Unit rationale, description and aim

Health care professionals work in environments that rely on secure information systems to deliver safe and effective care. As digital systems become more integrated into clinical practice, the ability to recognise and manage cybersecurity risks has become an essential professional capability. This unit supports the achievement of course learning outcomes by enabling students to develop an understanding of contemporary cyber threats pertinent to health services and systems, build appropriate skills needed for protecting patient information, and adopt tools and techniques for maintaining system integrity and ensuring organisational resilience. Students will examine common vulnerabilities in electronic health records, medical devices, clinical communication systems and telehealth platforms, and will learn how risk assessment and mitigation strategies can be applied within everyday health care settings. They will explore the ethical, legal and professional responsibilities associated with safeguarding health information in Australia. Thus, the aim of this unit is to equip students with the knowledge and practical competencies required to recognise, reduce and respond to cybersecurity risks in the health care environment.

2026 10

Campus offering

Find out more about study modes.

Unit offerings may be subject to minimum enrolment numbers.

Please select your preferred campus.

  • Term Mode
  • ACU Term 3PU

Prerequisites

Nil

Incompatible

ITEC614 Cyber Security Concepts

Learning outcomes

To successfully complete this unit you will be able to demonstrate you have achieved the learning outcomes (LO) detailed in the below table.

Each outcome is informed by a number of graduate capabilities (GC) to ensure your work in this, and every unit, is part of a larger goal of graduating from ACU with the attributes of insight, empathy, imagination and impact.

Explore the graduate capabilities.

Identify vulnerabilities and potential security th...

Learning Outcome 01

Identify vulnerabilities and potential security threats in health information systems such as electronic medical records, medical devices and telehealth platforms, and analyse their consequences in healthcare scenarios.
Relevant Graduate Capabilities: GC1, GC2, GC4, GC7

Apply appropriate security tools and practices suc...

Learning Outcome 02

Apply appropriate security tools and practices such as access control, encryption and strong authentication to protect patient information, clinical systems and organisational networks from malicious attacks.
Relevant Graduate Capabilities: GC1, GC2, GC8

Critically evaluate the consequences of security t...

Learning Outcome 03

Critically evaluate the consequences of security threats in a health service organisation and propose appropriate countermeasures to reduce risk, considering both clinical and organisational impacts.
Relevant Graduate Capabilities: GC1, GC2, GC7, GC8

Assess the impact of cybersecurity threats on heal...

Learning Outcome 04

Assess the impact of cybersecurity threats on healthcare delivery, cross border health data flows and public health infrastructure, including ethical, legal and societal implications.
Relevant Graduate Capabilities: GC1, GC2, GC6, GC7

Content

Topics will include:

  • Introduction to cybersecurity in healthcare
  • Threats, vulnerabilities and attacks specific to health services
  • Protecting patient information and other sensitive clinical data
  • Risk assessment and risk management frameworks used in healthcare organisations
  • Ensuring the integrity of clinical systems and health information
  • Access control and authentication within a health care environment
  • Legal, ethical and privacy considerations
  • Impacts of cyber attacks on patient safety, service continuity and public confidence in the health system

Assessment strategy and rationale

The assessment strategy in this unit is designed to measure achievement of the learning outcomes while supporting the development of professional capability in cybersecurity for healthcare. Two assessment tasks are used to ensure that students can demonstrate both foundational knowledge and the ability to apply critical thinking in authentic healthcare contexts. The first assessment task focuses on the application of core concepts to establish essential skills, while the second assessment task requires deeper analysis and evaluation of cybersecurity issues that affect clinical practice and organisational systems.

This strategy has been selected because effective learning in this area requires progressive development from basic understanding to more complex decision making, mirroring the way cybersecurity responsibilities occur in healthcare environments. The assessment structure provides important opportunities for students to demonstrate competence and to receive feedback that supports ongoing learning. To pass the unit, students must demonstrate achievement of all learning outcomes and obtain a minimum aggregate mark of 50%.

Overview of assessments

Assessment Task 1: Health Cyber security Risk Ana...

Assessment Task 1: Health Cyber security Risk Analysis Report

Students complete a cyber security risk analysis of a selected health care system/service, identifying key vulnerabilities, assessing their potential impact on patient care and organisational operations, and developing a mitigation plan using an established framework.

Weighting

50%
Learning Outcomes LO1, LO2
Graduate Capabilities GC1, GC2, GC4, GC7, GC8

Assessment Task 2: Health Cyber Incident Investig...

Assessment Task 2: Health Cyber Incident Investigation and Response Plan

Students investigate a real or simulated cyber incident in a health service, analysing its causes, impacts and organisational response, and preparing a response and recovery plan that meets health care standards.

Weighting

50%
Learning Outcomes LO1, LO2, LO3, LO4
Graduate Capabilities GC1, GC2, GC4, GC6, GC7, GC8

Learning and teaching strategy and rationale

The learning and teaching strategy in this unit is based on an active learning approach that supports students in developing a practical understanding of cybersecurity challenges in healthcare settings. Foundational knowledge is introduced through online materials that allow students to engage with key concepts at their own pace. Workshop classes then build on this foundation through case studies, collaborative learning and hands on activities that simulate real situations in health services.

This strategy has been chosen because cybersecurity in healthcare requires both conceptual understanding and the ability to apply knowledge in clinical and organisational contexts. Active learning encourages problem solving, reflection and the integration of theory with practice, which are essential for developing professional capability. By drawing on examples from their own clinical or workplace experiences, students can connect learning to authentic challenges and strengthen their ability to make informed decisions in their future practice.

Representative texts and references

Representative texts and references

Giansanti, D. (2022). Cybersecurity and the Digital Health: An Investigation on the State of the Art and the Position of the Actors. MDPI - Multidisciplinary Digital Publishing Institute.

Schreider, T. (2020). Building an effective cybersecurity program (Second edition.). Rothstein Publishing.

Stallings, W. (2019). Effective cybersecurity : understanding and using standards and best practices. Addison-Wesley.

Antonucci, D. (2017). The cyber risk handbook : creating and measuring effective cybersecurity capabilities (1st edition). Wiley.

Whitman, M. E., & Mattord, H. J. (2018). Principles of information security (Sixth Edition.). Cengage Learning.

Australian Signals Directorate. (n.d.). Australian Signals Directorate. Australian Government. Retrieved January 8, 2026, from https://www.asd.gov.au/

Poonkuntran, S., Dhanaraj, R. K., AanjanKumar, S., & Sathyamoorthy, M. (Eds.). (2025). Cybersecurity in healthcare applications. CRC Press.

Kim, L. (2026). Understanding healthcare cybersecurity, AI, and emerging technologies: Protecting patients and their data (HIMSS Book Series). Taylor & Francis Ltd.

Hammad, M., Ali, G., Maleh, Y., Abd El-Latif, A. A., & El-Affendi, M. A. (Eds.). (2024). Secure health: A guide to cybersecurity for healthcare managers (Advances in Cybersecurity Management). CRC Press / Taylor & Francis Ltd.

Ayala, L. (2016). Cybersecurity for hospitals and healthcare facilities: A guide to detection and prevention. Apress. https://doi.org/10.1007/978-1-4842-2155-6

Locations
Credit points
Year
Back to previous page

Have a question?

We're available 9am–5pm AEDT,
Monday to Friday

If you’ve got a question, our AskACU team has you covered. You can search FAQs, text us, email, live chat, call – whatever works for you.

Live chat with us now

Chat to our team for real-time
answers to your questions.

Launch live chat

Visit our FAQs page

Find answers to some commonly
asked questions.

See our FAQs
 Ask a question
Call 1300 275 228