For individuals who complete the Security Essentials for Health IT course, CompTIA’s Security+ is the perfect introductory cybersecurity certification to demonstrate a firm grasp on foundational cybersecurity concepts and skills. Individuals looking for a deeper dive into cybersecurity concepts as they relate to protecting patient health information, with an emphasis on privacy and compliance specific to the healthcare industry, should pursue (ISC)²’s HCISPP (HealthCare Information Security and Privacy Professional) certification.
Unit 1: Risk, Privacy, and Data Protection – This unit provides an introduction to cybersecurity, including important industry words and phrases to establish a common lexicon.
- Defining Cybersecurity
- CIA Framework
- CIA Framework Applied to Healthcare
- Defining Risk
- Privileged Access
- Defining Sensitive Data
- Laws, Regulations, and Compliance Initiatives in Cybersecurity
- HIPAA and Cybersecurity
Unit 2: IoT, Cloud, and Critical Networking Protocols – This unit examines insecure aspects of network and device communication, It also highlights the fact that many services and devices are insecure by default and not designed with security in mind.
- The Network
- IoT Devices
- Healthcare IoMT
- Cloud Computing
- Cloud Computing in Healthcare
Unit 3: External and Internal Threats – This unit examines internal and external methods attackers use to exploit vulnerabilities, including technical, network-based attacks (MITM, DoS) and non-technical attacks (social engineering).
- Threat Actors
- Third Parties
- Third Parties in Healthcare
- Social Engineering
- Social Engineering in Healthcare
- Man-in-the-Middle (MITM) Attacks on Healthcare Networks
- DoS Attacks
- Boston Children’s Hospital DDoS
- WannaCry Ransomware
Unit 4: Defenses and Countermeasures – This unit covers common defenses against threat actors, such as VPNs and network segmentation, as well as less technical efforts that can be used across teams and business leaders.
- Network Segmentation
- Network Segmentation in Healthcare
- Securing Telehealth
- Incident Response
- Patch Management
- Patch Management in Healthcare
Unit 5: Communication, Collaboration, and Third-Party Management – This unit covers cloud development environments, secure deployment configurations, and monitoring services configuration.
- Communicating About Cybersecurity
- Communicating with Physicians
- Writing Cybersecurity Reports
- Connection Between IT and Cybersecurity Teams
- Communicating with Third Parties