Cybersecurity in Healthcare (Elderly care)
start
Disclaimer
The videos in the ESCAPE project were developed using a combination of digital and automated creative tools (AI). As a result, some visual elements may vary between videos.
In particular, the appearance of characters, including their uniforms, physical features, and overall presentation, may not accurately reflect the typical appearance of care or health workers in your home country or local context.
These variations are a technical result of the AI tools used in the production process and do not affect the educational content or objectives of the ESCAPE project.
Scenario 1:
Morning at the geriatric care center and clinic
watch video
Completed
Congratulations, you have successfully completed
Verify the sender's email address carefully before opening attachments or clicking links. Explanation: Phishing emails often use slight variations in email addresses to trick recipients. You need to verify the sender's email address carefully before opening attachments or clicking links.
❌ Click the link in the email to confirm the patient details quickly so she doesn’t delay the workflow: Clicking on suspicious links is dangerous as it could lead to a phishing attack, where attackers could steal sensitive data or install malware. While urgency is important in healthcare, acting without verifying the sender or content can lead to security breaches.
Talk to her colleague:good idea to exchange opinions, but they have to take further steps. Continuous communication is key to identifying possible threats and to find solutions.
❌ Click the link and change her password immediately, just in case the email was legitimate: Clicking on the link before verifying its authenticity is a risky action. Changing a password in response to a suspicious email may lead to more harm, especially if the link was malicious.
Contact the clinic’s IT department to verify the authenticity of the email before clicking any link.: This is the most secure approach. If the email is indeed a phishing attempt, contacting the IT department before engaging with it ensures that any potential security threats can be investigated by experts.
Correct Action
Correct Action
Correct Action
Incorrect Action
Incorrect Action
Next
Scenario 2:
The Shift Handover
watch video
Test 2
Completed
Congratulations, you have successfully completed
Report system malfunction and ask for instruction on documenting patient information: his is a crucial first step. Reporting the system issue allows for it to be fixed promptly. Seeking guidance ensures Katrin follows established, secure protocols for managing patient information when the primary system is unavailable, rather than improvising, which could lead to errors or security breaches.
Both professionals should jointly review handwritten notes:Handwritten notes can be prone to illegibility, ambiguity, or omissions. A joint review and verbal handover allow Katrin to clarify information directly with Lisa, reducing the risk of misinterpretation, ensuring completeness, and confirming understanding of critical patient needs. This is a key part of a safe and secure handover.
Ensure Katrin’s tablet software and applications were updated regularly to the latest version: Keeping software up-to-date is crucial as updates often include patches for security vulnerabilities that cyber attackers exploit.
❌ Disable automatic updates to ensure control over which updates are installed: Automatic updates help ensure that systems stay secure even if users forget to update them manually.
CorrectAction
❌ Ignore update notifications during work hours to avoid interruptions and update the device later when convenient: Delaying updates leaves devices vulnerable to attacks that exploit known security flaws.
Incorrect Action
Correct Action
Incorrect Action
Correct Action
Next
Scenario 3:
Administrating medication
watch video
Completed
Congratulations, you have successfully completed
❌Si un medicamento parece urgente, Katrin debería usar su juicio profesional:"Professional judgment" cannot replace the need for complete and accurate prescribing information and known allergy status, especially when administering medications. Proceeding with partially visible or unverified information, even in perceived urgency, carries a high risk of error and patient harm (e.g., wrong dose, wrong drug, allergic reaction). The risk of harm from a medication error often outweighs the risk of a slight delay while verifying information through proper channels.
Katrin should stop immediately and not administer any medication: This is the absolute priority. Patient safety dictates that if there is any doubt about the accuracy or completeness of medication orders or critical patient information (such as allergies), administration must be stopped. Continuing (or proceeding) under uncertainty introduces an unacceptable risk of serious harm to the patient.
Katrin must promptly report the "System Update Required" warning she initially ignored, Reporting the system issues (both the initial warning and the current malfunctions) is crucial for several reasons: it alerts management to a potential risk affecting patient care: it allows the IT department to investigate and resolve the technical problems, preventing further issues for Katrin or other staff; and it addresses the root cause of the data uncertainty. Ignoring system warnings can contribute to such problems.
❌Katrin should proceed to administer medications that seem clear in the system: If the system is known to be malfunctioning and displaying incomplete or strange data (e.g., missing allergies), even information that "seems clear" cannot be fully trusted. Making a "mental note" is unreliable and does not mitigate the immediate risk. "Later" may be too late if a medication error occurs. Patient safety requires certainty before administration.
