into threats against cybersecurity in healthcare organisations in this third module. We take a look at data breaches and the consequences such incidents may have. We explore methods and motives of hackers - what makes healthcare so attractive to them? Finally, we look at different types of malware and how they are deployed. For each of these topics, we provide cases that give an overview of the events and the consequences for the healthcare organisation that was victimised. These real life examples will bring contemporary cybersecurity challenges alive.
Cyber hygiene: practices to improve cybersecurity
In the fourth module, we will move the focus to methods to improve cybersecurity. In this module, we will explore the concept of cyber hygiene: practices that improve cybersecurity. These are behaviours that individuals can do on their own, but also higher level practices that organisations should employ to remain secure and resilient. In particular, we will highlight digital communication and safe emailing, encryption, device management, password management, and software management. This includes updates and backups.
Security culture: creating positive environment to practice cybersecurity
In the fifth and final module, we build on the social aspects of cybersecurity by exploring the concept of cybersecurity culture. We discuss how healthcare organisations may create or maintain an environment where cybersecurity practices might be ignored, promoted, or even discouraged - influencing the uptake of good cybersecurity behaviours. Often, policies and regulations are implemented to steer behaviour and improve cybersecurity. But as you will learn, merely implementing such policies may not be successful as workers may find ‘workarounds’, or ways to circumvent security measures. We will show how investing in cybersecurity culture may be necessary to prevent workarounds from being exploited, making employees more aware and invested in cybersecurity, and to improve cybersecurity in the healthcare organisation.
Do you work for a hospital, clinic, medical practice, care centre, care provider, social care organisation, or nursing home? Do you want to improve your personal or your organisation’s cybersecurity (cyber security, IT security, information security, network security, computer security, awareness)? Then please visit www.securehospitals.eu to gain access to a range of resources. You can also join the Security providers and Trainers platform (see: https://www.securehospitals.eu/for-providers-and-trainers/) or our Community of Practice (see: https://www.securehospitals.eu/community/).