Course

Cyber Awareness and Security

Course Highlights


  • In this Cyber Awareness and Security course, we will learn about common cybersecurity terms. 
  • You’ll also learn the nurse’s role in cybersecurity awareness. 
  • You’ll leave this course with a broader understanding of ways to prevent cybersecurity threats.

About

Contact Hours Awarded:

Course By:
Sadia A., MPH, MSN, WHNP-BC 

Begin Now

Read Course  |  Complete Survey  |  Claim Credit

Read and Learn

The following course content

Introduction   

When hearing about cybersecurity and cyber awareness, what comes to mind? If you’re a nurse, you’ve heard of the Internet before. In fact, you might spend hundreds of hours monthly on the Internet for personal and professional use. Between patient care, personal social media use, and all things connected to the Internet in a digital world, there is so much going on that can leave your information and the information of others exposed and unsafe. The information in the course will serve as a valuable resource for nurses regarding cybersecurity and cyber awareness

Defining Cybersecurity 

Cybersecurity is the role of measures, procedures, and processes in ensuring digital safety when accessing the cyberworld. Whether you are accessing the Internet through your local hospital’s public Internet (wi-fi) on your personal cell phone or charting on a computer at the end of your shift, cybersecurity has all the steps and processes in place to prevent harm to you, your patients, and the workplace.  

Especially in the past decade, with the rise of various technologies, such as artificial intelligence (AI), remote patient monitoring (RPM), and electronic medical records (EHR), we truly live in a digital world. While there are several aspects of nursing that are not digitalized, such as inserting an IV or administering medication, documenting these actions, ensuring a correct prescription is on file for that medication, and even using an IV guide to insert the IV are all aspects of technology in modern nursing (1). 

While cybersecurity can be daunting, overwhelming, and frankly time-consuming in accessing devices and supplies in the workplace, cybersecurity protocols exist to maintain your safety, patient safety, and the organization’s safety. In the United States alone, hospitals accounted for nearly 25% of all cyber attacks in 2019, with attacks expecting to increase with more use of technology.  

Cyber-attacks can expose personal information of employees, expose patient records, cause issues with accessing devices, and so much more. Due to the increasing role of technology in health care, here are some general cyber awareness and security concepts and tips to keep in mind. As always, it is important to follow your organization’s protocol regarding digital safety and security, as every organization will have varying practices and guidelines.   

 

 

Phishing 

Phishing has existed for decades and is a fraudulent practice of sending emails, text messages, or other digital communication messages suggestively appearing from reputable companies and asking for personal information, such as your banking information or home address. While people might think that they are immune to phishing attacks, think again. Phishing attacks have become so sophisticated in appearing like communications from reputable organizations. In fact, phishing attacks affect millions of patients yearly and affect health care workers as well (2).  

For instance, you just started your first shift at a new hospital. On your first day off, you receive an email from the human resources (HR) department to your personal email. In the email, the hospital’s HR department is asking for you to confirm your banking information for the upcoming payroll. Naturally, you would want to open this email and make sure you can get paid on time. But, before even opening this email, ask yourself, why would HR email you on your personal email instead of your work email? Why would HR ask for your banking information via email? Why is HR not updating your banking information via a secured employee portal? 

While it may seem like a harmless email, typing in your bank information on unsecured platforms and sending personal information via unrecognized routes can have serious financial, emotional, and psychological damage in the long run. Even if you are a tech-savvy nurse, being aware of phishing attacks is essential as technology continues to advance. When in doubt, refer to your organization’s information technology (IT) support team and supervisor for clarity.  

Quiz Questions

Self Quiz

Ask yourself...

  1. What are some things you can do to identify phishing communication? 
  2. Who are some people you can reach out to in your organization if you feel like communication is phishing?  

Password Security 

Passwords are a hot topic in healthcare. From the frequent amount of password changes required via multiple platforms and the length of passwords, I am sure you have heard your fair share of password concerns. It is also often exhausting and time-consuming to remember several passwords for your work email, electronic health records, and personal account use.  