Katrin should attempt to verify the medication orders and allergy information through a reliable alternative source. :Once medication administration is paused due to uncertainty, the next step is to actively seek accurate information. Contacting the prescriber or pharmacist, or referring to reliable, verified backup documentation (if available and current), are appropriate actions to confirm the correct medication, dosage, route, and to ensure all allergies are known. This minimizes risk by ensuring decisions are based on verified data.
Correct Action
Incorrect Action
Incorrect Action
Correct Action
Correct Action
Next
Scenario 4:
Ending her shift
watch video
❌Katrin should send a brief email to the general clinic staff email account summarising that "IT systems were problematic today": This method is impersonal, lacks necessary detail for critical patient-specific information, and does not guarantee that the specific incoming colleague will see or fully comprehend the risks in a timely manner. A direct, interactive handover is essential for such critical safety information.
❌ Katrin should only highlight the patients for whom medication was definitely missed during her shift, While the incoming colleague should be diligent, this approach is insufficient and risky. It fails to communicate the reasons for missed medications (system unreliability, specific data gaps like missing allergies), the history of system warnings, and the full extent of potential data integrity issues across other patients. It also wrongly assumes the colleague will discover all problems without specific guidance.
Katrin needs to ensure the incoming colleague fully understands the nature and potential extent of the system instability, the steps already taken and the critical importance of independently verifying medication orders and patient details until the system's reliability is officially confirmed. Confirming comprehension of the risks and the necessity for ongoing vigilance (like independent verification of orders) is vital. This empowers the next colleague to continue operating safely under uncertain system conditions.
Katrin should clearly and specifically inform the incoming colleague about the "System Update Required" warning she saw: This ensures full transparency about the system's state and specific data integrity concerns, enabling the incoming colleague to be immediately aware of potential risks.
Katrin should provide the incoming colleague with any IT service ticket numbers or specific contact details related to the reported system issues. Sharing IT follow-up information, like service ticket numbers, allows the incoming colleague to efficiently track the issue with IT or provide updates, ensuring a more seamless resolution process and demonstrating proactive problem management. .
Click here to see all actions.
Incorrect Action
Correct Action
Incorrect Action
Correct Action
Next
Completed
Congratulations, you have successfully completed
Cybersecurity in Healthcare (Elderly care)
Bhupender Singh
Created on August 18, 2025
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Math Mission
View
Secret Code
View
Museum Escape Room
View
Simple corporate escape room
View
Chaotic Kitchen Escape Room
View
Vibrant Breakout
View
Reboot Protocol
Explore all templates
Transcript
Cybersecurity in Healthcare (Elderly care)
start
Disclaimer
The videos in the ESCAPE project were developed using a combination of digital and automated creative tools (AI). As a result, some visual elements may vary between videos. In particular, the appearance of characters, including their uniforms, physical features, and overall presentation, may not accurately reflect the typical appearance of care or health workers in your home country or local context. These variations are a technical result of the AI tools used in the production process and do not affect the educational content or objectives of the ESCAPE project.
Scenario 1:
Morning at the geriatric care center and clinic
watch video
Completed
Congratulations, you have successfully completed
Verify the sender's email address carefully before opening attachments or clicking links. Explanation: Phishing emails often use slight variations in email addresses to trick recipients. You need to verify the sender's email address carefully before opening attachments or clicking links.
❌ Click the link in the email to confirm the patient details quickly so she doesn’t delay the workflow: Clicking on suspicious links is dangerous as it could lead to a phishing attack, where attackers could steal sensitive data or install malware. While urgency is important in healthcare, acting without verifying the sender or content can lead to security breaches.
Talk to her colleague:good idea to exchange opinions, but they have to take further steps. Continuous communication is key to identifying possible threats and to find solutions.
❌ Click the link and change her password immediately, just in case the email was legitimate: Clicking on the link before verifying its authenticity is a risky action. Changing a password in response to a suspicious email may lead to more harm, especially if the link was malicious.
Contact the clinic’s IT department to verify the authenticity of the email before clicking any link.: This is the most secure approach. If the email is indeed a phishing attempt, contacting the IT department before engaging with it ensures that any potential security threats can be investigated by experts.
Correct Action
Correct Action
Correct Action
Incorrect Action
Incorrect Action
Next
Scenario 2:
The Shift Handover
watch video
Test 2
Completed
Congratulations, you have successfully completed
Report system malfunction and ask for instruction on documenting patient information: his is a crucial first step. Reporting the system issue allows for it to be fixed promptly. Seeking guidance ensures Katrin follows established, secure protocols for managing patient information when the primary system is unavailable, rather than improvising, which could lead to errors or security breaches.
