Security Essentials for Health IT

Build critical cybersecurity knowledge and skills needed by health IT teams to protect patient data and reduce organizational risk.

Course Overview

The role of an IT professional is changing–particularly in the healthcare industry where digital transformations and increased connectivity of critical medical equipment has made it the target of cyber attacks. Health IT professionals are increasingly taking on cybersecurity tasks to combat these growing threats, yet often encounter knowledge gaps that inhibit cybersecurity capabilities.

CyberVista’s Security Essentials for Health IT is a five (5) hour, 100% online course designed to teach IT professionals foundational cybersecurity concepts and lexicon, with a specific emphasis on their impact in protecting patient data and reducing risk within healthcare organizations. This course includes:

  • 4 hours on-demand training videos
  • Practical, hands-on activities
  • 15 question diagnostic exam
  • 15 question final exam
  • 15 knowledge check questions
  • Health IT expert interviews
  • Performance Tracker
  • Summary Video
  • Deep-dive into notable breaches and cyber incidents


It is recommended to have some experience in IT or computer networking. However, there are no formal prerequisites.


For individuals who complete the Security Essentials for Health IT course, CompTIA’s Security+ is the perfect introductory cybersecurity certification to demonstrate a firm grasp on foundational cybersecurity concepts and skills.

Course Outline

Unit 1: Risk, Privacy, and Data Protection – This unit provides an introduction to cybersecurity, including important industry words and phrases to establish a common lexicon.

  • Defining Cybersecurity
  • CIA Framework
  • CIA Framework Applied to Healthcare
  • Defining Risk
  • Privileged Access
  • Defining Sensitive Data
  • Laws, Regulations, and Compliance Initiatives in Cybersecurity
  • HIPAA and Cybersecurity

Unit 2: IoT, Cloud, and Critical Networking Protocols – This unit examines insecure aspects of network and device communication, It also highlights the fact that many services and devices are insecure by default and not designed with security in mind.

  • The Network
  • IoT Devices
  • Healthcare IoMT
  • Cloud Computing
  • Cloud Computing in Healthcare
  • Passwords

Unit 3: External and Internal Threats – This unit examines internal and external methods attackers use to exploit vulnerabilities, including technical, network-based attacks (MITM, DoS) and non-technical attacks (social engineering).

  • Threat Actors
  • Third Parties
  • Third Parties in Healthcare
  • Social Engineering
  • Social Engineering in Healthcare
  • Man-in-the-Middle
  • Man-in-the-Middle (MITM) Attacks on Healthcare Networks
  • DoS Attacks
  • Boston Children’s Hospital DDoS
  • Malware
  • WannaCry Ransomware

Unit 4: Defenses and Countermeasures – This unit covers common defenses against threat actors, such as VPNs and network segmentation, as well as less technical efforts that can be used across teams and business leaders.

  • Network Segmentation
  • Network Segmentation in Healthcare
  • VPNs
  • Securing Telehealth
  • Incident Response
  • Patch Management
  • Patch Management in Healthcare

Unit 5: Communication, Collaboration, and Third-Party Management – This unit covers cloud development environments, secure deployment configurations, and monitoring services configuration.

  • Communicating About Cybersecurity
  • Communicating with Physicians
  • Writing Cybersecurity Reports
  • Connection Between IT and Cybersecurity Teams
  • Communicating with Third Parties