Cybersecurity guide for healthcare sector (EU scope)
Cybersecurity guide for healthcare sector (EU scope) is a mapping and study of cyber incidents/cyberattacks that have occurred in the European health sector from January 2021 to March 2023.
HIPAA Cybersecurity Guidance
A collection of official resources provided by the U.S. Department of Health and Human Services (HHS) to help healthcare organizations and their business associates understand and improve cybersecurity practices in line with HIPAA requirements. It includes guidelines, newsletters, case examples, and training materials focusing on prevention and response to cyber incidents such as ransomware attacks.
Video training for professionals and students
This eight-part video training series, developed by the Health Sector Coordinating Council (HSCC), uses non-technical language to teach clinicians how cyber attacks can affect clinical operations and patient safety, and provides practical steps to keep healthcare systems and patients safe from cyber threats.
Knowledge on Demand E-learning
Knowledge on Demand is the free cybersecurity education platform from the HHS 405(d) Program, providing awareness trainings that align with the top five cybersecurity threats outlined in the Health Industry Cybersecurity Practices (HICP) publication to strengthen the security posture of the Healthcare and Public Health (HPH) sector.
Cybersecurity Awareness Training
Amazon Cybersecurity Awareness Training – A free, online platform developed by Amazon that provides essential cybersecurity training for individuals, including professionals in healthcare and other sectors. The training uses interactive modules to help learners identify and prevent common cyber threats in both personal and professional environments.
Free e-learning courses on cybersecurity in healthcare (Australian Digital Health Agency)
Access free eLearning courses and the Cyber Champions Network from the Australian Digital Health Agency to build cyber resilience and promote positive security behaviors among your healthcare staff.
Online game about cybersecurity, raises awareness. (The Weakest Link)
This interactive program, "The Weakest Link," is a user security game designed to raise cybersecurity awareness by simulating a user's first month on the job. Players are challenged to make daily choices that directly impact their security score and determine whether the company suffers a breach, demonstrating how individual actions serve as a key line of defense against security incidents.
The use of gamification on cybersecurity awareness of healthcare professionals
The material titled "The use of gamification on cybersecurity awareness of healthcare professionals" is a scientific article that explores how gamification can be applied to improve cybersecurity awareness among healthcare workers. It highlights the growing cybersecurity threats in the healthcare sector—especially due to human error—and argues that traditional training methods are often ineffective. The paper reviews existing gamified training tools and concludes that a tailored gamified approach for healthcare settings could significantly enhance staff engagement, knowledge retention, and overall cyber resilience.
From Dis-empowerment to empowerment: Crafting a healthcare cybersecurity self-assessment
The academic article “From Dis-empowerment to Empowerment: Crafting a Healthcare Cybersecurity Self-Assessment” presents the development and evaluation of a healthcare-specific cybersecurity self-assessment tool tailored for the Australian healthcare sector. Unlike traditional frameworks, this tool integrates both technical and psychological empowerment aspects to improve individual and institutional cybersecurity awareness and preparedness. Using Design Science Research (DSR) methodology, the authors designed the tool to help government agencies, healthcare providers, associations, and consumers identify cybersecurity gaps and receive actionable, role-specific recommendations. The study emphasizes that empowering users—not just training them—enhances security behavior and fosters a proactive cybersecurity culture.
Cybersecurity and critical care staff: A mixed methods study
This research investigates cybersecurity awareness, knowledge, and behaviors among critical care (ICU) personnel across multiple hospital sites. Using the validated HAIS-Q tool, scenario-based questions, and free-text responses, it assesses the gap between self-perceived cybersecurity awareness and actual practices. The study reveals that, despite high awareness, confidence and accurate behaviors—especially in breach recognition and reporting—are lacking. Critical factors like limited training, fatigue, and infrastructure constraints impede effective cybersecurity behavior.
A Critical Review on Cybersecurity Awareness Frameworks and Training Models
This open-access, quantitative review evaluates multiple approaches to cybersecurity awareness and training—framing them as strategic initiatives that reduce security incidents and organizational costs while improving resilience and overall cybersecurity posture. The analysis emphasizes real-world evidence of the effectiveness of structured awareness and training programs.
An Integrated Cybernetic Awareness Strategy to Assess Cybersecurity Attitudes and Behaviours in School Context
A research article proposing a comprehensive strategy to enhance cyber awareness among junior high school students. It combines assessment tools (questionnaires), self-diagnosis, and structured lesson plans tailored to ICT and citizenship curricula. The study measures risky attitudes and behaviors related to cybersecurity among students in grades 6 and 9, offering both aggregate and individual-level insights.