Both professionals should jointly review handwritten notes:Handwritten notes can be prone to illegibility, ambiguity, or omissions. A joint review and verbal handover allow Katrin to clarify information directly with Lisa, reducing the risk of misinterpretation, ensuring completeness, and confirming understanding of critical patient needs. This is a key part of a safe and secure handover.
Ensure Katrin’s tablet software and applications were updated regularly to the latest version: Keeping software up-to-date is crucial as updates often include patches for security vulnerabilities that cyber attackers exploit.
❌ Disable automatic updates to ensure control over which updates are installed: Automatic updates help ensure that systems stay secure even if users forget to update them manually.
CorrectAction
❌ Ignore update notifications during work hours to avoid interruptions and update the device later when convenient: Delaying updates leaves devices vulnerable to attacks that exploit known security flaws.
Incorrect Action
Correct Action
Incorrect Action
Correct Action
Next
Scenario 3:
Administrating medication
watch video
Completed
Congratulations, you have successfully completed
❌Si un medicamento parece urgente, Katrin debería usar su juicio profesional:"Professional judgment" cannot replace the need for complete and accurate prescribing information and known allergy status, especially when administering medications. Proceeding with partially visible or unverified information, even in perceived urgency, carries a high risk of error and patient harm (e.g., wrong dose, wrong drug, allergic reaction). The risk of harm from a medication error often outweighs the risk of a slight delay while verifying information through proper channels.
Katrin should stop immediately and not administer any medication: This is the absolute priority. Patient safety dictates that if there is any doubt about the accuracy or completeness of medication orders or critical patient information (such as allergies), administration must be stopped. Continuing (or proceeding) under uncertainty introduces an unacceptable risk of serious harm to the patient.
Katrin must promptly report the "System Update Required" warning she initially ignored, Reporting the system issues (both the initial warning and the current malfunctions) is crucial for several reasons: it alerts management to a potential risk affecting patient care: it allows the IT department to investigate and resolve the technical problems, preventing further issues for Katrin or other staff; and it addresses the root cause of the data uncertainty. Ignoring system warnings can contribute to such problems.
❌Katrin should proceed to administer medications that seem clear in the system: If the system is known to be malfunctioning and displaying incomplete or strange data (e.g., missing allergies), even information that "seems clear" cannot be fully trusted. Making a "mental note" is unreliable and does not mitigate the immediate risk. "Later" may be too late if a medication error occurs. Patient safety requires certainty before administration.
Katrin should attempt to verify the medication orders and allergy information through a reliable alternative source. :Once medication administration is paused due to uncertainty, the next step is to actively seek accurate information. Contacting the prescriber or pharmacist, or referring to reliable, verified backup documentation (if available and current), are appropriate actions to confirm the correct medication, dosage, route, and to ensure all allergies are known. This minimizes risk by ensuring decisions are based on verified data.
Correct Action
Incorrect Action
Incorrect Action
Correct Action
Correct Action
Next
Scenario 4:
Ending her shift
watch video
❌Katrin should send a brief email to the general clinic staff email account summarising that "IT systems were problematic today": This method is impersonal, lacks necessary detail for critical patient-specific information, and does not guarantee that the specific incoming colleague will see or fully comprehend the risks in a timely manner. A direct, interactive handover is essential for such critical safety information.
❌ Katrin should only highlight the patients for whom medication was definitely missed during her shift, While the incoming colleague should be diligent, this approach is insufficient and risky. It fails to communicate the reasons for missed medications (system unreliability, specific data gaps like missing allergies), the history of system warnings, and the full extent of potential data integrity issues across other patients. It also wrongly assumes the colleague will discover all problems without specific guidance.
Katrin needs to ensure the incoming colleague fully understands the nature and potential extent of the system instability, the steps already taken and the critical importance of independently verifying medication orders and patient details until the system's reliability is officially confirmed. Confirming comprehension of the risks and the necessity for ongoing vigilance (like independent verification of orders) is vital. This empowers the next colleague to continue operating safely under uncertain system conditions.
Katrin should clearly and specifically inform the incoming colleague about the "System Update Required" warning she saw: This ensures full transparency about the system's state and specific data integrity concerns, enabling the incoming colleague to be immediately aware of potential risks.
Katrin should provide the incoming colleague with any IT service ticket numbers or specific contact details related to the reported system issues. Sharing IT follow-up information, like service ticket numbers, allows the incoming colleague to efficiently track the issue with IT or provide updates, ensuring a more seamless resolution process and demonstrating proactive problem management. .
Click here to see all actions.
Incorrect Action
Correct Action
Incorrect Action
Correct Action
Next
Completed
Congratulations, you have successfully completed