SkillsCourses

Cybersecurity for Healthcare Staff

5 Modules

4 Hours

EQF-Level: 3-5

About

Learning Outcomes

Modules

Back to BeWell

About the course

Target group

Nurses, nursing assistants, medical administrative staff 

Key words

, ,

Course introduction

The “Introductory Training Programme on Cybersecurity for Healthcare Staff” is designed to equip nurses, nursing assistants and medical administrative personnel with essential cybersecurity skills tailored to the healthcare sector. Comprising five modules, each 45 minutes in length, the course focuses on enhancing knowledge of data protection and cybersecurity practices within medical environments. 

The first module introduces the fundamentals of cybersecurity, explaining the importance of safeguarding sensitive patient information and the various types of cyber threats, such as malware and phishing attacks. Module two delves into the General Data Protection Regulation (GDPR), covering its relevance in healthcare, key compliance principles and the proper handling of personal data. The third module emphasises password management and best practices, including two-factor authentication, email security and safe internet browsing. Module four addresses mobile device security, teaching participants how to manage the risks associated with using mobile devices for work, and the importance of securing personal and professional data. The final module focuses on incident response, outlining how to recognise signs of a cyber-attack, isolate affected devices and follow appropriate reporting procedures. 

Delivered through engaging multimedia content, quizzes and reflection sessions, this up-skilling programme ensures participants gain practical knowledge. The course is ideal for healthcare workers at EQF levels 3-5 who seek to stay informed about cybersecurity and safeguard sensitive healthcare information. 

Details to know

Downloadable certificate

Share your certificate on Linkedin

Assessment

10 Quizzes

Taught in English

Will also be available in 6 languages

Learning outcomes

Module 1
  • Competence
    • Is able to use the general concept of cybersecurity to protect patient data in their daily work
  • Knowledge:
    • Understands the general concept of cyber security and its importance in the healthcare industry
  • Skills:
    • Identifies the most common forms of cyber threats such as malware (viruses, worms, and Trojans), social engineering (phishing, pretexting), ransomware
    • Acts to present the most common forms of cyber threats when working with patient data and other types of sensitive information
Module 2
  • Competence:
    • Is able to understand, explain and use the purpose and key principles of the GDPR and how it relates to their work with sensitive data
  • Knowledge:
    • Has a general understanding of the purpose and key principles of the GDPR, its connection to cybersecurity and its implication for their work   
    • Understands the rights and responsibilities related to their handling and protecting of patient data under the GDPR             
      • Knows the content of the requirements for healthcare organisations when handling and protecting patient data (informed consent, right to access, rectify and erase data)
  • Skills:
    • Follows the requirements for healthcare organisations when collecting, storing and sharing patient data
Module 3
  • Competence:
    • Is able to practice safe password management and safe use of emails to protect themselves against cyber threats.
  • Knowledge:
    • Understands the importance of strong passwords and its role in securing sensitive information    
    • Knows the most central best practices for creating strong passwords, the importance of two-factor authentication and the most common authentication pitfalls   
    • Has a general and superficial understanding of additional security measures such as multi-factor authentication and password managers   
  • Skills:
    • Practices safe password management at work by creating strong and unique passwords and avoids common password pitfalls
    • Verifies sender email addresses when receiving emails and identifies phishing attacks        
    • Follows safe browsing practices such as using secure websites when at work and when using equipment from work
Module 4
  • Competence:
    • Is able to use mobile devices in a work setting while minimising the most common cybersecurity threats
  • Knowledge:
    • Understands the importance of implementing security measures for mobile devices, including encryption and device passcodes Avoids using public Wi-Fi networks when using work-related devices and working on work-related tasks and uses reliable VPNs (Virtual private network) instead
  • Skills:
    • Does not share personal information related to their digital identity to anyone
    • Uses data encryption software
    • Avoids potential vulnerabilities when using mobile devices for work-related tasks
Module 5
  • Competence:
    • Is able to recognise and explain to others the most common signs of cyber-attacks (slow internet, unexpected error messages)
  • Knowledge:
    • Understands the importance of reporting security incidents and knows how to do so
    • Knows the most important consequences of failing to report security incidents
  • Skills:
    • Follows the correct procedures when responding and reporting a cyber-attack
    • Isolates infected devices
    • Acts responsibly when preserving data by doing data backups and cooperating with IT professionals

Introduction to cybersecurity and threats

Module 1. This training programme highlights the importance of cybersecurity in healthcare, focusing on protecting sensitive patient data from threats that could lead to identity theft, service disruption and significant financial or reputational damage. 

Lessons

Introduction 1. Introduction to the concept of cybersecurity 2. Types of threats / Types of attackers References

GDPR for healthcare workers

Module 2. Module 2 introduces the GDPR’s role in healthcare, covering its purpose, data protection standards, compliance and accountability, while highlighting steps to take in the event of a data breach. 

Lessons

Introduction 1. Purpose of the GDPR 2. Related Principles References

Passwords and security measures

Module 3. Module 3 focuses on the importance of strong password practices, two-factor authentication, and strategies for ensuring email and internet security to protect sensitive healthcare data from cyber threats. 

Lessons

Introduction 1. Password Management 2. Introduction to Email Security References

Mobile device security

Module 4. This module explores security risks associated with mobile devices in healthcare, emphasizing regulatory compliance and strategies to minimize risks in both professional and personal use of these devices. 

Lessons

Introduction 1. Security Risks 2. Securing mobile devices References

Incidence response

Module 5. This module teaches healthcare professionals to recognise cyber-attack signs, respond swiftly by isolating devices, report incidents and understand their roles in the organisation’s incident response plans to protect patient data. 

Lessons

Introduction 1. Signs of a cyber-attack 2. General reporting procedures References Course Evaluation

Back to top

Co-funded by the Erasmus+ programme of the European Union under Grant Agreement number 101056563.

Co-funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or EACEA. Neither the European Union nor the granting authority can be held responsible for them.