Cyber-attacks are a permanent and substantial threat to health systems: Education must reflect that
A commentary arguing that cyber-attacks—escalating in frequency and impact, especially during and after the COVID-19 pandemic—can no longer be viewed solely as IT issues. It underscores how these attacks harm staff wellbeing and disrupt patient care. The authors advocate for comprehensive cybersecurity education for all healthcare staff through online resources, simulation, and gaming, and emphasize the roles of national educators, policymakers, and multilateral organizations in driving these changes
Gamification and Serious Games for Cybersecurity Awareness and First Responders Training: An Overview
This is a literature review titled “Gamification and Serious Games for Cybersecurity Awareness and First Responders Training: An Overview”. It's a comprehensive preprint (TechRxiv, April 2023) that surveys scholarly work on cybersecurity awareness training methodologies, frameworks, and serious games specifically tailored for the general public, organizations, and first responders. The paper emphasizes how gamification—using game elements in non-game settings—can improve engagement, enjoyment, and security outcomes by encouraging users to think about security concepts rather than relying on rote memorization.
Systematically Applying Gamification to Cyber Security Awareness Trainings: A Framework and Case Study Approach
This is a master’s thesis by Iris Rieff (2018) that proposes a structured framework for integrating gamification into existing cyber security awareness training programs. The work includes a conceptual model and a real-world case study comparing the original training and its gamified version, measuring participant perceptions through pre- and post-training evaluations. Most respondents rated the gamified training as more engaging and effective.
Systematically Applying Gamification to Cyber Security Awareness Trainings: A Framework and Case Study Approach
This is a master’s thesis by Iris Rieff (2018) that proposes a structured framework for integrating gamification into existing cyber security awareness training programs. The work includes a conceptual model and a real-world case study comparing the original training and its gamified version, measuring participant perceptions through pre- and post-training evaluations. Most respondents rated the gamified training as more engaging and effective
Untitled graphic
The graphic describes the procedure a pregnant woman has to follow on arrival at the hospital by her own car and explains the symbol she can find while doing it.
An overview of cybersecurity in healthcare, focusing on the role of AI and its regulatory framework (Academic Article)
This scholarly article analyzes how EU Regulation 2017/745 (Medical Devices Regulation) and the new Artificial Intelligence Act protect patient health and safety by addressing the cyber vulnerabilities inherent in modern medical devices.
The Media-Savvy Healthcare and Welfare Professional
This elective module offers MBO (vocational college) students in healthcare and welfare education insights into the responsible and effective use of digital media in professional settings. It focuses on media literacy and its application in client interaction, professional development, and ethical considerations in the digital age.
Cyber crisis first response
This knowledge document from Z-CERT (the Dutch expertise center for cybersecurity in healthcare) provides healthcare organizations with a practical, ready-to-use checklist for preparing for and managing a cyber crisis. It emphasizes the importance of having essential, up-to-date data—like an offline list of key contacts and their roles—to ensure that the correct response steps are taken quickly, minimizing the impact of a digital incident.
Free courses to improve digital skills for health care workers (Digivaardig in de Zorg (VVT))
This is a comprehensive knowledge platform for care and welfare professionals (VVT sector) focused on enhancing digital skills (digivaardigheid). It provides a wide range of learning materials, self-assessments, and resources on topics like basic digital skills, information security, e-health, and care technology, demonstrating how improved digital proficiency leads to time savings in the care environment.
Online lesson about cybersecurity (Digitale Veiligheid (MBO Lesson))
This is an interactive, 36-slide lesson designed for MBO students focused on digital safety and privacy. It uses interactive quizzes and video to teach essential topics, including creating strong passwords, understanding your digital footprint, the function of cookies and online tracking, and complying with the AVG (GDPR) privacy law.
Cybersicherheit im Gesundheitswesen regulieren
Regulating Cybersecurity in Healthcare — a policy analysis by the Center for Security Studies (CSS) at ETH Zurich. The document examines regulatory approaches to strengthen cybersecurity in the healthcare sector, identifies key challenges, and provides recommendations for effective governance.
Cybersicherheit von Krankenhäusern und Gesundheitsdienstleistern
European Commission action plan and communication describing the EU’s strategy to strengthen the cybersecurity resilience of healthcare systems, institutions, and connected medical devices.
BSI Magazin 2025/01 - Mit Sicherheit - Im Blickpunkt: Digitale Identitäten -
The January 2025 issue of the German federal BSI magazine which features topics on digital identities, cybersecurity in healthcare, the new Cyber Resilience Act, and support for secure Europe-wide digital projects.
Cybersecurity in Hospitals – Legal Accountibility when Patients are harmed
The heise online background articlue discusses who may be held criminally responsible when a cyberattack on a hospital leads to a patient harm. Using recent German and EU-developments, it explains intent vs. Negligence, management responsibilities and practical steps to reduce liability risk.
IT Sicherheit Anforderungen und Schutzmaßnahmen, Tipps und Beispiele für die Praxis
Explains the German IT Security Guideline for medical practices. It outlines mandatory and recommended safeguards, gives practical checklists and examples, and provides advice on implementation. The 2025 edition adds new rules, such as mandatory staff sensitisation on IT security and specific handling of suspicious emails.
Sicurezza informatica della rete sanitaria nell'era della trasformazione digitale. Con un'intervista speciale a Silvia Piai, Research Director per IDC Health Insights
Health network cybersecurity in the age of digital transformation. With a special interview with Silvia Piai, Research Director for IDC Health Insights. The article explores the current state of cybersecurity in healthcare. In an era of fast digital transformation, digital security development must keep up. The International Data Corporation (IDC) presents the Digital Age Networking (DAN), an intelligent, automated network, built using Alcatel-Lucent Enterprise Intelligent Fabric (iFab) technology, which facilitates the connection of users and devices to their specific applications in a secure way. In the same article Silvia Piai shares IDC's strategies and technologies regarding cybersecurity in the health sector.
Sanità italiana e Sicurezza Informatica – L’Ecosistema Dati Sanitari (EDS) come parte integrante del Sistema FSE (Fascicolo Sanitario Elettronico)
Italian Healthcare and Information Security - The Health Data Ecosystem (EDS) as an integral part of the ESF (Electronic Health Record System”). The article, available in “ICT security magazine”, explains the 4th, 8th, 17th 20-23rd articles of the Italian decree Ecosistema Dati Sanitari (Health Data Ecosystem) published on 5 March 2025 in Gazzetta Ufficiale (the Official Gazette). The document represents an advanced model of architecture for the security of digital health data, an historic significance for the digitisation of Italian and European healthcare.
Compendio sul trattamento dei dati personali effettuato attraverso piattaforme volte a mettere in contatto i pazienti con i professionisti sanitari accessibili via web e app.
Compendium on the processing of personal data through platforms to connect patients with healthcare professionals accessible via web and app. This compendium is intended to provide preliminary indications on the processing of personal data, including health data, carried out through platforms -usable via web and/or App- aimed at facilitating contact between users and health professionals, including General Practitioners (GPs) and Paediatricians of Free Choice (PFCs).
Carpe digital
Carpe Digital is a series of short animated videos on the theme of digital education. The format consists of fifteen videos, each lasting two minutes, which explore key concepts in information technology and enrich our daily experience of the Internet and the web by increasing our awareness.
Ciberseguridad para tu sector
A roadmap to establish key points related to cybersecurity in healthcare sector.
Videos secuenciales sobre temas generales de ciberseguridad
A series of short videos about everyday situations that can affect cybersecurity and the decisions that can be made to resolve them.
Seminarios web sobre aspectos clave de ciberseguridad
Some video-format publications, designed to present cybersecurity knowledge and technical aspects in an engaging and accessible way.
Kit de concienciación sobre ciberseguridad en las empresas
Kit de concienciación sobre ciberseguridad en las empresas
Taller online sobre cómo configurar nuestro dispositivo
It offers infographics, links, and mini-games to create a safe environment at home to protect ourselves from internet risks.
Ciberseguridad para PYMES y autónomos
It provides information about a cybersecurity course for SMEs and self-employed professionals.
Cibersecurity training from National Cryptographic Centre of Spain. Requires National login
It is a cybersecurity training course using gamification methodology
Interactive learning environment to develop cybersecurity skills.
Interactive learning environment to develop cybersecurity skills is a cybersecurity training course using an interactive learning environment.
Cibersecurity training from National Cryptographic Centre of Spain.
The present material is structured in 71 infographics that provide downloadable information about cybersecurity in different categories such as threats or incident management, and also with different skills such as basic cybersecurity or cyber resilience among others.