Research project at a glance

Medical Centre Employee Centered Information Security Awareness

Funding type

Publicly funded research


01.12.2021 to 30.11.2024


Project manager at H-BRS

Project Description

From patient records to diagnostic equipment, hospital care is based on the use of information technology. When computer systems fail, the consequences for patients can be dramatic. In particular, the rise of attacks and cybercrime poses a threat to seamless medical care. Security standards therefore exist to prevent threats from cyberspace. But in practice, improper handling of the IT infrastructure and users' insufficient awareness of information security often pose a problem.

This is where the research project MedISA (Medical Centre Employee Centered Information Security Awareness) of the Bonn-Rhein-Sieg University of Applied Sciences (H-BRS) comes in. In MedISA, strategies are being developed to sensitize employees in medical care facilities to IT security and data protection. The project is funded by the German Federal Ministry of Health (BMG) with approximately 450,000 euros over three years.

Problem definition

According to reports from the German Federal Office for Information Security (BSI), cybercrime is on the rise. Medical care facilities are also repeatedly affected by cyber security incidents. Possible consequences: the exposure of sensitive data and the threat to patient care. A particular challenge for protection against cyber threats is the lack of information security awareness (ISA), lack of expertise about potential damage and low risk perception among users from the medical, nursing, therapy or IT sectors who access the interconnected systems. The industry-specific security standard for healthcare therefore calls for mandatory implementation of regular IT security training for employees to raise awareness and create an ISA. However, there has been little scientific research into how this can be done in a practicable and sustainably effective manner in the context of medical care facilities. Therefore, there is a lack of clear recommendations for action and implementation, as well as guidelines for medical care facilities to follow and implement this requirement.


The MedISA project investigates how measures to increase the ISA of employees in medical care facilities can be designed and bundled for the relevant target groups in order to achieve a high and sustainable degree of effectiveness of the ISA measures through high user acceptance. This question will be addressed in a participatory manner by means of user-centered research and development methods with the respective target groups. In addition to the sensible use of common ISA measures, such as training in presence or online, especially innovative approaches for novel ISA measures are explored. Measures are intended to be minimally invasive and integrated into the daily work of medical staff to continuously sharpen ISA.

Research associates