However, passwords exist for a reason. Strong passwords can prevent cyberattacks for both patients and nurses. The more complex a password, with an extra number or special character, the more challenging it is to access an account (2, 3). Passwords are a major steppingstone in digital safety and cyber security. In addition, some general password tips include: 

  • Do not reuse a password 
  • Do not use the same password for work and personal accounts 
  • Do not share your password 
  • Do not take pictures of your passwords 
  • Do not post pictures of your passwords on the Internet, including organizational websites or social media 
  • Do not include identifying information in your passwords, such as your date of birth, zip code, or phone number 
  • Reach out to your IT department if you have concerns with your password 
  • If you sync your personal phone for 2-factor authentication, make sure your phone has a separate passcode 

 

 

 

Quiz Questions

Self Quiz

Ask yourself...

  1. Why are passwords needed to access devices? 
  2. Why is it not good practice to put identifying information in your passwords? 

Patient Health Information (PHI) Protection 

Patient health information (PHI) is any information related to a patient, such as their contact information, demographic information, health history, imaging studies, lab results, and more. PHI is everywhere in healthcare. From multiple screens in operating rooms to patients accessing their own patient portals on their phones, PHI is a serious cybersecurity concern. In addition, the rise of telehealth services and remote patient monitoring has allowed for PHI to be more subjected to cyber-attacks. It is important to note that the majority of PHI breaches are often a result of theft, loss/improper disposal of medical records, and cyber-attacks (2).  

Here are some general tips on PHI protection for nurses: 

  • Do not ever share PHI outside of the workplace 
  • Do not ever share PHI on social media 
  • Do not ever email PHI, including within your own organizational email 
  • Do not share PHI with anyone other than health care staff directly involved in patient care and people specifically listed on the patient’s records who have access to the records 
  • If a patient is asking for their medical records, tell them to follow your organization’s policy for requesting medical records or refer them to the appropriate staff 
  • If a patient needs to update their contact information or demographic information, make sure they are logged into their own account, or you can contact the appropriate staff to assist with changing their PHI 
  • If you receive a request for PHI, such as labs or imaging, to be sent somewhere, confirm that this is a legitimate source asking for the information, such as another staff member involved in direct care. When in doubt, refer to your organizational policies, supervisor, or IT department 
  • If you are caring for multiple patients, make sure you verify being in the correct patient’s EHR when documenting and charting  
  • Keep your devices updated 
  • Do not open EHR in public spaces, such as coffee shops or airports 
  • Do not open EHR on unsecure or public devices, such as computers in a hospital library 
Quiz Questions

Self Quiz

Ask yourself...

  1. What are some safety concerns in accessing PHI in public spaces? 
  2. What are some safety concerns regarding PHI on social media? 

Acceptable Use of Work Technology 

Almost every nurse in a major health care system uses a laptop or computer at work. Technology is everywhere, and sometimes, you might be tempted to use your work device for personal Internet use. You also most likely will have a personal cell phone that you bring to work, and depending on your workplace, you might be assigned a cell phone for your shift as well (2). When you are working with several devices, here are some things to consider for acceptable work technology uses. First, consider the reality of someone taking your device. Whether it’s your personal phone, your work on wheels device, or your work laptop, theft accounts for over 40% of PHI breaches (2). Consider locking your devices after each use, making sure you know where your devices are at all times, having a password on every device, and setting a “Find Your Device” feature if possible.  

Quiz Questions

Self Quiz

Ask yourself...

  1. What are some safety features you can install on your personal devices? 
  2. What are some safety concerns you might have with a work-related laptop as a travel nurse?  

Internet Safety 

The Internet has existed for many years, and the Internet is widely used in almost every major health care organization. Most places, from coffee shops to hospitals, have publicly available Internet, also known as free-wifi or guest/public Internet. While free-wifi sounds great in theory to connect your devices while at work or on the go, public wi-fi has major security concerns.  

For instance, public Internet networks are often completely unsecure with no verification required and very little encryption in place. Using the Internet for personal use on public Internet is risky for your personal safety, and accessing public Internet for nurse-related work is often a serious cybersecurity concern. If you must use public Internet, using a Virtual Private Network (VPN) connection while accessing these public networks is strongly recommended. Many VPNs can be downloaded on your personal devices, and many work-issued devices have VPNs as part of company protocol. If you are unsure of what VPN to use, you can always contact your IT department (2, 3).  

