Design and Implementation of Tabletop Cybersecurity Simulation for Health Informatics Graduate Students

Appl Clin Inform. 2024 Oct;15(5):921-927. doi: 10.1055/s-0044-1790551. Epub 2024 Nov 6.

Abstract

Background: Experiential learning through simulation allows students to apply didactic knowledge to real-world situations. Tabletop simulation allows for the exploration of a variety of topics, including cybersecurity in health care. Due to its low frequency, yet high-risk nature, simulation is a perfect educational modality to practice responding to a cybersecurity attack. As such, the authors designed and executed a tabletop cybersecurity simulation consisting of a prebriefing, four rounds of injects detailing potential cybersecurity breaches that students must address, and structured debriefings that included input from cybersecurity content experts. This simulation was performed in 2018, 2019, 2022, and 2023, during graduate Health Informatics (HI) students' residential visits.

Objective: The simulation allowed opportunities for HI students to apply knowledge of cybersecurity principles to an unfolding tabletop simulation containing injects of scenarios they may encounter in the real world.

Methods: Survey data were used to assess the students' perceptions of the simulation. Topics assessed included overall satisfaction, teamwork and communication, and length of the event. Additionally, in 2022 and 2023, data were collected on psychological safety and whether to include them in future HI residential visits.

Results: Eighty-eight graduate HI students took part in the cybersecurity simulation over four annual residential visits. Most students were satisfied with the event, found it valuable, and could see it impacting their future practice as informaticists. Additionally, students indicated high levels of psychological safety. Multiple students requested that additional simulations be incorporated into the curriculum.

Conclusion: A tabletop cybersecurity simulation was utilized to allow HI students the ability to apply knowledge related to cybersecurity breaches to real-world examples. The simulation's best practices of prebriefing, psychological safety, and structured debriefing with expert feedback were emphasized in the simulation's design and implementation. Students found the simulation valuable and worth including in the curriculum.

MeSH terms

  • Computer Security*
  • Education, Graduate / methods
  • Humans
  • Medical Informatics* / education
  • Students