« Information Technology
  

Staff Training is Key to Robust Healthcare Cybersecurity

Training should make healthcare staff more aware of what signs of a cyberattack look like so they can alert cybersecurity experts.

By Jeff Wardon, Jr., Assistant Editor


Healthcare faces a near daily deluge of cyber threats, making cybersecurity a high priority. Managers must train staff so they can easily detect when threats are received.  

Healthcare Facilities Today recently spoke with Phil Englert, vice president medical device security at Health-ISAC, about what healthcare organizations can do to keep their staff up to date with their cybersecurity training. 

HFT: With cyber threats constantly evolving, how should hospitals keep their training programs current and relevant?  

Phil Englert: Replace annual training with ongoing microlearning with adaptive content that is current and role specific. Use persona-based training methods to modify content to specific clinical roles and workflows. Health-ISAC has provided persona-based training content for members to adopt and adapt for their organizations.   

Related Content: Cyber Crossfire: Why Healthcare Is Becoming a Battleground in Global Conflicts

HFT: How can hospitals, industry groups like Health-ISAC and vendors work together to improve staff awareness and sector resiliency? 

Englert: The real-world experience of peers curated and disseminated by Health-ISAC through alerts, reports and member interaction is a tremendous source of real-world and real-time examples of suspicious activities and impacts on clinical care and patient privacy. Drawing on this rich pool enables sector participants to keep training fresh and meaningful from the board to the care delivery floor. 

HFT: If you could reimagine cybersecurity training for healthcare from the ground up, what key elements would you include? 

Englert: Tailor by role and risk with customized training for clinical staff, IT teams, healthcare technology management staff and executives. Focus on contextual relevance and workflows. What does a surgical team do if access to PACS drops in the middle of a case? How might a phishing email be phrased differently for an ICU nurse than a maternity nurse? Who do you call if something seems phish-y, and what will they do with it? The key is not to train clinical staff to be cyber experts. The key is utilizing healthcare workers as an early warning system and turning the protection, restoration and recovery work over to the cyber experts. 

Jeff Wardon, Jr., is the assistant editor of the facilities market. 



October 1, 2025


Topic Area: Information Technology , Security

Recent Posts

EV Charging Stations: Planning for Safety, Convenience, Expansion

Managers need to ensure patient access, coordinate with clinical operations and ensure every phase of construction supports the facility's mission.

Why Ambulatory Surgery Centers Are Turning to Dedicated HVAC Systems

Design experts from Neenan Archistruction explain how single-unit HVAC systems for each operating room enhance infection control, comfort, and resiliency.

Ground Broken on UW Health University Row Medical Center

Construction is expected to be completed by the end of 2027.

Better, More Thorough Cleaning Saves Lives

Cleanliness is the first line of defense to protect patients from killer pathogens, but many hospitals refuse to make it a priority.

Encompass Health Opens the Rehabilitation Hospital of Amarillo

The 50-bed inpatient rehabilitation hospital is now accepting patients.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.