A VPN provides a safer way to browse the Internet, as VPNs enable encrypted connections. With these encrypted connections, cyber-attacks are far less likely to occur, as it takes more time and resources to access your data. Without a VPN or other security protocols in place, using the Internet can leave you completely open and vulnerable to Internet malware, spam, viruses, and information exposure.  

Quiz Questions

Self Quiz

Ask yourself...

  1. Have you ever used a VPN? What are your thoughts on VPN use?  
  2. How often do you connect to public Internet?  

Nursing Considerations 

What is the nurse’s role in cyber security and cyber awareness? 

Nurses remain the most trusted profession for a reason, and nurses are often pillars of patient care in several health care settings. Patients turn to nurses for guidance, education, and support. While there is no specific guideline for the nurse’s role in cyber security and awareness, here are some suggestions to provide quality care for patients and to ensure your digital safety (4).  

  1. Know where your devices are at all times. Often times, with patient care, especially in hectic care settings, you can lose sight of your work computer, personal phone, work phone, and more. With hundreds of people in and out of hospitals and other health care places every hour, consider adding a Find Your Device option to every device you bring to work. If you bring your personal laptop or personal phone to work, consider locking them in a locker when not in use. If you lose any of your devices, contact your organization’s IT department and law enforcement immediately. If you travel with your devices, make sure they are within close proximity to you, such as in carry-on luggage or in the car with you.  
  2. Be aware of your surroundings. Things can move very fast in health care, and technology is no exception. If you notice that someone is asking for PHI from a patient and they are not affiliated with their care team or if you receive emails from an unknown email asking for your contact information, consider reaching out to your supervisor or IT department. 
  3. Make sure your password is updated per your organization’s protocol. Some organizations require password updates every 3-6 months, while others have opted into other login verification systems.  
  4. Enable 2-factor authentication on your personal devices, especially for finances and personal matters. 
  5. Stay up to date with the latest training on cybersecurity and awareness from your organization and continuing nursing education if applicable.  
  6. Review your EHR with every patient. Charts can look similar, so make sure you are charting and documenting the correct patient when you are caring for them.  
  7. Communicate any concerns about digital safety you have with your IT department or supervisor. Especially when you work with many health care staff from pharmacies to doctors and other staff, if you have any doubt about their relation to your work, address it with someone immediately.  

How can nurses identify if they are experiencing a cybercrime?  

Unfortunately, it is not possible to look at your device and know instantly if you have a cyber security issue. If you feel like your devices are not working as fast as they used to, you are receiving more suspicious communications, or something feels off to you, you can reach out to your supervisor or IT department to see if you have experienced a cyber-related incident. 

What should patients know about cyber security and awareness?   

Patients should know that anyone has the possibility of experiencing cybercrime. Here are important tips for patient education regarding cyber security in the inpatient or outpatient setting.  

  • Tell the health care provider of any issues accessing PHI 
  • Never access PHI from an unsecure device, such as a computer in a public library 
  • Never share passwords with anyone 
  • Keep your devices, including apps, updated 
  • Report any suspicious communications to the health organization’s IT department 
  • Never post personal information online, including your contact information 
  • Never send payment information via email  

 

 

 

Quiz Questions

Self Quiz

Ask yourself...

  1. What are some problems that can occur if you experience cybercrime?  
  2. What are some ways you can provide basic education on cybersecurity to patients? 

Case Study 

Susan is a 32-year-old nurse who started working as a travel nurse within the past few weeks. She used to work in the emergency room at her local hospital for eight years. Now, she wants to travel, as she never got to do much of it with her work schedule. Susan’s travel agency scheduled her to work a new shift next week for four weeks in another state.  

Susan completed her background screen, urine drug test, and 1099 tax forms yesterday. The travel nurses agency’s IT department just set up her company email a few hours ago with no issues. She added the company email to her personal cell phone’s email application to avoid missing any important emails. Susan also added her work email to her personal laptop’s email application as well.  

