Cybersecurity education and training in hospitals: Proactive resilience educational framework (Prosilience EF)

Abstract

Healthcare is a vital component of every nation's critical infrastructure, yet it is one of the most vulnerable sector for cyber-attacks. To enforce the knowledge on information security processes and data protection procedures, educational and training schemes should be establishedfor information technology (IT) staff working in healthcare settings. However, only training IT staff is not enough, as many of cybersecurity threats are caused by human errors or lack of awareness. Current awareness and training schemes are often implemented in silos, concentrating on one aspect of cybersecurity at a time. Proactive Resilience Educational Framework (Prosilience EF) provides a holistic cyber resilience and security framework for developing and delivering a multilateral educational and training scheme based on a proactive approach to cybersecurity. The framework is built on the principle that education and training must be interactive, guided, meaningful and directly relevant to the user' operational environment. The framework addresses capacity mapping, cyber resilience level measuring, utilizing available and mapping missing resources, adaptive learning technologies and dynamic content delivery. Prosilience EF launches an iterative process of awareness and training development with relevant stakeholders (end users — hospitals, healthcare authorities, cybersecurity training providers, industry members), evaluating the framework via joint exercises/workshops andfurther developing the framework.