Centre For Cybersecurity Institute Centre For Cybersecurity Institute
Menu
Corporate training · Healthcare

Cyber awareness training for healthcare

Patient records are among the most targeted data in Singapore, and the Health Information Act era makes staff readiness a licensing matter, not a nice-to-have. We train clinical and administrative teams in the habits that protect patients.

Why healthcare get targeted

These are the attack patterns we train against in this sector, drawn from live campaigns rather than textbook examples.

Patient-data phishing

Healthcare has produced Singapore’s most serious breaches. Attackers target reception, admin and clinical staff because one compromised inbox opens thousands of records.

Ransomware on clinical operations

Encrypted systems in a clinic or hospital group are not an IT inconvenience; they stop appointments, dispensing and care. Early recognition by staff is the cheapest control.

Impersonation of patients and payers

Fake patient requests, spoofed insurer emails and courier scams engineered to extract records or redirect payments from busy front desks.

Shared devices and messaging

Shift work, shared terminals and WhatsApp-based coordination create habits attackers exploit. Training has to meet the reality of how care teams actually communicate.

The rules your people operate under

Training is the control every one of these frameworks expects, and our engagement report is the evidence they ask for.

Health Information Act

The HIA phases in duties over health information, with cyber and data safeguards expected of licensees as contribution to NEHR expands.

PDPA

Patient data is as sensitive as personal data gets, and staff training is the protection arrangement regulators expect to see first.

MOH licensing

Healthcare Services Act licensees are expected to keep patient information safe as part of running a licensed service.

Cyber Essentials Mark (Singapore, CSA)

CSA and MOH point smaller providers to the national certification baseline, which expects staff to be equipped as the first line of defence.

Tailored curriculum

What we build for healthcare

Everything in the core Cyber Safety workshop, live hacking demonstrations included, plus sector-specific depth:

  • Phishing drills built from healthcare lures: fake patient requests, insurer spoofs and lab-result baits
  • Patient-data handling across clinical systems, email and messaging apps
  • Front-desk social engineering: phone, walk-in and courier scenarios
  • Ransomware early-warning signs and what to do in the first fifteen minutes
  • HIA and PDPA duties translated into shift-friendly, plain-language habits
Always included
  • Pre-workshop consultation
  • Post-training phishing simulation
  • Before-and-after awareness measurement
  • Board-ready engagement report
  • Certificates for all participants

Measured results

70%

reduction in phishing incidents across recurring yearly workshops

Over the years we have seen a 70% reduction in phishing incidents, thanks to the vigilance these yearly workshops build.
200+ employee organisationRecurring annual client, Singapore
+54.5%

lift in self-rated staff awareness in a single session, NPS +50 with zero detractors

SustinereSustainability consultancy, Singapore

Where to start

Clinic groups and specialist providers fit the Essentials programme, usually with the e-learning add-on so shift staff who miss the live session still complete training. Larger hospital groups scale into Professional with per-department sessions.

Pilot Workshop

Your first engagement, any team size

From S$2,800single session
  • Live 2-hour virtual (S$2,800) or half-day on-site workshop (S$5,400)
  • Curriculum tailored to your sector in a pre-workshop consultation
  • Live hacking demonstrations and hands-on exercises
  • Post-training phishing simulation with analytics
  • Board-ready engagement report and debrief

The pilot fee is credited in full against any annual programme signed within 90 days.

Scope this with us
Recommended for you

Essentials

Organisations up to 300 staff

S$19,500per year
  • One on-site half-day workshop plus one virtual refresher
  • Two phishing simulations with analytics
  • Four quarterly 30-minute virtual threat briefings
  • Annual board-ready report for auditors and insurers
Scope this with us
See every programme and the cost estimator

Healthcare questions, answered

Can you train staff across multiple clinics without closing them?

Yes. We run repeated short sessions around clinic hours, mix on-site and virtual delivery, and back it with e-learning so every staff member completes training without a clinic ever closing.

Does the training cover the Health Information Act?

Yes. The compliance module covers the HIA duties relevant to your staff in plain language, alongside the PDPA obligations that already apply to patient data today.

Is this suitable for non-clinical staff?

It is designed for them. Reception, billing, call-centre and admin teams handle the most attack surface in healthcare, and the scenarios are built around their daily work.

What evidence do we get for MOH or auditors?

Attendance records, certificates, before-and-after awareness measurement and phishing simulation results, packaged in an engagement report you can table with any regulator, auditor or insurer.

Not sure where you stand? Take the free two-minute check: Do I need cyber awareness training for my team?

Ready to train your healthcare team?

Book a 30-minute scoping call. We will map your headcount, sites and regulatory context to the right format and give you a clear quote.

Chat with us