Teacher Training Resources
DIGITAL HEALTH
It refers to the broad range of information and communication technologies (ICTs) to support and enhance all phases of healthcare, including prevention, diagnosis, treatment, and management. It encompasses digital tools, health data usage, and connected devices.
ELECTRONIC HEALTH RECORDS
Electronic health records are digital versions of a patient's paper chart, containing medical history, diagnoses, medications, treatment plans, and other health information. They are highly targeted assets in cyberattacks.
HEALTHCARE PROVIDERS
They consist of entities that deliver health and care services, such as hospitals, clinics, care homes, and rehabilitation centres. They are the primary targets of cyberattacks in the sector.
MEDICAL DEVICES
Medical devices are internet-connected or software-driven devices used in healthcare, ranging from diagnostic tools to life-sustaining equipment (e.g., ventilators, pacemakers). They represent a significant attack vector due to potential vulnerabilities.
PATIENT SAFETY
The paramount concern in healthcare, referring to the avoidance of preventable harm to patients and the maintenance of their well-being. Cyber incidents can directly compromise patient safety by delaying or disrupting medical procedures and treatment.
CLOUD SECURITY
It refers to a number of policies, controls, procedures, and technologies whose purpose is to protect cloud-based systems, data, and infrastructure. It addresses issues such as data privacy, identity and access management, compliance, and resilience against cyberattacks from the ‘cloudification’ of patient data in healthcare.
CYBER HYGIENE
Refers to the simple practices and steps we can all take to protect our personal information and devices from cyber threats. Some include two-factor authentication, use strong passwords, regular software updates, etc.
CYBER RESILIENCE
It is an organisation's ability to prepare for, respond to, and recover from cyber threats while maintaining patient care and operational continuity. It focuses on minimising disruptions caused by cyberattacks and ensuring the security of sensitive data. This concept combines business continuity, information systems security, and organisational resilience. It describes the ability to continue delivering intended outcomes despite experiencing challenging cyber events.
CYBERSQUATTING
Cybersquatting is defined as the act of appropriating an internet domain name that is identical or similar to a legitimate one in order to generate traffic.
DATA BREACH
It refers to an intentional or unintentional event that leads to the unauthorised access, disclosure, or manipulation of sensitive, confidential, or protected data, including patient data and electronic health records. Breaches can result from hacking, phishing, misconfiguration, insider error, or physical theft.
DENIAL of SERVICE ATTACKS
It is a malicious attempt to make a computer system, network, or service unavailable by sending too much traffic or asking for too many resources. Effectiveness is determined by using vulnerable devices.
ERRORS, MISCONFIGURATIONS AND POOR SECURITY PRACTICES
They are internal vulnerabilities and unintentional human errors, such as misconfigurations or inadequate security practices, that can lead to security incidents, including data leaks. Some examples are weak passwords, excessive user privileges, failure to apply patches, or neglecting encryption.
RANSOMWARE
It’s a type of malware that encrypts files and makes them inaccessible. To restore it, attackers demand a ransom in exchange for decryption. Some actions may include the total computer lockdown, data stealing, encryption or deletion, or the threat to leak all the stolen information.
SOFTWARE/HARDWARE VULNERABILITIES
It consists of weaknesses or flaws in software or hardware systems that can be exploited by threat actors to gain unauthorised access, disrupt services, or compromise data1. Examples include unpatched software bugs, misconfigurations, outdated operating systems, or insecure medical devices.
SUPPLY CHAIN ATTACKS
It occurs when a malicious actor targets an organisation by compromising less secure elements in its supply chain rather than the main organisation directly, such as third-party vendors or service providers, to gain access to the main target. This makes it difficult to find and affects a large number of people, as a single breach can affect multiple organisations downstream.
VISHING
Vishing are fraudulent phone calls or voice messages designed to trick victims into providing sensitive information, like login credentials, credit card numbers, or bank details. They often pretend to be reputable organisations (such as the victim's bank, the IRS, or a package delivery service) and make unexpected phone calls.