This course studies the response of law enforcement and information systems scientists to the use of computers and related technologies for criminal purposes. No computer coding knowledge is required. Major policy issues surrounding this area are also discussed.

The regular occurrence of cybersecurity incidents has led health care organizations to treat cybersecurity as a risk that needs to be actively managed, rather than just an issue that technology alone can solve. From medical data tracking to electronic health records and bedside life support systems, technology has streamlined health care delivery. However, the latest apps, mobile operating systems and medical devices also create many privacy and security challenges. This course offers an introduction to cybersecurity and resiliency in health care administration. Drawing on recent incidents in health care, students are introduced to cybersecurity threats, threat actors, cybersecurity risk management best practices, laws and regulations applicable to electronic health records, and basic techniques to build enterprise-wide cybersecurity awareness.

As large-scale data breaches become increasingly ubiquitous in health care organizations, concern for health care information data security has moved from an information technology problem to a board-level problem. Managers in health care enterprises must have strategic policies in place to deal with current and emerging cybersecurity challenges. Throughout the first half of this course, students develop an in-depth understanding of major and continual health care policy reforms as it relates to digital health and cybersecurity. The second half of the course gives students the skills necessary to develop strategic-level policy documents and build end-user cybersecurity awareness in a health care organization.

As health care enterprises progressively adopt electronic health records and other digital health technologies, various privacy and security risks arise. This course provides an in-depth understanding of the various legislation and regulations that govern health care and cybersecurity. Standards and rules governing risk management and the effective use and protection of patient data are discussed. This includes an overview of the National Institute for Standards and Technology frameworks on cybersecurity and risk management, Federal Trade Commission rulings on customer data, and Food and Drug Administration regulations on medical devices, among others. The course also explores how various legislation, such as the Cybersecurity Information Sharing Act of 2015, impacts health care.

With the emergence of advanced technologies and the integration of “Internet of Things” devices into health care settings, health care enterprises are more frequently becoming the targets of advanced cyber threat actors. As the number and scope of attacks increase, health care administrators are pressured to better understand these threats and make technical decisions that have traditionally been outside the scope of their responsibility. This course introduces students to the cyber threats directly targeting and impacting health care enterprises currently and in the future. Students research and evaluate historical case studies of various compromises in health care settings and learn how best to address similar situations, while also proactively mitigating against future events.

Digital health – one of the fastest growing industries in the U.S. economy – is rapidly changing, with current and future disruptive results for the delivery of health care. Innovation in health care requires leaders that are trained to think and act as entrepreneurs while also maintaining a culture of cybersecurity safety and resiliency. This course provides an overview of how technology is developed and applied to health care and medicine, from telemedicine to quantified self and other emergent digital health platforms. This course provides in-depth knowledge of the vocabulary and skills necessary to engage in digital health entrepreneurship, to include lean start up methodologies; stakeholder, market, and competitor analysis; venture capital; mergers and acquisitions; initial public offering (IPO) transactions; and designing and patenting for sales.

Information is one of the most important assets of today’s organizations. Breaches of privacy, hacking of operating systems and cybercrime can damage an organization’s brand integrity, credibility, customer trust and even their overall value. This course provides an understanding of opportunities and vulnerabilities in cyberspace and examines advantages and risks of new technology opportunities, risk assessment related to security breaches and privacy, data protection and loss, intellectual property, industrial espionage, vendor and customer relationships, business continuity and resiliency planning. Focus is placed on preventing and mitigating such risks through employee awareness and training, strategic thinking in cybersecurity policy development and disclosure, network security and intrusion prevention measures, contractual agreements with vendors, data recovery plans, incidence response plans, user responsibility agreements, compliance and legal issues.