Susan is so excited to start working soon and is happy with her new role. While she’s getting dinner ready, she gets a notification on her phone. She receives a message to her personal email with the subject “NEW HIRE PAYMENT INFORMATION NEEDED.” 

  • What are some concerns with this email before even opening it? 
  • What are some ways for you to stay in contact with your local IT department when you’re travelling?  
  • What are some ways to ensure safety on your personal cell phone? 

Susan is confused, as she just talked to HR earlier that day, and they said there were no issues with her forms. Susan opens this email on her personal cell phone’s email application, and she sees that the email is only a few lines of text with a link that appears broken. Before Susan clicks the link, she looks over her documents on her personal laptop to make sure she didn’t miss anything from earlier. She’s not sure how to proceed. Susan remembers from her cybersecurity training a few days ago about contacting the IT team and decides to call IT from her personal cell phone.  

  • What information should Susan tell the IT team? 
  • What are some security concerns about Susan using her personal laptop to access work-related documents and training?  

Susan was able to reach IT within a few minutes on the phone and told IT about the email. The IT team asks her to forward that email to the IT phishing inbox and to monitor for any additional phishing emails. The IT team also informed her about staying aware of any other suspicious communications, recommends updating her phone regularly, and using a VPN while travelling. The IT team recommended that she follow up with HR directly via her company email to determine if she needs any additional paperwork completed prior to her first assignment.  

  • What questions should Susan ask about this incident?  
  • How can Susan be aware and ready for any other possible cyber incidents in the future?  
  • What could have happened if Susan clicked on a link from an unsafe source?  

Conclusion

The Internet and technology are here to stay. With the rise in nurses using technology in their professional and personal lives, it is important to be aware of cybersecurity and risks involved with using the Internet. 

References + Disclaimer

  1. Alanazi A. T. (2023). Clinicians’ Perspectives on Healthcare Cybersecurity and Cyber Threats. Cureus, 15(10), e47026. https://doi.org/10.7759/cureus.47026
  2. Cartwright A. J. (2023). The elephant in the room: cybersecurity in healthcare. Journal of clinical monitoring and computing, 37(5), 1123–1132. https://doi.org/10.1007/s10877-023-01013-5
  3. Vukotich G. (2023). Healthcare and Cybersecurity: Taking a Zero Trust Approach. Health services insights, 16, 11786329231187826. https://doi.org/10.1177/11786329231187826
  4. Lieneck, C., McLauchlan, M., & Phillips, S. (2023). Healthcare Cybersecurity Ethical Concerns during the COVID-19 Global Pandemic: A Rapid Review. Healthcare (Basel, Switzerland), 11(22), 2983. https://doi.org/10.3390/healthcare11222983

 

Disclaimer:

Use of Course Content. The courses provided by NCC are based on industry knowledge and input from professional nurses, experts, practitioners, and other individuals and institutions. The information presented in this course is intended solely for the use of healthcare professionals taking this course, for credit, from NCC. The information is designed to assist healthcare professionals, including nurses, in addressing issues associated with healthcare. The information provided in this course is general in nature and is not designed to address any specific situation. This publication in no way absolves facilities of their responsibility for the appropriate orientation of healthcare professionals. Hospitals or other organizations using this publication as a part of their own orientation processes should review the contents of this publication to ensure accuracy and compliance before using this publication. Knowledge, procedures or insight gained from the Student in the course of taking classes provided by NCC may be used at the Student’s discretion during their course of work or otherwise in a professional capacity. The Student understands and agrees that NCC shall not be held liable for any acts, errors, advice or omissions provided by the Student based on knowledge or advice acquired by NCC. The Student is solely responsible for his/her own actions, even if information and/or education was acquired from a NCC course pertaining to that action or actions. By clicking “complete” you are agreeing to these terms of use.

 

Complete Survey

Give us your thoughts and feedback

Click Complete

To receive your certificate

Want to earn credit for this course? Sign up (new users) or Log in (existing users) to complete this course for credit and receive your certificate instantly.