All Training Courses

GT-100-MD

Shock & Awe: Cybersecurity Awareness for Medical Professionals – Level 1

Description

Become a human firewall in this interactive and fun cybersecurity awareness training course for all medical professionals! This comprehensive course dives into common attacks on the medical industry, patients, and staff. Investigate how hackers exploit social engineering, social media, and other techniques to infiltrate protected systems around the world.

Experience live demos and workshops revealing how attackers exploit vulnerabilities and showcasing a Hacker’s Toolkit: including hospital-focused malware, finding open medical devices, ransomware, evil devices that spy on you, phishing, Wi-Fi hacking, Evil Twins, and how phones get hacked. Participants will learn to recognize threats, understand the most common methods attackers use to target the medical industry. Several hospital case studies will be discussed to foster teamwork and a cyber-safe work environment strategy.

Objectives

By the end of this course, participants will be able to:

  • Champion a proactive team culture of cybersecurity across medical teams and healthcare organizations.
  • Identify common hacker tools and malicious implants used in real-world attacks
  • Understand the importance of proper identification including authentication, multi-factor and biometrics
  • Learn how to identify and mitigate social engineering and cyberattack tactics targeting healthcare.
  • Apply best practices in information security, medical regulatory compliance, and incident response.

Key Takeaways

  • How to build a human firewall and key traits
  • Deepened awareness of the evolving threat landscape in medical organizations
  • Practical knowledge to secure sensitive systems and patient data
  • Confidence in identifying, avoiding, and reporting cyber and physical security threats
  • Reinforced commitment to regulatory compliance and organizational trust
  • Building a proactive cybersecurity-aware culture is essential for success

Certificate of Completion

  • Certificate of Completion issued after successful completion of all chapters, hands-on exercises, and course evaluation.
  • Certificate is downloadable from the Ghost Team Academy Education Portal.

Training Outline

Module 1: Welcome

  • Topics:
    • Introductions and Expectations
    • Pre-Course Exam, 30 Minutes on your laptop or phone
    • Course Overview

Module 2: Introduction to Security in the Medical Field

  • Topics:
    • The Current Cybersecurity Threat Landscape
    • Is the Medical Field a High-Value Target?
    • Most Common Cyberattacks on the Medical Industry
    • Regulatory Requirements
    • The Hacker’s Toolkit
  • Workshop:  Surprise Shock & Awe
  • Instructor Demo: Surprise

Module 3: Authentication: Are You Who You Say You Are?

  • Topics:
    • Authentication Basics
    • Something You Know, Have, Are
    • Multi-Factor Authentication (MFA)
    • Password Management
    • Hacking Them All!
  • Instructor Demo: Surprise Shock & Awe

Module 4: HIPAA/PHI Information & Encryption

  • Topics:
    • Protecting Patient Data
    • Secure Data Handling and Transmission
    • Data Classification and Access Control
    • Encryption Basics and Usage

Module 5: Cybersecurity Risks & Defense

  • Topics:
    • Safe Use of Email, Browsers, and Online Tools
    • Malware and Ransomware
    • Insider Threats
    • Supply Chain Risks
    • Patching
    • Identifying Suspicious Digital Activity

Module 6: Social Engineering & Insider Threats

  • Topics:
    • Recognizing Manipulation Tactics Used in Social Engineering
    • Social Media: You’re Bleeding Information
    • Real-Life Case Studies from the Medical Field
    • Insider Threat Detection and Prevention
    • Secure Communication with Patients and Vendors
  • Labs/Exercises: Surprise Workshop and Instructor Demo

Module 7: Physical & Remote Security Practices

  • Topics:
    • Securing Devices and Documents in the Office and at Home
    • Clean Desk Policies and Physical Access Controls
    • Security Considerations for Remote and Hybrid Workforces
    • Safe Use of Mobile Devices and Public Networks
    • Setting Up a Personal VPN
  • Labs/Exercises: Hardening Your Device

Module 8: Incident Response & Compliance

  • Topics:
    • What To Do in Case of a Breach or Suspected Attack
    • Internal Reporting Channels and Protocols
    • Working with IT, Legal, and Compliance Teams
    • Regulatory Breach Notification Requirements
  • Labs/Exercises: Follow a Cyber Breach from Beginning to End and Action Items

Module 9: Conclusion

  • Topics:
    • Course Summary
    • Key Takeaways
    • Post-Course Exam
    • Q&A

Quick Info
  • Type: Hands-On, Workshop, Lecture, Demo
  • Delivery: In Person, Virtual, Hybrid
  • Level: Foundation
  • Duration: 1 day (8 hours total)
  • CEU Hours: 8
Go to All Trainings