Cybersecurity in Healthcare (Hospitals & Care Centres) By Coursera Course Review and Summary

Provider : Erasmus University Rotterdam

Course Link:

Course Notes and Summary

Note 1: There’s a tension between cybersecurity experts who want to secure hospital systems and doctors who are focused on patient care. Cybersecurity measures can make systems more difficult to use and complicate patient care processes

Note 2: Article 9 of the GDPR states that the processing of health information is in principle forbidden. It is however allowed to process such data when specific conditions are met. Generally speaking, healthcare organisations could base the processing of the health information of their patients on the legal grounds of consent, the necessity for the protection of the vital interest of the data subject, or the necessity for the provision of healthcare or treatment or the management of healthcare systems and service

Get COMPTIA Security+ Exam Notes

Context and and complications of cyber security in healthcare

Adopting cybersecure behaviours is often complicated by contextual factors. Commonly noted problems within healthcare and social care organisations are:

– Time pressure and heavy workload
– Workflow issues, such as needing multiple systems and multiple logins
– The complex design of systems and variety in user interfaces
– Policies, protocols, and processes that do not correspond with real-life working situations
– Physical environment, floor plans, furnishings


Note 3: it is important to understand practices in healthcare to improve cybersecurity. Cybersecurity measures and education become more effective if we understand how healthcare employees use technologies, which skills they need for that, and the meaning behind it.

Note 4: The healthcare cybersecurity is full of vulnerabilities and thus is an easy target for hackers, regardless of their skillsets

Note 5: Healthcare organisations and their data are targeted for financial gain, to advance medical research, and/or to create market opportunities

Note 6: Cyber hygiene is a useful metaphor for cybersecurity practices.Just like ‘normal’ hygiene, these practices should be done regularly to maintain cybersecurity

Definition of Cyber Security Culture

Cybersecurity culture refers to how cybersecurity is viewed and expressed within the healthcare organisation.

-Cybersecurity culture refers to “knowledge, beliefs, perceptions, attitudes, assumptions, norms and values of people regarding cybersecurity and how they manifest in people’s behaviour with information technologies

-it is important to create a cybersecurity culture within healthcare and social care organisations.

**It supports and motivates staff members to apply cyber hygiene practices

**It provides an atmosphere were staff members feel comfortable to ask questions concerning cybersecurity

**It ensures that cybersecurity receives sufficient attention at all levels in the organisation

Note 7: Organisational culture is influenced by what personnel believes to be the accepted beliefs and values of the organisation. As a result, these steer group and individual behaviour

The following list contains sources to determine the current culture in an organisation:

*Use surveys, observation and/or interviews to assess staff members’ knowledge, beliefs, perceptions, attitudes, assumptions, norms and values*

*Review organisational processes and policies*

*Interview management to assess where the core issues lie for their teams*

*Use IT security tools, log files and IT support tickets to determine key issues*

*Employ security testing methods, such as phishing and malware campaigns, to determine employee response.*

Course Certificate

Cybersecurity in Healthcare (Hospitals & Care Centres)

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles